SAP Community - SAP BTP Security

Failed to load destination. Caused by: No user token (JWT) has been provided. This is strictly neces

2024-05-31T07:13:33.226000+02:00

Hi, I am attempting to call an SAP OData service from a CAP (Cloud Application Programming) application using a CDS spawn job. I am utilizing a destination with Principal Propagation but encountering the following error:

logs:-
[cds] - connect to sap_odata > odata-v2 { destination: 'sap_destination', forwardAuthToken: true }
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR [remote] - Error: Error during request to remote service:
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR Failed to load destination.
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR at run (/home/vcap/app/node_modules/@sap/cds/libx/_runtime/remote/utils/client.js:310:31)
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR at async RemoteService.<anonymous> (/home/vcap/app/node_modules/@sap/cds/libx/_runtime/remote/Service.js:276:20)
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR at async next (/home/vcap/app/node_modules/@sap/cds/lib/srv/srv-dispatch.js:76:17)
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR at async RemoteService.handle (/home/vcap/app/node_modules/@sap/cds/lib/srv/srv-dispatch.js:74:10)
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR at async Object.methodName(/home/vcap/app/srv/util/myfile.js:102:24)
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR at async mycatfile (/home/vcap/app/srv/util/mycatfile.js:524:22) {
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR statusCode: 502,
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR reason: {
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR message: 'Error during request to remote service: \n' +
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR "Failed to load destination. Caused by: No user token (JWT) has been provided. This is strictly necessary for 'PrincipalPropagation'.",
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR request: {
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR method: 'POST',
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR url: '/xxxx/xxxxxx_SRV/dummyEntitySet',
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR headers: {
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR accept: 'application/json,text/plain',
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR 'accept-language': 'en',
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR 'content-type': 'application/json',
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR 'content-length': 311,
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR authorization: 'Bearer ...'
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR }
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR },
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR correlationId: '507a3d4f-bf6d-4296-4cc1-f6b8f070ee2b'
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR }
2024-05-29T21:07:57.42+0530 [APP/PROC/WEB/1] ERR }

code :-

const myFn = async (req, data) {
    cds.spawn({ 
          user: cds.context?.user,
          tenant: cds.context?.tenant,
          headers: cds.context?.headers || req?.headers,
          after: iafterTime }, async (req) => {
          sendToSAP(req, customID)
    })
    return 'processing in backgorund'
}

const sendToSAP = async (req, customID) => {   
    const payload = {}  
    const oSAPService = await cds.connect.to("sap_destination")
    let headers = { "Content-Type": "application/json" }
    headers.authorization = cds.context?.headers || req?.headers
      const response = await oSAPService.send({
        method: "POST",
        path: "/xxxx/xxxxxx_SRV/dummyEntitySet",
        data: payload,
        headers: headers
      });
}

"dependencies": {

"@sap-cloud-sdk/http-client": "^3.0.1",

"@sap/cds": "6.8.4",

"@sap/cds-dk": "6.8.3",

"engines": {

"node": "^18.0.0"

}

this is workign without spawn job.

How to Acheive KDS based Authorization in CAPM ?

2024-05-31T14:44:31.944000+02:00

Hello Team,

We have developed a CAPM application in BAS following Capire Blog.

We have created a characteristics table which will have data related to the material characteristics and exposed this table to the service to create a UI5 application on top of it.

Below is the Table definition:

namespace Characteristics.db;

using {managed} from '@sap/cds/common';

entity Characteristics : managed {

//@title : 'Id'

@ui.Hidden: true

Id : UUID;

key Material_No : String(40);

Material_Description : String(100);

Characteristics_1 : String(100);

Description_1 : String(100);

Characteristics_2 : String(100);

Description_2 : String(100);

Characteristics_3 : String(100);

Description_3 : String(100);

Characteristics_4 : String(100);

Description_4 : String(100);

Characteristics_5 : String(100);

Description_5 : String(100);

Characteristics_6 : String(100);

Description_6 : String(100);

Characteristics_7 : String(100);

Description_7 : String(100);

Characteristics_8 : String(100);

Description_8 : String(100);

Characteristics_9 : String(100);

Description_9 : String(100);

Characteristics_10 : String(100);

Description_10 : String(100);

Characteristics_11 : String(100);

Description_11 : String(100);

Characteristics_12 : String(100);

Description_12 : String(100);

Characteristics_13 : String(100);

Description_13 : String(100);

Characteristics_14 : String(100);

Description_14 : String(100);

Characteristics_15 : String(100);

Description_15 : String(100);

Characteristics_16 : String(100);

Description_16 : String(100);

Characteristics_17 : String(100);

Description_17 : String(100);

Characteristics_18 : String(100);

Description_18 : String(100);

Characteristics_19 : String(100);

Description_19 : String(100);

Characteristics_20 : String(100);

Description_20 : String(100);

//Auto Populated fields

createdAt : Timestamp @CDS.on.insert: $now;

createdBy : String(100) @CDS.on.insert: $user;

modifiedAt : Timestamp @CDS.on.insert: $now @CDS.on.update: $now;

modifiedBy : String(100) @CDS.on.insert: $user @CDS.on.update: $user;

}

Below is the service created:

using {Characteristics.db as db} from '../db/YTPOnePlanning-db';

service CatalogService @(require: 'authenticated-user') {

@odata.draft.enabled: true

entity Characteristics @(restrict: [

{

grant: ['*'],

to : 'YTPOnePlanning_admin.hdbrole'

{

grant: ['READ'],

to : 'YTPOnePlanning_read.hdbrole'

}

]) as projection on db.Characteristics;

}

The application is working fine as expected. We are able to see all the details from the HANA table to the FIORI Screen.

Now as you can see below in the service definition, we have defined service based on roles provided to the users. For example. If user is assigned 'YTPOnePlanning_admin.hdbrole' role then that user can perform all the CRUD operations and if the user is assigned 'YTPOnePlanning_read.hdbrole' role then the user can only read the data.

All of which is fine and understood, but what we are trying to achieve is authorization on based of KDS ( Key data structure ) i.e. if the Database table has 100 Materials and the user ‘X’ only has permission to perform CRUD operation on 10 Material then the user ‘X’ shall only have access to those 10 materials.

Could you please help us achieve this functionality ?

How to fetch Current User's Email Address in BTP RAP Method

2024-06-05T07:17:23.710000+02:00

Hi Experts,

I need to fetch the Current User's Email Address in my BTP RAP Method but the Class "cl_abap_context_info" don't have any method to fetch the same.

Please help hot to get the Email Address of the user..

Thanks,

BTP Learner

CORS blocking access

2024-06-05T11:09:35.453000+02:00

Hi everyone,

I'm facing an issue with CORS blocking access in my application, below is what I've done in my frontend and backend applications.

In the frontend app I'm using angular to make this login request

const headers = new HttpHeaders({
      'Authorization': 'Basic ' + btoa(${this.clientID}:${this.clientSecret}),
      'Content-Type': 'application/x-www-form-urlencoded',
      'Access-Control-Allow-Origin': '*'
    });                                                                                                                return this.http
      .post<AuthResponseBackend>(
        'https://cors-anywhere.herokuapp.com/https://amwftwpkt.trial-accounts.ondemand.com/oauth2/token',
        data.toString(), { headers }
      )

it works only if I add this CORS link https://cors-anywhere.herokuapp.com/ before login link and open that link in my browser https://cors-anywhere.herokuapp.com/corsdemo to request temporary access to the demo server. I need it to work without these CORS links.

In the backend application, I'm working with spring boot and using security configuration. I've added allow CORS configuration in my security configuration as shown in my code snippets below and also above each controller I've added the CrossOrigin annotation. When I deploy my application on kyma and the frontend side tries to connect to it, It still gives an error due to CORS. Any help is appreciated.

Here are the github links for the full codes of the applications; Frontend application , Backend application

Thanks in advance.

 @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(List.of("http://localhost:4200"));
        corsConfiguration.setAllowedMethods(List.of("GET", "POST", "DELETE", "PUT"));
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.setAllowedHeaders(List.of("*"));
        corsConfiguration.setMaxAge(3600L);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", corsConfiguration);
        return source;
    }

 @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        // @formatter:off
        http.sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(authz ->
                        authz.requestMatchers("/measurements/*").hasRole("USER")
                                .requestMatchers("/formulas/*").hasRole("USER")
                                .requestMatchers("/linetypes/*").hasRole("USER")
                                .requestMatchers("/materialgroups/*").hasRole("USER")
                                .requestMatchers("/modelspecs/*").hasRole("USER")
                                .requestMatchers("/modelspecdetails/*").hasRole("USER")
                                .requestMatchers("/personnelnumbers/*").hasRole("USER")
                                .requestMatchers("/servicenumbers/*").hasRole("USER")
                                .requestMatchers("/servicetypes/*").hasRole("USER")
                                .requestMatchers("/*").authenticated()
                                .anyRequest().denyAll())
                .oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(new MyCustomHybridTokenAuthenticationConverter())));

        http.cors(httpSecurityCorsConfigurer -> httpSecurityCorsConfigurer.configurationSource(corsConfigurationSource()));
        http.csrf(csrf -> csrf.disable());
        return http.build();
    }

@CrossOrigin(origins = "http://localhost:4200", maxAge = 3600)

Problem -Unable to call protected app from another App.

2024-06-05T12:14:18.039000+02:00

Hi Expert,
I have created two CAP applications, each with its own XSUAA authentication service. I want to call one CAP service from another CAP application. I followed @CarlosRoggan blog here, which worked perfectly for external users but failed for the application-to-application case.

I followed the exact steps, but the user JWT token doesn't contain the provider app scope when doing it for another application. However, it works perfectly for external users. Please help me.
@CarlosRoggan @gregorw @MioYasutake @Ivan-Mirisola

Thanks
Somnath

Unable to run a Python Flask app on BTP with X-CSRF token requirement

2024-06-09T03:15:55.133000+02:00

Hi experts,

a Python Flask app shall be deployed to an SAP BTP Cloud Foundry subaccount with a web server handling security (XSUAA). The app appears to work well during local tests, or when XSUAA is locally simulated. However, as soon as the app is pushed to the BTP subaccount with XSUAA any modifying POST results in a 'Forbidden' response. When analyzing the respective logs, this response stood out: "POST request to /curate/279/update completed with status 403 The request does not contain a x-csrf-token".

I did attempt to implement the following code to obtain the x-csrf-token in GET and use it in the header in POST, but failed to obtain a value for x-csrf-token in GET.

Perhaps one of you could help figure out how I could get a value for x-csrf-token in GET?
Thank you.

# x-csrf-token

lbl_csrf = 'x-csrf-token'

headers = {lbl_csrf: 'Fetch'}

url_suffix = f"{id}/update"

endpt_url = '/'.join([xsuaa_service_url(), url_suffix])

x_csrf_token = None

...within a Blueprint route definition I included this code:

## Connect to the server

with requests.Session() as s:

response = s.get(endpt_url, headers=headers, cookies=s.cookies)

if response and hasattr(response, 'headers' )

current_app.logger.info("GET headers: %s, cookies: %s",

response.headers, response.cookies)

if hasattr(response.headers, lbl_csrf )

x_csrf_token = response.headers[lbl_csrf]

current_app.logger.info("GET: x-csrf-token: %s", x_csrf_token)

if request.method == 'POST':

# x-csrf-token

if x_csrf_token:

headers={'Content-Type':'application/json', lbl_csrf: x_csrf_token}

with requests.Session() as s:

resp = s.post(endpt_url, headers=headers, cookies=s.cookies)

current_app.logger.info("POST headers: %s, %s", resp, headers, s.cookies)

Inbound Communication on SAP BTP and Cloud Foundry Application

2024-06-13T15:37:44.889000+02:00

Hi,

I'm studying the SAP BTP and have a question about it.

Here’s the scenario: from C4C, using a webhook (triggered by a ticket update), an HTTP request is sent to an application (python-based) I developed and deployed on Cloud Foundry in the BTP. This application performs certain tasks and then connects to the SAP AI Core service.

My concern is about managing communications securely (authentication, etc.) both inbound and outbound from my application. If I understand correctly, I can use "destinations" to manage outbound communications. However, it's not clear to me how to handle inbound communications: at the moment, anyone who has the endpoint where my application is exposed can access the service. So, how do I implement an authentication mechanism?

I’ve looked through the documentation, the Learning Hub, and community blogs, but I’m a little bit confused. For example, I learned about the XSUAA service, but it permits to design a login form for any user, that is not what I need, since I want a secure communication between C4C and my application.

Problem registering my desktop agent in my BTP Build Process Automation Trial Account

2024-06-19T09:29:23.588000+02:00

Hi everyone,

I'm facing an issue while registering my Desktop agent in my BTP Trial Build Process Automation App.

I followed the SAP Developers Guide to set up the agent locally on my PC, and I enabled the Chrome and Edge extensions to try and connect the agent with my trial app. However, I encounter a problem when clicking on the agent in the control tower to get the information needed to register it with my local desktop agent.

It loads for hours without any response. I thought it might be due to my internet connection, but nothing changed after switching to another Wi-Fi network.

Can you please help me set this up?

Thanks,
Ilyass

How to Secure Your Cloud Foundry Python Application with XSUAA.

2024-06-19T21:27:50.810000+02:00

How to Secure Your Cloud Foundry Python Application with XSUAA

Introduction

Securing applications in the cloud is critical to ensure that sensitive data and operations are protected from unauthorized access. SAP Cloud Foundry offers a robust way to handle authentication and authorization using the XSUAA (Extended Services User Account and Authentication) service. By leveraging XSUAA, developers can implement security measures that integrate seamlessly with SAP Cloud Platform, providing OAuth 2.0-based security mechanisms.

In this blog post, I'll walk you through the process of applying XSUAA security to a Python application deployed on Cloud Foundry using the Python Buildpack. Whether you're new to SAP Cloud Platform or looking to secure your existing applications, this guide will help you understand the steps involved and save you time in the process. We'll cover everything from setting up your environment to deploying and testing your secure application, ensuring you have a comprehensive understanding of the entire workflow.

Let's dive in and secure your Python application with XSUAA on Cloud Foundry!

Step-by-Step Guide

1. Setting Up Your Environment

Create a new project directory:

mkdir cf-python-xsuaa
cd cf-python-xsuaa

2. Create hello.py file

Create a new file named hello.py with the following content:

import os
from flask import Flask, request, abort
from cfenv import AppEnv
import jwt
from sap import xssec

app = Flask(__name__)
env = AppEnv()

port = int(os.environ.get('PORT', 3000))
uaa_service = env.get_service(name='xsuaa_service_name').credentials

@app.route('/')
def hello():
     if 'authorization' not in request.headers:
         abort(403)
     access_token = request.headers.get('authorization')[7:]
     print(jwt.decode(access_token, options={"verify_signature": False}))
     security_context = xssec.create_security_context(access_token, uaa_service)
     isAuthorized = security_context.check_scope('uaa.resource')
     print(isAuthorized)
     print(security_context)
     print(access_token)
     if not isAuthorized:
         abort(403)

     return "Hello World"

if __name__ == '__main__':
  app.run(host='0.0.0.0', port=port)

3. Create manifest.yml file

Create a manifest.yml file with the following content:

---
applications:
- name: cf-python-xsuaa
  memory: 128MB
  disk_quota: 256MB
  random-route: true
  buildpack: python_buildpack
  command: python hello.py
  services:
  - xsuaa_service_name

4. Create requirements.txt file

Create a requirements.txt file with the following dependencies:

Flask
gunicorn
cfenv
sap-xssec
PyJWT

5. Create xs-security.json file

Create an xs-security.json file with the following content:

{
    "xsappname": "xsuaa_service_name",
    "tenant-mode": "dedicated"
}

6. Install Dependencies and Run Locally

Set up a virtual environment and install dependencies:

python -m venv venv
.\venv\Scripts\activate
pip install -r requirements.txt

Run the application locally:

python hello.py

7. Deploy to Cloud Foundry

cf login

Create the XSUAA service instance:

cf create-service xsuaa application xsuaa_service_name -c xs-security.json

Deploy the application:

cf push

Create a service key for the XSUAA service:

cf create-service-key xsuaa_service_name xsuaa_service_key

Retrieve the service key:

cf service-key xsuaa_service_name xsuaa_service_key

8. Test Your Application with Postman

Generate a token using Postman:

Open Postman and create a new POST request to the URL:
Example URL: https://abc-interns.authentication.eu12.hana.ondemand.com/oauth/token?grant_type=client_credentials
Set the headers:
- Content-Type: application/json
- Authorization: Basic Auth with your client_id and client_secret

Use the generated token to access your secure endpoint:

Create a new GET request in Postman to the URL of your deployed application:
Example URL: https://cf-python-xsuaa-agile-cat-cs.cfapps.eu12.hana.ondemand.com/
Set the headers:
- Content-Type: application/json
- Authorization: Bearer YOUR_ACCESS_TOKEN

Replace YOUR_ACCESS_TOKEN with the token you obtained from the previous step.

Conclusion

By following these steps, you’ve successfully secured your Python application on Cloud Foundry using XSUAA. This method provides a robust authentication and authorization mechanism, ensuring that your application is protected from unauthorized access.

Additional Resources

SAP Cloud Platform XSUAA Documentation
Cloud Foundry Documentation
Python Buildpack Documentation

Call to Action

Try securing your applications and help others also in comments and post your experiences in SAP Community.

Thanks and regards,

Harsh Tirhekar

How to Secure Endpoints in SAP BTP AND User Authentication

2024-06-25T07:49:47.834000+02:00

Hi SAP Community,

I am currently working on securing the endpoints in SAP Business Technology Platform (BTP) and would appreciate some guidance on best practices and available methods for implementing robust security measures, particularly focusing on user authentication.

Thanks
Rituraj Kumar

Monitor credit consumption to prevent over usage

2024-06-26T15:46:55.036000+02:00

SAP BTP Credits

Early Warning

Introduction:

Many BTP customers have negotiated contracts with SAP for their BTP credits. To prevent credit overconsumption, an usage predictor can be very helpful. Therefore, we propose implementing a detailed tracker with a usage prediction feature.

Usage Prediction Model:

Since business operations are often cyclical, we base our predictions on the usage from the previous two months. This approach could also account for seasonal variations.

Steps to Implement the Tracker:

1. Data Retrieval:

We will use the Usage Data Management Service API to gather consumption data for each global account and its associated subaccounts.

2. Data Processing:

The daily usage data for each subaccount will be classified and filtered to retain only the data from the last two months.

We will then compute the sliding means for each subaccount. This involves averaging the daily usage over the past two months.

3. Prediction Calculation:

The computed sliding means will be multiplied by the number of days remaining in the current month to predict future usage.

This prediction accounts for seasonality, providing a more accurate forecast shifted by two months..

4. Alert System:

Based on the predictions, an alert will be sent to the account owner if they are likely to over consume their credits. The alert will provide a detailed view of the credit usage with charts and tables associated with a prevention message like ‘We recommend you to review your credit consumption or contact SAP for a renewal of your contract’. This allows them to take preventative action or renegotiate their credit contract with SAP.

Technical Implementation:

We will deploy a Python-based microservice on SAP BTP Cloud Foundry.
This microservice will:

Scrape usage data via the API endpoint.
Generate time series for analysis.
Present the data in an easy to understand chart format.
Provide recommendations based on the usage predictions.

Conclusion:

This usage tracker will help BTP customers manage their credit consumption more effectively, avoiding overconsumption and potential cost overruns.

uninstall sap cloud connector

2024-07-07T19:44:07.231000+02:00

I am unable to uninstall sap cloud connector

Is it possible to restrict BTP access by IP Address?

2024-07-09T02:53:58.738000+02:00

Dear SAP Team

we have a requirement to handle SAP BTP Launchpad access in below scenarios

As BTP Public cloud is internet based application, is there a way to restrict users?

Scenario is

if users are in office with in my Company IP range, then no need MFA authentication, they can directly login
if users are using BTP launchpad remotely, then MFA should kick in. as the IP's they are accessing is out of our company IP Range,

------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

Error: Authentication kind "jwt" configured, but no XSUAA instance bound to application

2024-07-09T10:39:07.092000+02:00

Hello community,

I would like to connect CAP Node.js app to external SAP service in production env using destinations. It is important to use OAuth2.0ClientCredentials authentication method. Sandbox works for me. Official document is bit confusing.

When I run production profile, I am getting below error. Do I need any additional NPM package, or require additional configuration in package.json or elsewhere?

What to do in order to successfully fetch data from "production" environment? Thank you.

package.json

  "cds": {
    "requires": {
      "Some_ExternalServiceV4": {
        "kind": "odata",
        "model": "srv/external/Some_ExternalServiceV4",
        "[sandbox]": {
          "credentials": {
            "url": "https://sandbox.api.sap.com/sappricing/datafetch"
          }
        },
        "[production]": {
          "credentials": {
            "destination": "datafetch-destination"
          }
        }
      }
    }
  }

SAP Application logging service

2024-07-10T08:52:08.496000+02:00

Hi I have successfully deployed SAP Application Logging service in my cloudfoundry dev namespace. I would like to generate Secret Key to the instance. But when I try to create the Secret key the creation of key is failing and the error is as follows.

XSUAA API Access - How to generate correct OAuth Token with appropriate scopes

2024-07-11T10:30:12.744000+02:00

Hello,

i want to use the API for "User Management (System for Cross-domain Identity Management (SCIM))" to get all users for a subaccount.

How to select the current subaccount to get all users from that?

Currently my OAuth 2.0 scopes were not sufficient.

Do i need to create a own application for that ?

How i can test this API with Postman?
Kind regards,

Adding new members into SAP CX AI toolkit

2024-07-15T09:15:49.950000+02:00

Hi Team ,

We have got SAP CX AI toolkit tenant provisioned and our admin has added our users to it but we are not able to login to that tenant.

Can somebody please help what steps we are missing , adminstrator got a password from SAP to login to tenant but how other users can get password to login or is there any separate process for it.

Routes cannot be mapped to destinations in different spaces

2024-07-17T11:44:42.698000+02:00

hi, when working on this tutorial: https://developers.sap.com/tutorials/cp-cf-security-xsuaa-create.html#96bf4d90-d49d-4e27-8ebe-40b1e2da969a

got this error: For application 'product-list': Routes cannot be mapped to destinations in different spaces

that is when pushing to btp (after being logged-in).

any idea?

thanks.

Active Directory and SAP S/4 integration via BTP

2024-07-18T13:42:06.907000+02:00

Dear all
one of my customer is requesting me the possibility to interface is Active Directory with his SAP S/4. And he wants to create SAP users in a specific group in AC to be created in SAP S/4.
and even deleted or set to end of validity once the user went out of this AD group
there's a BTP service that allows this kind of scenario?

IPS Sync Issue : S/4HANA Cloud Private edition User and Roles Sync

2024-07-19T08:11:04.275000+02:00

Hello Team,

We're trying to sync the users and their roles from SAP S/4Hana Cloud, Private Edition to Work Zone (standard) using IPS sync.

We've followed the below process by referring the help documents.

However, while performing the sync we're getting issue "Initialization of repository destination <destination_name> Failed: No user identity is configured".

S/4HANA Cloud, Private Edition version : 2022

Steps Followed:

1. Established the cloud connector setup with BTP Subaccount

2. Subscribed the SAP Identity service, connectivity plan to BTP subaccount based on IAS region

3. Created a dedicated destination with "RFC" as connection type with cloud connector information and checked the connection

4. Created Source system with type "SAP Application Server ABAP" and selected the destination (point3).

5. Created target system with type "SAP Build Work Zone, standard edition"

6. Performed the Read / Resync action from the Source system.

Thanks.