In this tutorial you will set up a connection between SAP Business Technology Platform, Neo environment (Neo) and SAP Business Technology Platform, Cloud Foundry environment (CF).
A simple application in CF will consume data from an Neo application, and therefore propagate the user details from one environment to the other. This is called “Principal Propagation” and requires some additional steps establishing trust between the environments, to guarantee security.
Step 1: Adapt the ESPM Application
-
If you’re using Eclipse for the first time, you will see a Welcome Page. Close this page.
-
Open Eclipse and choose Window > Perspective > Open Perspective > Other…, select Git and click Open.
-
Click Clone a Git repository.
-
Insert https://github.com/SAP/cloud-espm-v2.git
into the URI field and click Next.
-
Make sure only the master branch is selected and click Next.
-
Click Finish and wait until the clone has finished.
-
Right-click on cloud-espm-v2
> Import Projects….
-
Make sure Eclipse hast detected all projects and click Finish.
-
Open the Java EE Perspective and edit the web.xml
file: Look for <auth-method>FORM</auth-method>
and change it to <auth-method>OAUTH</auth-method>
. Don’t forget to save your changes.
Step 2: Create an approuter
-
Create a new directory called approuter
somewhere on your machine.
-
Create a new file called package.json
inside this directory with the following content:
{
"name": "approuter",
"version": "1.0.0",
"description": "",
"scripts": {
"start": "node node_modules/@sap/approuter/approuter.js",
"test": "echo \"Error: no test specified\" && exit 1"
},
"license": "ISC",
"dependencies": {
"@sap/approuter": "^9.1"
}
}
This tells Node (npm) to fetch and start the approuter.
-
Create a file called xs-app.json
with the following content:
{
"welcomeFile": "index.html",
"routes": [ {
"source": "/espm-cloud-web/espm.svc/",
"target": "/espm-cloud-web/espm.svc/",
"destination": "retailerBackend"
}, {
"source": "/espm-cloud-web/images/",
"localDir": "static/images/"
}, {
"source": "/",
"localDir": "static/retailer/"
}
]
}
This configures the routing inside the approuter.
-
Create a folder called static
.
-
Move the src/main/webapp/retailer
folder (from the espm
project) to the newly created static
folder.
Note: This folder contains the HTML, CSS and JavaScript of the Retailer application.
-
Copy the src/main/webapp/images
folder to the newly created static
folder.
Note: The images are needed by the Shop and the Retailer application.
-
Create a zip archive called approuter.zip
containing all the file in the approuter
folder. It’s important that the files are in the top level of the zip file!
You can use this commands in bash
(Linux and macOS) to create the zip file:
for file in static/retailer static/images xs-app.json package.json ; do
if [[ ! -e $file ]] ; then echo -e "\e[33m[WARNING] $file does not exist\e[0m"; fi ;
done
zip -r approuter.zip .
or use PowerShell
(Windows):
foreach ($file in @("static\retailer", "static\images","xs-app.json","package.json")){
if (-not (Test-Path $file)) { Write-Warning "$file does not exist" }
}
Compress-Archive -Force -Path .\* -DestinationPath approuter.zip
This will also check that all files exist and print a warning if one or more is missing.
Note: You need to change to the approuter directory using the cd
command first (Linux, macOS and Windows).
Step 3: Build the ESPM Application
-
Make a right-click on espm
and select Export.
-
Select Web > WAR file and click Next.
-
Select a Destination on your machine and click Finish.
Step 4: Configuration in the SAP BTP, Neo environment
-
Open the SAP BTP, Neo environment cockpit.
-
Navigate to SAP HANA / SAP ASE > Databases & Schemas and click New
-
Create a database named espm
and select a password. Make sure you don’t lose it, we’ll need it soon.
-
Wait until you see the event with description Tenant DB creation finished successfully (created and configured) (this can take up to 15 minutes). Now navigate back to your subaccount.
-
Navigate to Applications > Java Applications and click Deploy Application
-
Select the espm-cloud-web.war
you’ve exported in the first step, be sure to use the Tomcat 8 Runtime and click deploy. Note: Don’t change the name of the application.
-
Wait until the application is successfully deployed and click Done.
-
Open the details of the application by clicking its name.
-
Navigate to Configuration > Data Source Bindings and click New Binding.
-
Enter SYSTEM
and the password you choose while creating the database as credentials and click Save.
-
Navigate to Security > Roles, make sure the Retailer role is selected and click Assign in the Individual Users section.
-
Enter your email-address (the one you use for your Cloud Foundry Account) and click Assign.
-
Navigate to Overview and click Start.
-
Wait until you can see Started and open the Application URL.
Step 5: Establish trust between SAP BTP, Cloud Foundry environment and SAP BTP, Neo environment
-
Open the SAP BTP, Cloud Foundry environment in a new tab, navigate into your subaccount, go to Connectivity > Destinations and export the X509 certificate of the destination service by clicking the Download Trust button.
-
Go to Overview and find your subaccounts id and the landscape host. You will need it later. Notice: The landscape host does not include api.cf.
!
-
Go to the Neo environment > Security > Trust > Application Identity Provider and click on Add Trusted Identity Provider.
-
Enter the following details and click Save.
Parameter |
Value |
Name |
cfapps. + Landscape Host + / + subaccount ID e.g. cfapps.eu10.hana.ondemand.com/77f532e6-71f7-44e9-9761-c0b24f6f38ca |
Signing Certificate |
Open the certificate file downloaded earlier with your favorite editor and copy everything between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. |
-
Go to Security > OAuth > Clients and click Register new client.
-
Enter the following details and click Save.
Parameter |
Value |
Name |
It doesn’t actually matter. Use e.g. CFNEO-Demo . |
Subscription |
p0123456789trial/espmcloudweb (while p0123456789 is your own account id) |
ID |
leave unchanged and save it somewhere for later use |
Confidential |
checked |
Secret |
Generate a random password and save it somewhere for later use |
Redirect URI |
Unused in this scenario. Use e.g. https://example.com |
Example:
-
Go back to the CF environment and click New Destination.
Property |
Value |
Name |
retailerBackend |
Type |
HTTP |
URL |
URL of the Neo application/API you want to consume. e.g. https://espmcloudwebp2000292804trial.hanatrial.ondemand.com/espm-cloud-web/ |
Proxy type |
Internet |
Authentication |
OAuth2SAMLBearerAssertion |
Audience |
Depends on your Landscape (Neo). See table in the bottom. |
Client Key |
ID of the OAuth client you saved in the previous step. |
Token Service URL |
taken from the “Branding” tab in the Neo subaccount - “Security” > “OAuth”. |
Token Service user |
Once again the ID of the OAuth client. |
Token Service Password |
The Secret you generate in the last step. |
System User |
empty |
Use default JDK truststore |
Checked |
Add the following Additional properties:
Property |
Value |
authnContextClassRef |
urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession |
nameIdFormat |
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Use this table to find the correct audience for your landscape:
Landscape |
Audience |
Europe (Rot) - Trial |
https://nwtrial.ondemand.com/services |
Australia (Sydney) |
ap1.hana.ondemand.com/services |
Brazil (São Paulo) |
https://br1.hana.ondemand.com/services |
Canada (Toronto) |
https://ca1.hana.ondemand.com/services |
Europe (Amsterdam) |
https://eu3.hana.ondemand.com/services |
Europe (Rot) |
https://netweaver.ondemand.com/services |
Japan (Tokyo) |
https://jp1.hana.ondemand.com/services |
KSA (Riyadh) |
https://sa1.hana.ondemand.com/services |
Russia (Moscow) |
https://ru1.hana.ondemand.com/services |
UAE (Dubai) |
https://ae1.hana.ondemand.com/services |
US East (Ashburn) |
https://us1.hana.ondemand.com/services |
US West (Chandler) |
https://us2.hana.ondemand.com/services |
US East (Sterling) |
https://us3.hana.ondemand.com/services |
Example:
Step 6: Configuration in the SAP BTP, Cloud Foundry environment