Skip to main content

On-Premise Connectivity

Connecting to On-Premise systems is a crucial part of many enterprise applications. To make this as easy as possible, the SAP Cloud SDK offers seamless integration with the SAP BTP Connectivity Service both on Cloud Foundry and Kubernetes-based environments (e.g. Kyma).

Cloud Foundry To On-Premise

To enable On-Premise connectivity for applications that are deployed on Cloud Foundry, the SAP Cloud SDK requires exactly one service binding to the SAP BTP Connectivity Service. The information provided within this service binding is then used to derive the ProxyAuthorization header for Destination objects that use ON_PREMISE as their ProxyType.

Principal Propagation

Often times, On-Premise systems do have their own user management, which, in most cases, does not match the user management of Cloud Identity Providers. This is why tenants and users on the application side need to be exchanged for entities that are registered within the On-Premise system. This process is called principal propagation.

The SAP Cloud SDK, therefore, supports the PrincipalPropagation authentication type for On-Premise destinations. The concrete authentication flow is hereby separated into two parts, which can be configued by setting a property called cloudsdk.principalPropagationMode on the Destination object.

1. Token Forwarding (Default)

If the cloudsdk.principalPropagationMode property is set to TOKEN_FORWARDING, or if the property is not set at all, the TOKEN_FORWARDING strategy will be applied.

2. Token Exchange (Discouraged)

Discouraged

Using the TOKEN_EXCHANGE strategy is discouraged as it results in unnecessary roundtrips and is therefore less performant than the TOKEN_FORWARDING strategy.

If the cloudsdk.principalPropagationMode property is set to TOKEN_EXCHANGE, the TOKEN_EXCHANGE strategy will be applied.

Kubernetes To On-Premise

The SAP Cloud SDK provides support On-Premise connectivity on Kubernetes-based environments as documented here.

Non-Production Deployment To On-Premise

In non-production environments, such as a developer's local machine or a CI/CD pipeline, the SAP Cloud SDK can still be used to connect to On-Premise systems as documented here.