AWS mcp-sap documentation change
Summary
Added new authentication flow (On-Behalf-Of Token Exchange), updated authentication table, added reference link to authentication patterns documentation, and modified credentials persistence statement.
Security assessment
The changes introduce a new authentication method (token exchange) which is a security feature, but there's no evidence of a specific security vulnerability being fixed. The modifications enhance authentication documentation without addressing known vulnerabilities.
Diff
diff --git a/mcp-sap/latest/awsforsapmcp/identity-and-authentication.md b/mcp-sap/latest/awsforsapmcp/identity-and-authentication.md index ae2422f12..ea065a2c2 100644 --- a//mcp-sap/latest/awsforsapmcp/identity-and-authentication.md +++ b//mcp-sap/latest/awsforsapmcp/identity-and-authentication.md @@ -11 +11 @@ Inbound AuthenticationOutbound Authentication -The AWS for SAP MCP Server uses two layers of authentication: inbound authentication controls access to the Model Context Protocol (MCP) Server, and outbound authentication controls access to SAP. +The AWS for SAP MCP Server uses two layers of authentication: inbound authentication controls access to the Model Context Protocol (MCP) Server, and outbound authentication controls access to SAP. For more information about the authentication patterns supported by Bedrock AgentCore Identity, see [Supported authentication patterns](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity-auth-patterns.html). @@ -32 +32 @@ When an external identity provider such as [Microsoft Entra ID](https://docs.aws -You can choose from three authentication flows to connect to SAP systems. You select the authentication flow through the CloudFormation template. +You can choose from the following authentication flows to connect to SAP systems. You select the authentication flow through the CloudFormation template. @@ -42,0 +43 @@ External IdP with OIDC | User Federation | OIDC | Entra ID | SAP OIDC trust +External IdP with token exchange | On-Behalf-Of Token Exchange | OIDC | Entra ID | SAP OIDC trust @@ -63 +64 @@ Not recommended for production deployments. - * Credentials are retrieved from AWS Secrets Manager per request - they are never persisted in AgentCore Runtime. + * Credentials are retrieved from AWS Secrets Manager per request. @@ -118,0 +120,34 @@ This flow uses two callback URLs: * The AgentCore callback URL (auto-generated, +### On-Behalf-Of Token Exchange + +The On-Behalf-Of (OBO) Token Exchange authentication flow uses Bedrock AgentCore Identity to exchange a user’s inbound token for an outbound access token that preserves the user’s identity. This flow propagates the authenticated user’s identity from the MCP client all the way through to SAP, ensuring that data access is scoped to an individual user. The outbound token exchange happens entirely server-side. + +**How it works:** + + 1. The MCP client sends a request with a JWT that identifies the authenticated user. + + 2. The AgentCore runtime validates the inbound JWT against the configured discovery URL and allowed audiences. + + 3. Bedrock AgentCore Identity performs the OBO token exchange with the configured identity provider using the outbound app’s client credentials. + + 4. The identity provider issues a new access token that carries the original user’s identity. + + 5. The MCP server forwards this token to SAP. + + 6. SAP validates the token and maps the user identity to a SAP user based on your SAP configuration. + + + + +**Key characteristics:** + + * User identity is preserved end-to-end. + + * No additional user interaction required after initial login. + + * The token exchange is fully server-side. + + * Requires an identity provider that supports the On-Behalf-Of token exchange grant type. + + + +