Configure Your SAP S/4HANA System for Content Federation
- How to set up the allow list to enable your SAP BTP trial to access the SAP S/4HANA system
- How to set the SAP Fiori launchpad parameter
EXPOSURE_SYSTEM_ALIASES_MODEin the SAP S/4HANA Customizing.
- Get a Free Account on SAP BTP Trial
- To integrate federated content into an SAP Launchpad site, you already need a launchpad site available in your SAP BTP trial account. Please follow at least the first two tutorials of the Create your First SAP Launchpad site group or the full Deliver your First SAP Fiori launchpad site with integrated apps mission to set up the SAP Launchpad service on your SAP BTP trial account.
- To test content federation, you need an SAP S/4HANA system on release 2020 or 2021 and have administrator access to it. This tutorial describes the configuration of an SAP S/4HANA 2020 system which you can also get as SAP S/4 HANA Fully Activated Appliance 30-day trial system. You can find more details about the process to start your SAP S/4HANA trial in this Quick Start Document.
To avoid reconfiguration of the SAP Cloud Connector after each restart, we recommend to use the system with a static public IP address.
Please keep in mind that the trial is only free for 30 days, so only request the system, when you are ready to run the tutorial.
- You need an SAP Cloud Connector installed. If you are using the SAP S/4HANA trial, the SAP Cloud Connector is already included in it.
In this group of tutorials, you will integrate SAP Fiori launchpad content from an SAP S/4HANA system to the SAP Launchpad service on SAP BTP using content federation. With this functionality, SAP enables SAP S/4HANA (and other products) to serve as content providers by exposing their business content and role structures to the central Launchpad, which makes the day-to-day operation and maintenance by the content administrator much more efficient.
You will learn how to combine federated content from SAP S/4HANA with apps from other sources like custom apps running on SAP BTP or SAP Business Suite applications in one launchpad site.
- Step 1
If you are using your own instance of the SAP S/4HANA 2020 or 2021, Fully Activated Appliance solution in SAP Cloud Appliance Library, click Connect.
You can either use the Windows Remote Desktop and login via SAP Logon there or login directly via SAP GUI by clicking Connect in the SAP GUI row in the Connect to the Instance pop-up . Please check the Getting Started with the SAP S/4HANA 2020 (SP00) Fully-Activated Appliance Guide for details.
An .sap file will be downloaded to your computer to connect to the SAP S/4HANA system.
Click the downloaded file. If required, click Allow in the pop-up window.
Login to client 100 of system S4H with default user
- Step 2
Since the SAP S/4HANA apps are integrated into the SAP Launchpad service using iFrames, you need to configure an allowlist to protect your system against clickjacking attacks. The allowlist service is an ABAP-wide service to implement protections. You can manage such allowlist scenarios with the Unified Connectivity Framework (UCON Framework) to optimize the protection of your RFC and HTTP(S) communication against unauthorized access.
To allow the SAP Launchpad service to consume data from your SAP S/4HANA system, you should add your trial account to the allowlist for Clickjacking Framing Protection.
If you do not activate the allowlist, the launchpad defaults to a more restrictive clickjacking protection mechanism. It will then only allow framing if the host of the application is part of the same domain as the embedding application, i.e. the Launchpad (same origin policy).
Start the transaction
- Step 3
- In the drop-down list, select HTTP Whitelist Scenario.
In an SAP S/4HAnA 2021 system, this is called “HTTP Allowlist Scenario”
![Open HTTP allowlist](4-open-http-whitelist.png)
If the Clickjacking Framing Protection scenario is not available in the list, you need to activate it. To do so, select HTTP Whitelist > Setup in the menu bar.
In the pop-up, check the entry activate Clickjacking Protection (Context Type 02) for all clients (recommended). Then click the Continue icon.
For more details, see Using an Allowlist for Clickjacking Framing Protection
You now see the Clickjacking Framing Protection entry in the table. It is currently set to Logging mode. This means that connections are only logged, but not checked. With this setting, connectivity from your SAP BTP trial account will work. However, this is not a secure setting. In a productive environment, you would need to add the patterns for your SAP Launchpad service to the whitelist and then set the scenario to Active check mode.
- Step 4
EXPOSURE_SYSTEM_ALIASES_MODEdefines how to handle system aliases during content exposure. In an embedded deployment of the SAP Fiori front-end server, all apps run on the same server. Therefore, system aliases can be cleared during exposure. In a hub deployment in contrast, they might come from different back-end systems and each back-end system may have several aliases. Therefore, you need to map these aliases to the runtime destinations manually after creating the content provider in the last tutorial of this group. See the documentation for details.
This parameter must only be set in an embedded scenario where the SAP Fiori front-end server is deployed into the AS ABAP of the SAP S/4HANA system. This is the case in the SAP S/4HANA trial system.
/nsproin the command field to access the customizing.
Click SAP Reference IMG.
In the tree, open SAP NetWeaver > UI Technologies > SAP Fiori > SAP Fiori Launchpad Settings.
In an SAP S/4HANA 2020 system the path to choose would be ABAP Platform > UI Technologies > SAP Fiori > SAP Fiori Launchpad Settings.
- Then click the IMG Activity icon in front of Change Client-Specific Settings.
- Step 5
Click New Entries to create one new entry.
For the new entry, make the following inputs in the first row of the table:
FLP Property ID:
The values for Type and Category will be added automatically when you save the new entry.
If you see a pop-up window informing you about a refresh of the text index, just confirm it.
To save your settings, you need to assign a customizing request.
Click the Create icon to create a new customizing request.
If you want, enter a description. Then click the Save icon.
Click the OK icon to confirm the selected customizing request.
Your entry was saved. Click the Back icon to go back to the main settings table.
Now you made all settings required in the SAP S/4HANA trial system.
- Step 6
If you work in your own SAP S/4HANA test system or just want to make sure all prerequisites for content exposure are met, you might check if the service
/sap/bc/ui2/cdm3is activated in the SAP S/4HANA system. This is the case in the preconfigured SAP S/4HANA trial.
/nsicfinto the command field to launch transaction
cdm3in Service Name and click the Execute icon.
Right-click the cdm3 service. Check that the Activate Service entry is grey and inactive. This means that the service is already activated. Otherwise, you can activate it now by clicking Activate Service.
- Step 7
You also need to make sure that the user which does the content exposure has the right role and that the page cache is turned on for them. This is also already the case for user
/nsu01into the command field to launch User Maintenance.
bpinstas User as this is the user that will do the content exposure. Then click the Display icon.
The permissions to run the content exposure are delivered with the role
SAP_FLP_ADMIN. The BPINST user has full administrator permissions and can be used for content exposure.
Go to tab Parameters and make sure that the parameter
/UI2/PAGE_CACHE_OFFdoes not show up here. If it does, remove it.
This parameter is only used for test purposes to identify caching issues. It should not be available in productive systems anyhow, as it can slow down the loading process significantly.
Which parameter defines how system aliases should be handled in the exposure to SAP Cloud Platform Launchpad: