Connect to SAP Integration Suite /Cloud Foundry

Connect to SAP Integration Suite /Cloud Foundry

To connecto SAP Cloud Foundry we have enabled a new way of connecting using SAML. This is because the public APIs of SAP Cloud Integration is not as good as the private APIs used in the Web. 

The guide video that shows how to connect Figaf to an Integration Suite system. 


Here you can see an end to end configuration of the Integration Suite

Service keys

As a part of setting up API access you need to have create the service keys. Then you can copy and paste the JSON into the process you are using when creating the integration. 

Info
See here how to create the service keys.

Web API access

There are a big difference between the public and the private / web API. It would not be possiible to create all the nice functions of Figaf without using the private API. To be able to support this we have a number of different was to authenticate for users. 

  • S-User - Ideal if you have a user that is not protected by Universal ID

  • SAP Passport - Use your S-User certificate to login to Figaf

  • SAP Identity Service - Using the SAP Identiy SErvice, require you have a user with username and password that can login to the Integration Suite

  • Custom IDP - Figaf acts as a SAML 2 provider, which enables Figaf to login to the tool.


No matter which access you use you need to give access to the following roles
  1. PI_Administrator
  2. PI_Business_Expert
  3. PI_Integration_Developer
  4. iadv-content-developer
  5. APIPortal.Guest

S-User

This is your nomal S-User or P-User that you are using. 
To use this it is requried that you can login to the Integration Suite via the sap.default profile. 



It does not support Universal ID which is a requirement for new users. 
Before using this ensure the user does not require a password change.
If possible ensure the s-user only have access to the Integration Suite and not all roles in the BTP. 

For Neo this is the only option. Here Universal ID is not a problem. 

SAP Passport

This is the same user as the S-User just that it simplifies the onboarding because the it is not impacted by the Universal ID.
To use this it is requried that you can login to the Integration Suite via the sap.default profile. 

It does require an S-User to create it.
You can with your S-User go the SAP Password site.
Select Apply for an SAP Passport

Enter your password
 
Download the certificate and password you set for it. 


SAP Identify Provider

This is the current recommendation for SAP to enable users to login. This will allow you to have users that can login to the Integration Suite system with just Username and Password. 
It is a bit of a hazzel to 

You need to create a user here that are able to login to the integration suites. The same user can be used to login to all your Integration Suite tenants. 



Check you can login to your integration suite with the user that you have created. 
The login screen should not take you take you to your Corporate Identity provider if you have it Configured. 



How to configure the custom IDP (being retired by SAP)

You will need to create service keys for both the public API and for the message sent if you need to test messages on the platform.

Step 1: Download SAML Metadata from your SAP Cockpit:

Step 2: Copy value related to <md:AssertionConsumerService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=

Step 3: Open Agent Dialog and enable Use custom IdP checkbox. Paste SSO Url from the previous step. Save the Agent

Step 4: Generate Entity Descriptor for the Agent:

Step 5: Go back to the SAP Cockpit and upload this file as a new Trust configuration:

Step 6: Add Role collection mappings for the IdP: PI_Administrator, PI_Business_Expert, PI_Integration_Developer.

Step 7: If Figaf now try to check connection by pressing Test Connection

Step 8: After you have validated the process work, you can remove the check mark for “Available for User Logon”. This way, you will not receive the request to login.


    • Related Articles

    • Create Service Keys for SAP CPI Cloud Foundry

      For SAP CPI Cloud Foundry you have an option to use Service Keys to send messages. The Figaf Tool will not test the properties are correct before running tests. We need to create keys for both API and for Integration flow API access To create a ...

    • How to add MessagingSend Role to a Cloud Foundry user

      If you are using SAP Cloud Integration on Cloud Foundry then you probably have noticed you cannot add the default ESBMessage Send (MessagingSend) role to your user. You will need to create a role collection to support this.  In your BTP cockpit go to ...

    • Create a git repository for SAP Cloud Integration

      In this guide you will see how you can create a git repository for your SAP CPI/Cloud Integration system.  Before you start you need 1. Have installed Figaf 2. Have connected it with a SAP CPI tenant 1. Create a git repository on forinstance github ...

    • Configure CPI agents

      The future way to connect is the following. Here you don't need a S-User. You just need the API keys as specified below. Connecting to SAP Integration Suite /Cloud Foundry without S-User Figaf tool supports both CPI platforms: Neo and Cloud Foundry. ...

    • Custom migration of SAP PI Communication Channels to Cloud Integration

      We have templates that allows you to make migrations SAP PI/PO channels to SAP Cloud Integration Faster. In 2309 this has been moved into the main Figaf Tool and gotten a viewer that will allow you to update the templates faster. On the migration ...