Setting Up Connectivity and Content Exposure

Objectives

After completing this lesson, you will be able to:

  • Establish connectivity between SAP BTP and SAP S/4HANA Cloud and expose business content

Connectivity and Content Exposure Setup on SAP S/4HANA Cloud

The following steps should be performed before importing and using the federated content from SAP S/4HANA Cloud on SAP Build Work Zone, standard edition:

  • Set up the connectivity between the SAP S/4HANA Cloud system and SAP Build Work Zone, standard edition. (While the on-premise setup utilizes Cloud Connector and principal propagation, the cloud setup makes use of Communication Systems).
  • Set up the prerequisites for content exposure.
  • Choose and expose the required roles.

Let’s start with setting up the connectivity.

Prerequisites

  • SAP S/4HANA Cloud admin user with admin access
  • SAP BTP platform admin user with admin access to the SAP BTP subaccount
Note
These could either be your personal or general users with admin roles assigned on the respective systems.

Create a Communication System to Establish Connectivity with SAP Build Work Zone, standard edition

Prerequisites

An X.509 client certificate (private and public key) should be uploaded to your SAP BTP subaccount at ConnectivityDestinationsCertificates.

Note
Client Certificate Authentication is the recommended approach for a production landscape. You can find more information on the concept here. For an initial basic setup, it is also possible to choose the Basic Authentication with User Name and Password, get everything working and then introduce the use of certificates. Both configurations will be mentioned at the relevant steps in the following section.

Watch the following video to learn how to create a communication system to establish connectivity with SAP Build Work Zone, standard edition:

The following parameters are mentioned in the video and are included here for your reference:

  • Recommended Communication System Name: LPD_EXPOSURE_COM_0647_SYS
  • Host Name: <subdomain>.launchpad.cfapps.<region>.hana.ondemand.com
  • Recommended User Name: LPD_EXPOSURE_COM_0647_USER

Result

The saved communication system has the Editing Status field showing the status Active.

Export Trust Certificate of the Subaccount

In preparation for the next step, you need to export the trust certificate from SAP BTP subaccount destinations and upload it to SAP S/4HANA Cloud. This certificate is required for the second communication system that will be set up in the next step to allow the end users to consume back-end data via SAML bearer assertion.

Steps

  1. Use the SAP BTP platform admin user to log on to your subaccount.

  2. Go to ConnectivityDestinations.

  3. Choose Download Trust to export the file.

  4. Save the trust file. You will have to upload it to the communication system, created in the next step. 

Result

Create a Communication System for Consuming the Content

End users who access SAP Fiori apps either via SAP Build Work Zone, standard edition or SAP Mobile Start will need to be authenticated against SAP S/4HANA Cloud in real time to ensure that they only access the data that they have permissions for. This can be achieved by using a communication system that establishes trust between SAP BTP subaccount and SAP S/4HANA Cloud. The certificate obtained from the subaccount in the previous step will be uploaded into the communication system to achieve this.

Prerequisite

Trust certificate that was exported from the SAP BTP subaccount in the previous step

Watch the following video to learn how to create a communication system for consuming the content:

The following parameters are mentioned in the video and is included here for your reference:

  • Recommended Communication System Name: LPD_CONSUME_SYS
  • SAML Bearer Issuer (Template): cfapps.<region>.hana.ondemand.com/<subaccountID> (this can be copied from the System Certificate Subject "CN" on the right side)

Related Information

Expose SAP S/4HANA Cloud Business Content

Business content should be exposed from SAP S/4HANA so that SAP Fiori business roles can be used within SAP Build Work Zone, standard edition. For this, a communication arrangement and settings for clickjacking protection must be configured in the SAP S/4HANA Cloud system. As a last step, specific business roles can be selected for exposure. 

Prerequisites

The two communication systems covered in previous steps are already set up.

You can now configure the exposure of SAP S/4HANA Cloud business content (SAP Fiori roles, catalogs, and so on) and import them to SAP Build Work Zone, standard edition.

In this practice exercise, you will perform the following tasks:

  1. Create a communication arrangement for exposing content.

    The communication arrangement SAP_COM_0647 will allow you to expose the content to connected systems. It will make use of the communication system created earlier to establish a connection to your SAP BTP subaccount.

  2. Protect against clickjacking.

    To secure your content from clickjacking threats, you should add the hostname of your SAP Build Work Zone, standard edition to the list of Trusted Hosts in your SAP S/4HANA Cloud system.

  3. Select and expose content.

    Expose your chosen SAP Fiori launchpad content in the form of business roles along with related content such as apps, groups, catalogs, pages, and spaces. This can later be consumed in a site defined in SAP Build Work Zone, standard edition.

Summary

You successfully exposed business roles from the SAP S/4HANA Cloud system! To pick them up and use them from SAP Build Work Zone, standard edition, more configuration on the SAP BTP side is required. For that, follow the next lessons.

Log in to track your progress & complete quizzes