Skip to Content

Connect SAP Business Application Studio and SAP S/4HANA Cloud Tenant

test
0 %
Connect SAP Business Application Studio and SAP S/4HANA Cloud Tenant
Details

Connect SAP Business Application Studio and SAP S/4HANA Cloud Tenant

Requires Customer/Partner License
July 13, 2021
Created by
July 13, 2021
Connect SAP Business Application Studio and an SAP S/4HANA Cloud tenant using SAML assertion authentication to develop custom UIs.

You will learn

  • How to create an HTTP destination on SAP Business Technology Platform with SAML assertion authentication to an SAP S/4HANA Cloud tenant
  • How to create a communication system for an SAP Business Application Studio subaccount in an S/4HANA ABAP tenant
QR code

Prerequisites

  • You have an SAP S/4HANA Cloud tenant and a business user with Communication Management authorizations (this requires a business role with unrestricted write access containing business catalog SAP_CORE_BC_COM ).
  • You have an SAP Business Technology Platform trial account with an SAP Business Application Studio subscription

To follow this tutorial, you can either use a subaccount in your trial account on SAP BTP or you can use a subaccount in a customer account. However, for the customer account subaccount, you have to do the following:

Alternatively, see Integrating SAP Business Application Studio documentation for this tutorial’s content with a customer account.

The communication system for an SAP Business Application Studio subaccount in an S/4HANA ABAP tenant is needed to develop a custom UI with SAP Business Application Studio for a custom business object running in an S/4HANA ABAP tenant and for deploying that UI.

Tutorial last updated with SAP S/4HANA Cloud Release 2105


Step 1: Create destination to SAP S/4HANA Cloud tenant

SAP Business Application Studio requires connection information to request custom business object data from your SAP S/4HANA Cloud tenant and to deploy a UI into this tenant. That information is stored in the SAP Business Application Studio subaccount as a so-called destination. To create that destination, do the following:

  1. In your web browser, open the SAP BTP Trial cockpit https://account.hanatrial.ondemand.com and Enter Your Trial Account, which is a so-called global account.

    Enter Global Trial Account
  2. On your global account page, select default subaccount trial.

    Enter trial Subaccount
  3. In the navigation pane expand the Connectivity section.

  4. Select Destinations.

  5. Select New Destination.

Get to New Destination
Log on to answer question
Step 2: Configure destination

Configure the new destination with the following standard field values.

Field Name Value
Name <YOUR_SYSTEMS_ID>_SAML_ASSERTION
Type HTTP
Description SAML Assertion Destination to SAP S/4HANA Cloud tenant <YOUR_SYSTEMS_ID>
URL In the SAP S/4HANA Cloud tenant, navigate to the Communication Systems app and copy the Host Name from Own System = Yes
Own System Host Name in Communication Systems App
and paste it with prefix https:// for example https://my12345-api.s4hana.ondemand.com.
Proxy Type Internet
Authentication SAMLAssertion
Audience Enter the URL of your system and remove -api, for example https://my12345.s4hana.ondemand.com.
AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession

Select New Property and maintain the following Additional Properties and values.

Field Name Value Remark
HTML5.DynamicDestination true  
HTML5.Timeout 60000 value stated in milliseconds. 60000 equals 1 minute. Required as deployment needs longer than the standard of 30 seconds.
WebIDEEnabled true  
WebIDEUsage odata_abap,dev_abap  
nameIDFormat urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress Required in case your subaccount sends mail address as SAML Name ID for authentication (**Subject Name Identifier** in Identity Authentication tenant), although SAP S/4HANA Cloud tenant expects user login by default. That is the case with a trial Account. This also requires the mail address to be maintained for SAP S/4HANA Cloud tenant business users.

Make sure that the Use default JDK truststore checkbox is ticked.

Configure Destination

Click Save.

Log on to answer question
Step 3: Download SAP BTP certificate

On the SAP S/4HANA Cloud tenant side, you need to allow SAP Business Application Studio to make inbound calls.
To set SAP Business Application Studio as a trusted caller in the SAP S/4HANA Cloud tenant, you first have to download the public key of the SAP Business Application Studio subaccount.

To do this, in the Destinations section, select Download Trust.

Download Trust

An untyped file with name pk-\<your subaccounts ID\> (for example pk_9zy8xw7v-6u54-3tsr-21qp-1pqr234st56uv;) is downloaded. Save this file for later.

Log on to answer question
Step 4: Create communication system in SAP S/4HANA Cloud tenant

With the downloaded public key from the SAP Business Application Studio subaccount, you can now maintain it as a trusted caller in SAP S/4HANA Cloud tenant.

  • Log on to your SAP S/4HANA Cloud tenant with the business user that is authorized for communication management.

  • From the dashboard home screen, choose Communication Management > Communication Systems

    Communications Systems tile
  • Select New.

    New Communication System
  • Enter a System ID and System Name, for example BAS_<YOUR SUBACCOUNTS_SUBDOMAIN> like BAS_12AB34CDTRIAL and choose Create.

    Create Communication System
Log on to answer question
Step 5: Configure communication system

This is how you have to configure the communication system that represents the SAP Business Application subaccount as a trusted caller.

  • Navigate to General > Technical Data

    Navigate to General Technical Data
  • Tick the Inbound Only checkbox.

    Set Communication System as Inbound Only
  • Navigate to General > SAML Bearer Assertion Provider and slide the button to ON.

    Enable SAML Bearer Assertion Provider for Communication System
  • Choose Upload Signing Certificate, browse for the SAP BTP certificate and upload it.

    Upload Certificate to Communication System
  • Set the Provider Name by inserting the CN attribute of the Signing Certificate Subject.

    Copy and Paste Provider Name
  • Choose Save.

The connection is now set up and you can use of the custom business object OData services of the SAP S/4HANA Cloud tenant in SAP Business Application Studio.

Log on to answer question
Step 6: Test yourself
What enables SAP Business Application Studio to get inbound calls to the S/4HANA Cloud tenant answered successfully?
×

Next Steps

Back to top