When handling Single-Sign-On between apps in SAP Cloud Platfrom, there are few names used in the document:
1.SAPAssertionSSO
SAPAssertionSSO uses SAP Assertion ticket, which is passed as http header between different apps, the ticket is issued by SAP Assertion service.
2. PrincipalPropagation
Although PrincipalPropagation is a general term used for app to app single sign on, but in SAP Cloud Platform, it has a specific meaning. It refers to forward the identity of user to SAP Cloud Connector, and from there, pass the identity to the backend server, usually this is done by generate a short living client certificate by SAP Connector and then pass the client cert to backend server.
Usually, this configuration is used for Cloud platform to on-premise server communication,
3. AppToAppSSO
Both apps are configured to trust the the SAML IDP provider, so the same SAML assertion can be passed and used between the two apps.
Usually, this configuration is used for two apps both living in internet or on-premise.
https://help.hana.ondemand.com/hana_cloud_platform_mobile_services/frameset.htm?db73d2da88684c8da382f23c0ecbd28f.html
1.SAPAssertionSSO
SAPAssertionSSO uses SAP Assertion ticket, which is passed as http header between different apps, the ticket is issued by SAP Assertion service.
2. PrincipalPropagation
Although PrincipalPropagation is a general term used for app to app single sign on, but in SAP Cloud Platform, it has a specific meaning. It refers to forward the identity of user to SAP Cloud Connector, and from there, pass the identity to the backend server, usually this is done by generate a short living client certificate by SAP Connector and then pass the client cert to backend server.
Usually, this configuration is used for Cloud platform to on-premise server communication,
3. AppToAppSSO
Both apps are configured to trust the the SAML IDP provider, so the same SAML assertion can be passed and used between the two apps.
Usually, this configuration is used for two apps both living in internet or on-premise.
https://help.hana.ondemand.com/hana_cloud_platform_mobile_services/frameset.htm?db73d2da88684c8da382f23c0ecbd28f.html
