SCPI Sender – Certificate-to-User Mapping with SAP Passport

In this use case, I prepared easy step-by-step guide, how to use SAP passport to trigger iFlow in your SCPI tenant. To test, you will call this iFlow from POSTMAN.

Prerequisites:

• Admin user for your SCPI tenant – to assign authorizations
• Access to SAP Support Launchpad
• POSTMAN
• Windows/Chrome

1. Get SAP Passport (.pfx and .cer)

1. Open: https://launchpad.support.sap.com/  and login with your S-User.
2. Find Tile: SAP Passport – Enable Single Sign-On
3. Insert logon password and click on “Apply for SAP Passport”.
4. In the pop-up fill any password to protect your certificate.
5. Download the SAP Passport (.pfx).
6. Double click on .pfx file and import to your computer using windows wizard.
7. When imported, one way to export certificate is to open Chrome browser, Go to settings -Privacy and Security – Security – Manage certificates.
8. Choose the one you want to export and click export. Export Base-64 encoded X.509 (.CER) file to your computer. This file will be used when triggering iFlow.

2. Open BTP account and assign Authorization to your S-user

In BTP – assign role ESBMessaging.send to your S-user (Neo Environment)

3. In SCPI create Certificate-to-User Mapping and Deploy iFlow

In SCPI – Go to monitor tab and select tile Certificate-to-User Mappings. Click add and fill user Id and select .cer file with your certificate.

Configure Sender in your iFlow and deploy:

4. Trigger this endpoint from POSTMAN:

Open settings – Certificates – Add Certificate:

Send GET request to your SCPI iFlow: