com.sap.core.connectivity.api.authentication

Interface AuthenticationHeaderProvider

public interface AuthenticationHeaderProvider

The AuthenticationHeaderProvider provided methods for generation of authentication headers for access to on-premise systems and applications deployed on the same HCP landscape.
Web applications can access AuthenticationHeaderProvider via JNDI lookup or resource injection.

Method Summary

Methods

Modifier and Type	Method and Description
AuthenticationHeader	getAppToAppSSOHeader(String requestURL) Generates authentication header for SSO with other applications on the same landscape.
List<AuthenticationHeader>	getOAuth2SAMLBearerAssertionHeaders(DestinationConfiguration destinationConfiguration) Generates authentication headers for OAuth2SAMLBearerAssertion destination. OAuth access token will be generated for destinations with authentication type OAuth2SAMLBearerAssertion in order OAuth-protected resources to be consumed.
AuthenticationHeader	getPrincipalPropagationHeader() Generates header for principal propagation to on-premise systems.
AuthenticationHeader	getSAPAssertionHeader(DestinationConfiguration destinationConfiguration) Generates authentication header for SAPAssertionSSO destination. SAP assertion ticket will be generated for destinations with authentication type SAPAssertionSSO in order to propagate the currently logged on user to a SAP back-end system.

Method Detail

getAppToAppSSOHeader

AuthenticationHeader getAppToAppSSOHeader(String requestURL)

Generates authentication header for SSO with other applications on the same landscape. Generated header can be used only once and only for the specified request URL.
SSO Header is valid only between applications which are working on behalf of one and the same account for which SSO is allowed.
There are three prerequisites for using application-to-application SSO:

• Both applications must reside in the same account
• Principal Propagation must be enabled for the account
• The receiving application must use SAML2 authentication

Parameters:

requestURL - the URL for which the generated headers will be used.

Returns:

Authentication header which can be used for SSO with other applications on the same landscape.

getPrincipalPropagationHeader

AuthenticationHeader getPrincipalPropagationHeader()

Generates header for principal propagation to on-premise systems.

Returns:

Authentication header which can be used for principal propagation to on-premise systems.

getSAPAssertionHeader

AuthenticationHeader getSAPAssertionHeader(DestinationConfiguration destinationConfiguration)

Generates authentication header for SAPAssertionSSO destination.
SAP assertion ticket will be generated for destinations with authentication type SAPAssertionSSO in order to propagate the currently logged on user to a SAP back-end system. Note that generation of such assertion ticket is CPU intensive operation and should be generated only once per user session.

Parameters:

destinationConfiguration - the SAPAssertionSSO destination for which an authentication header will be generated.

Returns:

the generated authentication header.

Throws:

IllegalArgumentException - when configuration properties are not well configured or authentication type is not SAPAssertionSSO.

getOAuth2SAMLBearerAssertionHeaders

List<AuthenticationHeader> getOAuth2SAMLBearerAssertionHeaders(DestinationConfiguration destinationConfiguration)

Generates authentication headers for OAuth2SAMLBearerAssertion destination.
OAuth access token will be generated for destinations with authentication type OAuth2SAMLBearerAssertion in order OAuth-protected resources to be consumed. The generation of access tokens is time consuming operation. To avoid this issue there is a build-in user<->token cache which takes care to auto-renovate tokens before they expire, i.e when a token is about to expire, a new token is created shortly before the expiration of the old one.

Parameters:

destinationConfiguration - the OAuth2SAMLBearerAssertion destination for which authentication headers will be generated.

Returns:

the generated authentication headers.

Throws:

IllegalArgumentException - when configuration properties are not well configured or authentication type is not OAuth2SAMLBearerAssertion.