To optimize the learning experience and minimize the possibility of errors, the required steps are divided into three parts.
In the first part, an SAP BTP, ABAP environment developer implements the outbound service call, which upon execution should create a business partner in the SAP S/4HANA Cloud, public edition system.
In the second part, the two communication partners are integrated using the authentication method Basic Authentication. In other words, a technical communication user can be used to call from the SAP BTP, ABAP environment and authenticate at the SAP S/4HANA Cloud, public edition system. Since Basic Authentication is used, the logs will show that the business partner creation is executed by the technical communication user.
In the final part, the existing scenario is adapted to use OAuth 2.0 as the authentication mechanism (using the SAML Bearer Assertion flow), instead of Basic Authentication. This only requires administrative changes; no changes to the development objects are needed. With this approach, the identity of the executing business user is propagated from SAP BTP, ABAP environment to SAP S/4HANA Cloud, public edition. The logs will show that the business partner creation is executed by a business user, and not by a technical communication user. For this reason, it is necessary for the relevant business user to be authorized for business partner creation in the target system.
The advantage of this overall sequence is that the integration can first be validated using Basic Authentication. If successful, the more complex OAuth 2.0 integration can be enabled.