Explaining the Setup for SAP S/4HANA

Objective

After completing this lesson, you will be able to Receive notifications from SAP S/4HANA on SAP Build Work Zone, standard edition and SAP Mobile Start.

Add Parameter to SAP BTP Destination

For SAP S/4HANA (on-premise), an additional parameter should be added to the runtime destination. Watch the following video to learn how to add a parameter to the SAP BTP destination:

The following parameter is mentioned in the video and is included here for your reference:

Additional Parameter for Runtime Destination:

NOTIF_SERVICEPATH  =  /sap/opu/odata4/iwngw/notification/default/iwngw/notification_srv/0001

Create RFC Destination

An RFC destination that manages the HTTP connection to SAP BTP notification service should be created so that the notifications can flow from SAP S/4HANA to SAP BTP. The RFC destination will use the notification host obtained from the Site Settings in the previous lesson. 

To create the RFC destination, complete the following steps: 

Steps

  1. Log in to SAP S/4HANA with an admin user.

  2. Open transaction SM59 and create a new RFC destination.

  3. Provide a name for the Destination (for example, the name of subaccount) and select the Connection Type G (HTTP connection to external server).

  4. Provide a Description. In the Technical Settings, provide the Host from the notification credentials obtained from the Site Manager and add "/v2" as Path Prefix.

  5. Go to Logon & Security, scroll down to the Status of Secure Protocol section, and set SSL to Active.

  6. Go to the Special Options and select the HTTP 1.1 version in the HTTP Setting section.

  7. Save the RFC destination.

    Follow this exercise, which shows how the RFC destination is created in more detail:

OAuth 2.0 Client Profile Setup

To use the OAuth 2.0 client profile for authentication against the notification service, the following steps must be carried out:

  • Export trusted root certificate of the subaccount token endpoint
  • Import trusted root certificate to SAP S/4HANA
  • Create OAuth 2.0 client profile in SAP S/4HANA
  • Configure OAuth 2.0 client profile in SAP S/4HANA

Export Trusted Root Certificate of the Subaccount Token Endpoint

Watch the following video to learn how to export the trusted root certificate of the subaccount token endpoint:

Import Trusted Root Certificate to SAP S/4HANA

Steps

  1. Log in to SAP S/4HANA as an administrator and open the transaction STRUST. Find the SSL client SSL Client (Anonymous) node and select it:

    Note

    If the SSL client SSL Client (Anonymous) node is not yet active, (marked with a cross icon), go into change mode, right-click on it, and select Create.
  2. Within the detail screen, scroll down to the Certificate section. Choose the Import Certificate button, upload the root certificate exported in the previous task, and choose Add to Certificate List. (You have to be in change mode).

  3. Save. The certificate should now be available in the Certificate List.

    Note

    In case a proxy server is used, and the OAuth 2.0 token endpoint of the subaccount can only be reached from the ABAP system via this proxy server, you must configure the proxy in the ABAP system as follows:
    1. Go to transaction SICF and choose Execute (F8).
    2. In the Client menu, choose Proxy settings.
    3. On the Global Settings tab, mark Proxy Setting is Active.
    4. On the HTTPS Protocol tab, enter the proxy server information.

Create the OAuth 2.0 Client Profile in SAP S/4HANA

Next, the OAuth 2.0 client profile must be created. Complete the following steps:

Steps

  1. Log in to SAP S/4HANA as an administrator and open the transaction SE80.

  2. Select Local Objects from the dropdown, enter the user name under which you want to create the OAuth 2.0 client profile, and choose the Display button.

  3. Right-click the root node and select CreateMore/OtherOAuth 2.0 Client Profile.

  4. Enter a name for the Client Profile, select the Type as DEFAULT, and choose Continue.

  5. Select Local Object to create it or select a package if you want to include it in a transport request.

  6. It is added to the Object List. Make sure that the Scopes tab is empty and in the Administration tab, check the "No authorization check".

    Note

    The authorization check could also be left active. In this case, the users that create notifications (for example, workflow runtime users) will need the relevant authorizations (S_OA2C_USE:PROFILE=*;ACTVT=*; )
  7. Save your OAuth 2.0 client profile.

    The following exercise guides you through the process of creating an OAuth 2.0 client profile in more detail:

Configure the OAuth 2.0 Client Profile in SAP S/4HANA

The OAuth 2.0 client profile must be configured with the correct OAuth settings from the Site Manager notification credentials. 

Steps

  1. Log in to SAP S/4HANA and open the transaction OA2C_CONFIG.

    A browser window for the OAuth 2.0 configuration opens.

  2. Choose the Create button and enter the following values:

    • OAuth 2.0 Client Profile: Select the client profile created in the previous task
    • Configuration Name: Should prefill with the same name
    • OAuth 2.0 Client ID: Enter the value from the notification credentials from the Site Manager

    Confirm with OK.

  3. Scroll down to the Details section. In the General Settings, provide the values obtained from the Site Manager for the following fields:

    • Client Secret
    • Authorization Endpoint
    • Token Endpoint
  4. Scroll down to the Access Settings and select the following values:

    • Client Authentication: Basic (default)
    • Resource Access Authentication: Header Field (default)
    • Selected Grant Type: Client Credentials
  5. Scroll back up and Save the OAuth 2.0 configuration.

    The following exercise guides you through the process of configuring the OAuth 2.0 client profile in more detail:

IMG Settings Configuration

The following configurations in the IMG (SPRO transaction) are required to finish the setup:

  • Register and activate Cloud Notification Channel
  • Configure bgRFC queue
  • Enable and configure sensitive data cache

Register and Activate Cloud Notification Channel

Watch the following video to learn how to register and activate Cloud Notification Channel:

The following parameter is mentioned in the video and is included here for your reference:

Push Channel: SAP_CLOUD = 50

Configure bgRFC Queue

This step is optional for nonproductive environments (for example, development, testing), but is recommended in a productive setup. The use of bgRFC queue ensures that the notifications are queued and processed in a sequential manner. If bgRFC queue is not used, notifications will be sent synchronously and will not be resent if there is an error.

Steps

  1. Within the IMG, navigate to / expand the following fields: SAP NetWeaver/ABAP PlatformNotification ChannelNotification Channel HubConfigurationConnection Settings.

  2. Execute Register bgRFC Destination for Cloud Service.

  3. Switch to the Define Inbound Dest. tab and create a new Destination named IWNGW_NOTIF_CLOUD_BGRFC with a queue prefix (can be created via the New Prefix field after creating the destination). As an example, you can name it NGW_.

  4. Save the destination. It should now show up in the list of destinations. Then, return to the IMG.

Enable and Configure Sensitive Data Cache on the Hub

This is usually an optional step for the configuration of notifications within SAP S/4HANA. However, it is a mandatory step for sending the notifications to SAP BTP.

Steps

  1. Within the IMG, navigate to / expand the fields: SAP NetWeaver/ABAP PlatformNotification ChannelNotification Channel HubAdministrationGeneral Settings.

    The first three entries here will be executed as described in the following steps. 

  2. Execute Register Notification Store in SFF.

    Choose New Entries, select the Notification Channel Secure Store Encryption from the list, and Save.

    Keep all the default values and Save. It is added to the list of Application-Specific SFF Parameters.

    Return to the IMG section from step 1.

  3. Execute Maintain Notification Store in SFF Settings.

    You are navigated to STRUST. Find the SFF Notification Channel Secure Store Encryption node.

    If it is not active yet (marked with a cross), you must create it. Right-click it and choose Create.

    Return to the IMG section from step 1.

  4. Execute Enable Sensitive Data Cache on the Hub.

    Select the checkbox for Enable Sensitive Data Cache and choose Execute.

    Choose Yes in the popup to confirm the settings. After that, a success screen displays.

Testing and Troubleshooting

Test

To verify that the setup was successful, you can use two different transactions to create demo notifications.

Watch the following video to learn how to check if the setup was successful:

The following parameters are mentioned in the video and are included here for your reference:

  • Transaction for demo notifications: /N/IWNGW/BEP_DEMO
  • Transaction for sample verification workflow: SWU3

The notification looks as follows: 

Troubleshoot

Important: Once the demo (or real) notifications are sent, you should check the different solution layers. Check whether the notifications show up in the following order:

  1. On the SAP Fiori launchpad on SAP S/4HANA
  2. On the site created using SAP Build Work Zone, standard edition
  3. Within SAP Mobile Start app screens, for example, within the Notification Center or Start screen
  4. As a native notification on your device home screen

Some other useful troubleshooting tips are as follows:

  • You can use the transactions /N/IWFND/ERROR_LOG or SLG1 for the object /IWNGW/ to access the logs and track errors.
  • You might encounter a bug whereby the very first notification of a given notification type (for example, leave request) does not arrive on SAP BTP. Instead, it triggers an HTTP 422 error in the error log (transaction /N/IWFND/ERROR_LOG) and only creates the notification type, which contains metadata for the notifications, in the notification service. Refer to SAP Note 3085259 to fix this.
  • SAP Note 3085259 also improves message logging, giving you more information to debug issues.
  • If notifications are working on the site created on SAP Build Work Zone, standard edition and within SAP Mobile Start app, but native notifications on the device home screen are not working, check if the specific prerequisites for native notifications are met.

Log in to track your progress & complete quizzes