This blog will show the steps performed to connect and display applications from a S/4HANA Cloud system to SAP Business Technology Platform’s Fiori Launchpad service.
Systems involved: S/4HANA Cloud, Identity Authentication System (IAS), SAP BTP and SAP Launchpad Service. Administrator role is a must in each system.
Set Up Communication from S/4HANA Cloud to SAP BTP (Expose Content).
Create a communication system and communication arrangement for the FLP Content Exposure Integration in S/4HANA Cloud.
Host Name: dalraefreetier.dt.launchpad.cfapps.ap10.hana.ondemand.com (Fiori Launchpad site).
Create an Inbound user with password and an Outbound User with authentication as None.
Scenario: SAP_COMM_0647 -> FLP Content Exposure Integration
Add the communication system and inbound user.
Job Details: add the time that you want your content to be transferred to Fiori Launchpad Service. The Job status will change to Active after the first execution.
Select Roles for exposure from S4HANA Cloud to SAP BTP Fiori Launchpad Service.
Go to Maintain Business Roles tile and select the roles that you want to expose to SAP BTP. The roles will contain the apps that will be on the Fiori Launchpad. Then select EXPOSE TO SAP LAUNCHPAD SERVICE
Note: Adapt filters to know which roles have already been Exposed to SAP Launchpad Service.
Configure a destination (design-time) in SAP BTP to connect to the content in S/4HANA Cloud.
Create a design-time destination to define the location from which the SAP Launchpad service should fetch the exposed content.
Log in to SAP BTP, enter to the subaccount and select CONNECTIVITY/DESTINATIONS
Type: HTTP
URL: https://my303665-api.s4hana.ondemand.com/sap/bc/http/sap/aps_flp_content_exposure/entities
Proxy Type: Internet
Authentication: BasicAuthentication
User: CF_LAUNCHPAD_INBOUND
Password: <inbound user password>
Configure Trust Between Subaccount and IAS Application Proxy.
For this configuration, the IAS aalbksesi service will be used.
Note for new configurations: Before the trust is established the S/4HANA Cloud system needs to be added to the IAS.
Create a new Trust Configuration in SAP BTP: selecting STABLISH TRUST and in this case select the IAS aalbksesi.accounts.ondemand.com
Modify the properties of the subaccount in IAS (Consume Content)
Select your Custom IAS and click on the link. The administration console should open with your subaccount selected.
If the link doesn’t work try it by adding /admin at the end and select APPLIACTION & RESOURCES/APPLICATIONS.
In the TRUST tab select ASSERTION ATTRIBUTES
Add the attribute E-Mail: email. This attribute is need it for the SAML assertion.
Select SUBJECT NAME IDENTIFIER and Select a basic attribute: E-Mail
Configure the Runtime Destinations in SAP BTP.
Configure two runtime destinations in SAP BTP. The first one is for dynamic tiles via URL to the API host of the cloud solution tenant (OData). The second one is for launching apps in an iFrame via a direct URL to the cloud solution tenant’s UI host (SAP BTP-Fiori Launchpad Service).
In SAP BTP go to Destinations and create the destinations with the following details:
Name: <name> S4CloudFetchDataDynamicTiles
Type: HTTP
Description: <description>
URL: https://my303665-api.s4hana.ondemand.com (https://<SAP S/4HANA Cloud tenant host>-api.s4hana.ondemand.com)
Proxy Type: Internet
Authentication: SAMLAssertion
Audience: https://my303665.s4hana.ondemand.com (https://<SAP S/4HANA Cloud tenant host>.s4hana.ondemand.com)
AuthnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
Additional Properties:
HTML5.DynamicDestination: true
nameIdFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Name: <name> S4CloudLaunchingAppiFrame
Type: HTTP
Description: <description>
URL: https://my303665.s4hana.ondemand.com (https://<SAP S/4HANA Cloud tenant host>.s4hana.ondemand.com)
Proxy Type: Internet
Authentication: SAMLAssertion
Audience: urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
AuthnContextClassRef: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Additional Properties:
HTML5.DynamicDestination: true
sap-platform: ABAP