I'm a little over my head and am trying to understand the best way to secure web service communications between our SAP CRM system and a third-party hosted sales methodology solution. I'd like to explain what I would like to do and then I would welcome any guidance/suggestions from the group. Below is a very simple call flow.
- The user (JOE1) will authenticate to the SAP CRM system.
- JOE1 will click on a dynamically generated link to that resolves to the third-party hosted solution. The URL would include a couple of parameters opportunity Id, user id and something that equates to a MYSAPSSO2 security token.
- The third-party hosted solution would make a call back to our exposed SAP CRM web services and pass, among other things, the security token we passed them. This would allow them to authenticate to the web service as JOE1.
The goal is to have each call back to the web services hosted by our SAP CRM system to be executed as the currently authenticated user - in this case JOE1. Any advice would be appreciated. Thanks in advance
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.