Hello All,
From past few days, I was exploring LDAP authentication (Microsoft Active Directory as an On-Premise User Store) for our mobile applications with HCPms alias Mobile Application and Development. HCP provides us an option known as System for Cross-domain Identity Management(SCIM) to achieve this process.
HCP documentation was leading to multiple options and it was quite confusing, my thanks to martingrasshoff jumped in to get this working.
Some of the quick points & Pr-requisites:
Steps followed:
1. Configure Cloud Connector with Cloud User Settings
Note: Before we proceed to this step, ensure you have the Cloud Connector virtual host and ports are working as this document does not explain the Cloud Connector setup process.
a. Login to Cloud Connector Admin Portal, Click on Settings on the top Right and select Cloud User Store
b. Save the Settings and Close the window
2. Create SCIM Destination in HCP
Login to HANA Cloud Platform, Navigate to Connectivity -> Destinations and Create a new Destination and add the following details:
Note: These are the standard details for Microsoft Active Directory and there is no need to ping the service.
You can refer to this for details if you need more information, SAP HANA Cloud Platform
3. Configure Account Security in HCPms
Login to HCP, Navigate to Services -> Mobile -> Development and Operations -> Go to Service -> Once the HCPms page is launched, Click on Settings from Toggle Menu -> Click on Account Settings
In this window, you will see Basic Authentication and this allows you to configure SCIM Destination.
There are multiple options like
In this blog, we are testing the second approach HCP SCIM.
Configure the following settings as shown below:
Note: The URL is standard for MS Active Directory, and leave the Username and Password window blank.
Save the settings.
4. Create Application ID in HCPms
Follow the standard Application ID creation process, but ensure you use the Virtual Host and Port number of the Cloud Connector and ping the service. You may refer to below screens for reference.
Click on Back end Tab and enter the details as below:
Select SSO Mechanism as Basic Authentication and leave the Username and password blank.
Ping the Application ID and ensure its working.
5. Testing Registration and Read operation
Important Note: Before you test, please ensure your Active Directory and Gateway Username and Password are identical, only then you may continue to test as below.
Open Postman client and enter the following details and you have the Authorization:
Click on Send and you should be registered successfully with 201 Created message as shown above. Now, copy the X-SMP-APPCID and do a get operation as shown below.
This completes the configuration. Hope this helps.
Regards,
Nagesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
5 | |
5 | |
5 | |
5 | |
4 | |
4 | |
4 | |
4 | |
3 | |
3 |