Scribd
Upload
25 views2 pages

Authentication of Requests

This document explains the authentication process for requests to Joule, which utilizes OAuth Authorization Code grant flow via a central AppRouter in the SAP BTP environment. It also details the configuration of Single Logout (SLO) for Joule, allowing users to be logged out from all applications where a Joule session is active when they log out from the parent application. Instructions for configuring SLO in the SAP Cloud Identity Services administration console are provided, including specific URI settings.

Uploaded by

venulaca
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
25 views2 pages

Authentication of Requests

This document explains the authentication process for requests to Joule, which utilizes OAuth Authorization Code grant flow via a central AppRouter in the SAP BTP environment. It also details the configuration of Single Logout (SLO) for Joule, allowing users to be logged out from all applications where a Joule session is active when they log out from the parent application. Instructions for configuring SLO in the SAP Cloud Identity Services administration console are provided, including specific URI settings.

Uploaded by

venulaca
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Authentication of Requests

This topic explains how requests to Joule are authenticated.

Business User
Since Joule is built on SAP BTP, Cloud Foundry environment, all requests to the user
interface are handled by a central AppRouter which requires an OAuth Authorization
Code grant flow.

The XSUAA acts as the issuer of the authorization code and requires the user to
authenticate, as configured in the Trust Configuration for the corresponding SAP
BTP subaccount.

Configure Single Logout for Joule


You can configure single logout (SLO) for Joule. This means, if the user logs out from
the parent application, (for example, SAP SuccessFactors), SLO automatically logs out
the user from Joule in all the applications where a Joule session is created. For more
information, see Single Logout.

Single logout in Joule is triggered in the following ways:

1. When a user triggers a logout from Joule Admin Center, an SLO request is
initiated to terminate the user session on other applications and corporate identity
providers.

2. When a user logs out from the parent application (such as, SAP SuccessFactors
or SAP S/4 HANA Public Cloud), the SLO request from Identity Authentication to
terminate the user session in Joule is triggered.

Configure Joule to handle Single Logout requests from Identity Authentication:

1. Sign into the administration console for SAP Cloud Identity Services.

2. Under Applications and Resources, choose the Applications tile.

3. Choose the IAS application for Joule subscription.

4. Choose the Trust tab.


5. Under SINGLE SIGN-ON, choose OpenID Connect Configuration.

6. Add the following URI under Front-Channel Logout


URI : <Joule_subscription_url>/logout?skip-redirect=true.

For example, https://joule-test.eu10.sapdas.cloud.sap/logout?skip-


redirect=true.

7. Confirm the Redirect URIs and Post Logout Redirect URIs has the following
value https://.<landscape_identifier>.sapdas.cloud.sap/**.

Related Information
OAuth Password Authentication

OAuth Authorization Code Authentication

You might also like