I have a UI5 Application hosted on SAP NEO which retrieves Data via an ABAP OData Service.
Users are maintained in SAP Cloud Identity and mapped with their Backenduser and the login is setup via Principal Propagation. This is all setup and works.
I got requested to change the Application to enable External Sales Representatives without SAP Backend Users to use the application.
The idea is to use one "technical user" with Basic Authentication instead of Principal Propagation.
My question is what would be the way to identify the original Cloud Username in ABAP(since there sy-uname would be a technical user).
Debugging in ABAP didn't reveal the original information and I am afraid the original User is not even passed to the Gateway
The SAP Cloud User API (https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/1de599bf722446849d2b2e10132df42a.html) is not an option because the request could be manipulated in the browser
I heard of another option using a Java Servlet. But I am afraid that means we have to setup there the whole OData Service again and with every change in the Gateway we have to adjust the Java Servlet as well, or is there maybe a proxy.
If you are using Mobile Services of SAP Cloud Platform, you can activate a header with the username to be transferred to your ABAP system. It's called X-SMP-ENDUSERNAME.
Ref the documentation at https://help.sap.com/viewer/38dbd9fbb49240f3b4d954e92335e670/Cloud/en-US/defdadb71ee2476691d987689e3703a2.html