Monday, 17 October 2022

SAP S/4HANA Cloud Content Federation with SAP BTP Launchpad Site

In today’s world end-users are spending valuable time accessing multiple access points to gain access to their required apps and content. Even business processes are often spanned across multiple entry points and do not provide this single point of entry that users require.

With companies adopting the Two-Tier strategy, SAP is also providing various deployment options for realizing this two-tier ERP strategy. Two-Tier provides enterprises with an opportunity to standardize the end-to-end business processes across multiple tiers. By using SAP S/4HANA Cloud for their Tier 2, customers get the benefit of Software as a Service (SaaS) which can be implemented by standard template, thereby reducing the cost and ancillary IT expenses by having pre-configured solution. But this also introduces an additional entry point from an end user perspective.

A central entry point for business applications simplifies access and increases user productivity. Designing and configuring a central point of access to SAP and third-party solutions (both cloud and on-premise), in particular accessing multiple SAP S/4HANA systems from one common launchpad on SAP Business Technology Platform alleviates a lot of the pain points mentioned above for end-users

You will find below, a depiction of the target architecture

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

Through this blog we will look at the process of establishing content federation between SAP S/4HANA Cloud and SAP BTP Launchpad site

You can split the setup tasks into two major steps

◉ Exposing Content to SAP Launchpad Service
◉ Consuming Content in SAP Launchpad Service

Exposing Content to SAP BTP Launchpad Service

1. Create Communication System with Inbound and Outbound Users

◉ Open the Communication system app in the SAP S/4HANA Cloud Fiori Launchpad. Create a new Communication system and provide the following details
◉ Define an ID and a name for the new system.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

◉ In the Host Name field, enter the callback URL, such as portal-service.cfapps.<datacenter>.<domain>. The URL is needed to enable the content change notification.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

◉ Add a technical user for inbound communication.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

I have used User ID & Password as the authentication method. It is recommended to use client-based authentication method. In this case, create a new communication user and provide the password.

◉ Add a technical user for outbound communication. Under Users for Outbound Communication, choose Add. In the New Outbound Communication User dialog, choose New User. You will be redirected to the Communication User app. In the New Outbound Communication User dialog, choose None as authentication method. Choose Create

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

2. Create Communication Arrangement

◉ Open the Communication Arrangements app from the SAP Fiori launchpad. Already existing communication arrangements are listed on the initial screen. In the New Outbound Communication User dialog, choose None as authentication method. Select Create. The Communication Arrangement Screen opens

◉ Under Common Data in the Communication System field, select the communication system that you have created earlier using the value help.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

◉ Under Additional Properties in the Logical Target Identifier field, enter an ID of your choice to uniquely identify the target of the callback URL. This ID is used in the content change notification process. Example: LAUNCHPAD_SERVICE_01.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

◉ Enter the job execution details for scheduling the exposure job. We recommend to set the job frequency to hourly. After the communication arrangement is saved, it might take a while until the job is scheduled by the job framework. When the Job Status field is displayed as active, the job will run as defined. Save the arrangement.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

3. Select roles for Exposure

◉ Open the Maintain Business Roles app from the SAP Fiori launchpad.
◉ Select the roles relevant for exposure.
◉ Choose Expose to SAP Launchpad Service.
◉ Confirm your selection by clicking Expose in the dropdown list.
◉ The Expose to SAP Launchpad Service column now indicates that the role you selected will be exposed.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

4. Configure Communication for the content consumption

◉ In SAP BTP cockpit, download the trust certificate from the subaccount runtime destinations, by navigating to Connectivity -> Destinations and selecting Download Trust.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

◉ Log in to SAP S/4HANA Cloud Launchpad as an administrator.
◉ Launch the app Communication Systems.
◉ Create a new communication system, as follows:
◉ Specify the System ID and System Name.
◉ Select Inbound Only.
◉ Set SAML Bearer Assertion Provider to ON.
◉ Keep the User ID Mapping Mode setting to User Name.
◉ Upload the certificate file that you downloaded from your subaccount as the Signing Certificate.
◉ Specify a unique Provider Name as SAML Bearer Issuer, in the following format:
     ◉ cfapps.<region>.hana.ondemand.com/<unique_name>
◉ Save the communication system.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

Consuming Content in SAP Launchpad Service

1. Establish Trust

◉ Configure the Identity Authentication Tenant as a Proxy

◉ In the SAP BTP cockpit, navigate to your subaccount, select from the side panel Security ->Trust -> Configuration, and then download the SAML metadata from the SAP Launchpad service subaccount.

◉ In the Identity Authentication tenant, navigate to Applications & Resources  -> Applications, and click +Add to create an application for the SAP Launchpad service subaccount.

◉ Select the application you just created, and click SAML 2.0 Configuration.

◉ Under Define from Metadata, browse for the metadata file that you downloaded from the cockpit.

◉ Save and use the back arrow to go back to the main screen.

◉ Click Subject Name Identifier, select Advanced Configuration, and in the Dynamic subject name identifier value field, enter the following value:
 
     ◉ ${corporateIdP.mail}

2. Configure Trust between subaccount and Proxy

Download the SAML 2.0 metadata file from the Identity Authentication tenant as proxy.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

◉ In the SAP BTP cockpit, navigate to your subaccount and select Security  Trust Configuration  New Trust Configuration.

◉ In the Metadata field, upload the SAML 2.0 metadata file that you downloaded, and select the Available for User Logon option.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

3. Configure Destinations

Create a design-time destination, runtime & runtime (default) destinations as below.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

◉ Choose Download Trust to download the trust certificate from the subaccount destinations

4. Manage Content Providers

◉ Within the Launchpad Service, The administrator uses the Channel Manager to define, edit, and get updates from remote content providers running on cloud.

◉ Create a new remote content editor as below. Refer the following link for list of additional parameters to be maintained.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

5. Add Specific Roles to Your Subaccount Manually

◉ In the Content Explorer, select the content provider you defined. The roles that it contains are displayed in a table.
◉ Select the roles you want and click Add to My Content.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

6. Complete Role Configuration

◉ To be able to view the content in the site at runtime, you need to assign the roles to the site.
◉ To assign the roles to the site, open the Site Settings, switch to Edit mode, and in the Assignment panel on the right, select the roles you want to assign to this site.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

7. Assign the generated platform role to your user

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

Launch the SAP BTP Launchpad Site to verify that the SAP S/4HANA Cloud Launchpad content is visible and accessible.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

The SAP S/4HANA Cloud launchpad app is opened within in-place within the SAP BTP Launchpad site without any additional authentication.

SAP S/4HANA Cloud, SAP HANA Exam, SAP HANA Exam Prep, SAP HANA Certification, SAP HANA Tutorial and Materials, SAP HANA Learning, SAP HANA Guides

No comments:

Post a Comment