Introduction:

Security Material is the place where all we can manage the security related artifacts on the Tenant, there are various type of security material such as User Credentials, OAuth2 Client Credentials, OAuth2 SAML Bearer Assertion and secure parameter. Once we deploy the credentials under the mentioned type, we can only see the Username and password is hidden.

Use Case:

Sometimes there is a case we miss to maintain those credentials in the inventory sheet (sharepoint, cyber ark etc) after deploying them in the Security Material on the tenant . This raise to a problem as we cannot go back to the application team asking for the credentials again.

Solution:

To solve this problem, I have developed a small Integration which will retrieve the credentials details for all types of security material except for OAuth2 SAML Bearer Assertionn from the tenant and will send those details to your personal email.

This iflow has to be deployed on the same tenant where the security artifacts are present.

IFlow snippet below (Figure 1):

                                                                      Figure 1

• Timer (1st Component) : This component is used to schedule the iflow as per the set time.

• Content Modifier (2nd Component/Figure 2): This component is used to declare all the parameters which we will be using in the next steps, Please note that all the parameters are set as configurable so that we can change it anytime.

                                                                             Figure 2

• Groovy Script (3rd Component): This script is the heart of the iflow which will pull the credentials details from the tenant. The script will make use of securestore APIs to pull the credentials which we configure in the property “Security_Material”

import com.sap.gateway.ip.core.customdev.util.Message;
import java.util.HashMap;
import com.sap.it.api.ITApiFactory;
import com.sap.it.api.securestore.SecureStoreService;
import com.sap.it.api.securestore.UserCredential;

def Message processData(Message message)
{

map = message.getProperties();
lv_credential_Name = map.get(“Security_Material”);

def service = ITApiFactory.getApi(SecureStoreService.class, null);
def credential = service.getUserCredential(lv_credential_Name);

if (credential == null)
{
throw new IllegalStateException(“No credential found”);
}

String lv_username = credential.getUsername();
String lv_password = new String(credential.getPassword());

message.setProperty(“UNAME”, lv_username);
message.setProperty(“PWD”, lv_password);

return message;
}

• Mail Adapter (Figure 3): Now, the Usernames and Passwords are retrieved in the properties called “UNAME” and “PWD”, lets pass these properties in the mail body to achieve our goal. Once this iflow is deployed, we will get the credentials of the configured security material to the mailbox.

                                                                            Figure 3

Mail Body:

Hello User,

The Credentials of Security Artifact “${property.Security_Material}” is shown below:

Username: ${property.UNAME}
Password: ${property.PWD}

Thanks and Regards,
${property.system} System

**This is auto-generated email**

Conclusion:

This a simple iflow, yet very useful to retrieve the lost credentials details from the below mentioned type on the tenat

For Type1 (User Credentials) : This iflow retrieves Username and Password

For Type2 (OAuth2 Client Credentials) : This iflow retrieves ClientID and Client Secret

For Type1 (Secure Parameter) : This iflow retrieves Password

Hope this is useful.

Thanks for reading! Please share your feedbacks in the comment section if any.

Cheers!