SAP Community - SAP BTP Security

BTP supports IPV6

2025-02-06T23:44:11.930000+01:00

Hello SAP Gurus,

Do you know if BTP is supporting IPV6 ? I've tried to find sap notes but there are not found the exact asnwer.

Thanks in adance!

Regards,

Anderson CM.

I am facing errors in opening the Build Apps Editor.

2025-02-11T20:15:47.230000+01:00

I was trying to open the old projects of mine created a week ago and received the Unauthorized error.

Thereafter, I also tried manually configuring the Roles and also tried reinstalling the booster, the same issue persists. Two days ago I saw an error in the Backend Database, and today this occurred.

I have also cleared cache and opened it in the Incognito; seems to be an issue at SAP side. Let me also know if you're also encountering similar issues. Can any one support me from SAP or the community resolving this issue?

Below is the screenshot of the issue I'm facing at the moment!

Thanks & Regards,

Ananthu

Delivery-SAP Tower

Recreation of deleted BTP subaccount possible?

2025-02-13T15:22:34.209000+01:00

Hello, I just would like to know if it is possible to restore a (potentially by mistake) deleted subaccount as a whole?
I mean restore everything from cf spaces to destination configuration, trust and user management, service instances and so on.
Which methods of restoring subaccounts does SAP provide for admins?

------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

How to delete roles from BTP subaccount cockpit?

2025-02-18T14:25:22.250000+01:00

I want to delete roles in the BTP subaccount cockpit, but the deletion is disabled.

CAP Multitenancy failing on subscription - subscriptionAppName Not Exist

2025-02-19T19:18:17.410000+01:00

I have a multitenant CAP application. I deployed it in Provider Subaccount(Cloudfoundry), and the deployment is success. Then tried to subscribe to the Application in Subscriber Subaccount, I am getting subscription failed. Then checked the logs in Service, it says subscriptionAppName Not exist in SubscriptionPayload.

Below is my mta file.

## MTA for Backend

_schema-version: '3.1'
ID: TestFinanceApps
version: 1.0.0
description: "Test Finance Applications API."
parameters:
  enable-parallel-deployments: true
build-parameters:
  before-all:
    - builder: custom
      commands:
      - npm run buildcapfrommta
modules:
  - name: TestFinanceApps-srv
    type: nodejs
    path: ../gen/srv
    parameters:
      buildpack: nodejs_buildpack
      memory: 768M
      disc-quota: 1024M
      stack: cflinuxfs4
      command: node node_modules/@sap/cds/bin/serve.js
    build-parameters:
      ignore:
        - 'node_modules'
        - '*node_modules*'
        - '.env'
        - 'default-*.json'
      builder: npm
    provides:
      - name: mtx-api # required by consumers of CAP services (e.g. approuter)
        properties:
          mtx-url: ${default-url}
    requires:
      - name: uaa-TestFinanceApps
      - name: mtxdb-TestFinanceApps
      - name: destination-TestFinanceApps
      - name: registry-TestFinanceApps
      - name: Test-common-events
      - name: connectivity-TestFinanceApps
      - name: app-api
        properties:
          SUBSCRIPTION_URL: "~{app-protocol}://\\${tenant_subdomain}-~{app-uri}"
  - name: TestFinanceApps-router
    type: approuter.nodejs
    path: ../app/Testfinanceapplicationsrouter/
    build-parameters:
      ignore:
        - 'node_modules'
        - '*node_modules*'
        - '.env'
        - 'default-*.json'
      builder: npm-ci
    properties:
      TENANT_HOST_PATTERN: '^(.*)-${default-uri}'
    parameters:
      keep-existing-routes: true
      stack: cflinuxfs4
      disk-quota: 256M
      memory: 256M
    requires:
      - name: mtx-api
        group: destinations
        properties:
          name: mtx-api # must be used in xs-app.json as well
          url: '~{mtx-url}'
          forwardAuthToken: true
      - name: uaa-TestFinanceApps
    provides:
      - name: app-api
        properties:
          app-protocol: '${protocol}'
          app-uri: '${default-uri}'

resources:
  - name: registry-TestFinanceApps
    type: org.cloudfoundry.managed-service
    requires:
      - name: mtx-api
    parameters:
      service: saas-registry
      service-plan: application
      config:
        xsappname: 'TestFinanceApps-${org}-${space}'
        appName: TestFinanceApps
        displayName: Test(Dev) Platform 3.0 Finance Applications
        description: Test(Dev) The Insurance Operating System
        category: Test-DEV
        appUrls:
          getDependencies: '~{mtx-api/mtx-url}/getDependencies'
          onSubscription: '~{mtx-api/mtx-url}/-/cds/saas-provisioning/tenant/{tenantId}'
          onSubscriptionAsync: false
          onUnSubscriptionAsync: false
          callbackTimeoutMillis: 300000
    parameters-metadata:
      config:
        overwritable: true       
  - name: uaa-TestFinanceApps
    type: org.cloudfoundry.managed-service
    parameters:
      service: xsuaa
      service-plan: application
      path: ./xs-security.json
      config:
        xsappname: 'TestFinanceApps-${org}-${space}'
        tenant-mode: shared
  - name: mtxdb-TestFinanceApps
    type: org.cloudfoundry.managed-service
    parameters:
      service: service-manager
      service-plan: container
  - name: destination-TestFinanceApps
    type: org.cloudfoundry.managed-service
    parameters:
      service: destination
      service-plan: lite
      service-name: destination-TestFinanceApps
      service-keys:
        - name: destination-TestFinanceApps-service-key
      config:
        version: 1.0.0
  - name: Test-common-events
    type: org.cloudfoundry.existing-service
  - name: connectivity-TestFinanceApps
    type: org.cloudfoundry.managed-service
    parameters:
      service: connectivity
      service-plan: lite
      service-name: connectivity-TestFinanceApps
      service-keys:
        - name: connectivity-TestFinanceApps-service-key
      config:
        version: 1.0.0

Below is my mta extension file.

_schema-version: '3.1'
ID: TestFinanceApps.qa-ext
extends: TestFinanceApps 

resources:
  # ------------------- Registry service for subscription ----------
  - name: registry-TestFinanceApps
    type: org.cloudfoundry.managed-service
    requires:
      - name: mtx-api
    parameters:
      service: saas-registry
      service-plan: application
      config:
        xsappname: 'TestFinanceApps-${org}-${space}'
        appName: Test-apps-financeapps-qa
        displayName: Test(QA) Platform 3.0 Finance Applications
        description: Test(QA) The Insurance Operating System
        category: Test-QA
        appUrls:
          getDependencies: '~{mtx-api/mtx-url}/getDependencies'
          onSubscription: '~{mtx-api/mtx-url}/-/cds/saas-provisioning/tenant/{tenantId}'
          onSubscriptionAsync: false
          onUnSubscriptionAsync: false
          callbackTimeoutMillis: 300000 # Increase if your deployments are taking longer than that

Below is the log on subscription

Retrieving logs for app testFinanceApps-srv in org aqa01-qa / space Quality as a.ran@testdn.com...

   2025-02-19T18:03:28.61+0000 [APP/PROC/WEB/0] OUT {"level":"info","logger":"telemetry","timestamp":"2025-02-19T18:03:28.610Z","layer":"cds","component_type":"application","container_id":"10.0.201.42","component_id":"61694a0f-152a-4409-93d3-4599d7999b52","component_name":"testFinanceApps-srv","component_instance":0,"source_instance":0,"organization_name":"aqa01-qa","organization_id":"862117b4-663d-4e9d-97e6-bca8e467f9dd","space_name":"Quality","space_id":"9b2a1d05-8135-4b80-a1b2-613a85c9d7c8","msg":"db.pool of tenant \"t0\":\n     size | available | pending\n    0/300 |       0/0 |       0","type":"log"}
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT {
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT host: 'aqa01-qa-quality-testfinanceapps-srv.cfapps.eu10-004.hana.ondemand.com',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'user-agent': 'Java/17.0.9',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT accept: 'application/json, application/*+json',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT b3: '1c02ae64bab148ad5541277f461c0bf2-5541277f461c0bf2',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT traceparent: '00-784695ee9fce7683f80f27ef0ee40ca3-6bf49d4a25ddc1b4-01',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT tracestate: 'ac6a3d2a-69d2b3b0@dt=fw4;22;c51948e6;286a8;3;0;0;390;ec74;2h01;3hc51948e6;4h0286a8;5h01',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-b3-spanid': '5541277f461c0bf2',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-b3-traceid': '1c02ae64bab148ad5541277f461c0bf2',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-cf-applicationid': '61694a0f-152a-4409-93d3-4599d7999b52',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-cf-instanceid': '83ce429d-1c79-4ce5-4680-f32f',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-cf-instanceindex': '0',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-correlationid': '1684c96e-c5eb-4a74-72a9-d51b0fbaff1f',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-dynatrace': 'FW4;1775416240;34;-988198682;165544;3;-1402323670;912;ec74;2h01;3hc51948e6;4h0286a8;5h01',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-forwarded-for': '3.67.246.74, 10.0.200.0',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-forwarded-proto': 'https',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-request-start': '1739988247397',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-scp-request-id': '771d4b8a-dfd5-4f37-8b2f-50c0d47442a6-67B61D17-1D8E81E',
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT 'x-vcap-request-id': '1c02ae64-bab1-48ad-5541-277f461c0bf2'
   2025-02-19T18:04:07.40+0000 [APP/PROC/WEB/0] OUT }
   2025-02-19T18:04:07.40+0000 [RTR/5] OUT aqa01-qa-quality-testfinanceapps-srv.cfapps.eu10-004.hana.ondemand.com - [2025-02-19T18:04:07.397578723Z] "GET /getDependencies?tenantId=1x12x1ae-4d11-4754-99ec-8be297d9e797 HTTP/1.1" 200 0 173 "-" "Java/17.0.9" "10.0.200.0:41872" "10.0.201.42:61081" x_forwarded_for:"3.67.246.74, 10.0.200.0" x_forwarded_proto:"https" vcap_request_id:"1c02ae64-bab1-48ad-5541-277f461c0bf2" response_time:0.009406 gorouter_time:0.000126 app_id:"61694a0f-152a-4409-93d3-4599d7999b52" app_index:"0" instance_id:"83ce429d-1c79-4ce5-4680-f32f" failed_attempts:0 failed_attempts_time:"-" dns_time:0.000000 dial_time:0.001241 tls_time:0.003462 backend_time:0.009280 x_cf_routererror:"-" x_correlationid:"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f" tenantid:"-" sap_passport:"-" x_scp_request_id:"771d4b8a-dfd5-4f37-8b2f-50c0d47442a6-67B61D17-1D8E81E" x_cf_app_instance:"-" x_forwarded_host:"-" x_custom_host:"-" x_ssl_client:"-" x_ssl_client_session_id:"-" x_ssl_client_verify:"-" x_ssl_client_subject_dn:"-" x_ssl_client_subject_cn:"-" x_ssl_client_issuer_dn:"-" x_ssl_client_notbefore:"-" x_ssl_client_notafter:"-" x_cf_forwarded_url:"-" traceparent:"00-784695ee9fce7683f80f27ef0ee40ca3-6bf49d4a25ddc1b4-01" true_client_ip:"-" x_request_id:"-" x_b3_traceid:"1c02ae64bab148ad5541277f461c0bf2" x_b3_spanid:"5541277f461c0bf2" x_b3_parentspanid:"-" b3:"1c02ae64bab148ad5541277f461c0bf2-5541277f461c0bf2"
   2025-02-19T18:04:13.58+0000 [APP/PROC/WEB/0] OUT {"level":"info","logger":"rest","correlation_id":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","tenant_id":"sap-provisioning","host":"aqa01-qa-quality-testfinanceapps-srv.cfapps.eu10-004.hana.ondemand.com","user_agent":"Java/17.0.9","content_length":"1116","request_size_b":"1116","accept":"text/plain, application/json, application/*+json, */*","authorization":"***","b3":"b81bb04c22534e9669e773f080e2f9ab-69e773f080e2f9ab","content_type":"application/json","sap_passport":"1B54482A0300E6890A736161732D7265676973747279000000000000000000000000000000000000000000612E726176696368616E6472616E4061746F6D646E2E636F6D0000000000000073756273637269626500000000000000000000000000000000000000000000000000000000000000000B736161732D7265676973747279000000000000000000000000000000000000004636444235393131444643303438333438363039444434463146434236423531000000001476967E30F24A4813A4F99A12C3122CF0AC094888B5994420A2098CA9EA65B26B00000001000000001B54482A","traceparent":"00-784695ee9fce7683f80f27ef0ee40ca3-4f09cca11bb4d134-01","w3c_traceparent":"00-784695ee9fce7683f80f27ef0ee40ca3-4f09cca11bb4d134-01","tracestate":"ac6a3d2a-69d2b3b0@dt=fw4;22;c51948e6;286a8;44;0;0;390;ec74;2h01;3hc51948e6;4h0286a8;5h01","x_b3_spanid":"69e773f080e2f9ab","x_b3_traceid":"b81bb04c22534e9669e773f080e2f9ab","x_cf_applicationid":"61694a0f-152a-4409-93d3-4599d7999b52","x_cf_instanceid":"83ce429d-1c79-4ce5-4680-f32f","x_cf_instanceindex":"0","x_correlationid":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","x_dynatrace":"FW4;1775416240;34;-988198682;165544;68;-1402323670;912;ec74;2h01;3hc51948e6;4h0286a8;5h01","x_forwarded_for":"3.67.246.74, 10.0.200.0","x_forwarded_proto":"https","x_request_start":"1739988253569","x_scp_request_id":"771d4b8a-dfd5-4f37-8b2f-50c0d47442a6-67B61D1D-1D8F9A9","x_vcap_request_id":"b81bb04c-2253-4e96-69e7-73f080e2f9ab","request_id":"b81bb04c-2253-4e96-69e7-73f080e2f9ab","x_correlation_id":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","timestamp":"2025-02-19T18:04:13.579Z","layer":"cds","component_type":"application","container_id":"10.0.201.42","component_id":"61694a0f-152a-4409-93d3-4599d7999b52","component_name":"testFinanceApps-srv","component_instance":0,"source_instance":0,"organization_name":"aqa01-qa","organization_id":"862117b4-663d-4e9d-97e6-bca8e467f9dd","space_name":"Quality","space_id":"9b2a1d05-8135-4b80-a1b2-613a85c9d7c8","tenant_subdomain":"sap-provisioning","msg":"PUT /-/cds/saas-provisioning/tenant/1x12x1ae-4d11-4754-99ec-8be297d9e797 ","type":"log"}
   2025-02-19T18:04:13.58+0000 [APP/PROC/WEB/0] ERR {"level":"warn","logger":"cds","correlation_id":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","tenant_id":"sap-provisioning","host":"aqa01-qa-quality-testfinanceapps-srv.cfapps.eu10-004.hana.ondemand.com","user_agent":"Java/17.0.9","content_length":"1116","request_size_b":"1116","accept":"text/plain, application/json, application/*+json, */*","authorization":"***","b3":"b81bb04c22534e9669e773f080e2f9ab-69e773f080e2f9ab","content_type":"application/json","sap_passport":"1B54482A0300E6890A736161732D7265676973747279000000000000000000000000000000000000000000612E726176696368616E6472616E4061746F6D646E2E636F6D0000000000000073756273637269626500000000000000000000000000000000000000000000000000000000000000000B736161732D7265676973747279000000000000000000000000000000000000004636444235393131444643303438333438363039444434463146434236423531000000001476967E30F24A4813A4F99A12C3122CF0AC094888B5994420A2098CA9EA65B26B00000001000000001B54482A","traceparent":"00-784695ee9fce7683f80f27ef0ee40ca3-4f09cca11bb4d134-01","w3c_traceparent":"00-784695ee9fce7683f80f27ef0ee40ca3-4f09cca11bb4d134-01","tracestate":"ac6a3d2a-69d2b3b0@dt=fw4;22;c51948e6;286a8;44;0;0;390;ec74;2h01;3hc51948e6;4h0286a8;5h01","x_b3_spanid":"69e773f080e2f9ab","x_b3_traceid":"b81bb04c22534e9669e773f080e2f9ab","x_cf_applicationid":"61694a0f-152a-4409-93d3-4599d7999b52","x_cf_instanceid":"83ce429d-1c79-4ce5-4680-f32f","x_cf_instanceindex":"0","x_correlationid":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","x_dynatrace":"FW4;1775416240;34;-988198682;165544;68;-1402323670;912;ec74;2h01;3hc51948e6;4h0286a8;5h01","x_forwarded_for":"3.67.246.74, 10.0.200.0","x_forwarded_proto":"https","x_request_start":"1739988253569","x_scp_request_id":"771d4b8a-dfd5-4f37-8b2f-50c0d47442a6-67B61D1D-1D8F9A9","x_vcap_request_id":"b81bb04c-2253-4e96-69e7-73f080e2f9ab","request_id":"b81bb04c-2253-4e96-69e7-73f080e2f9ab","x_correlation_id":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","timestamp":"2025-02-19T18:04:13.583Z","msg":"Property \"subscriptionAppName\" does not exist in subscriptionPayload","status":400,"layer":"cds","component_type":"application","container_id":"10.0.201.42","component_id":"61694a0f-152a-4409-93d3-4599d7999b52","component_name":"testFinanceApps-srv","component_instance":0,"source_instance":0,"organization_name":"aqa01-qa","organization_id":"862117b4-663d-4e9d-97e6-bca8e467f9dd","space_name":"Quality","space_id":"9b2a1d05-8135-4b80-a1b2-613a85c9d7c8","tenant_subdomain":"sap-provisioning","type":"log"}
   2025-02-19T18:04:13.58+0000 [APP/PROC/WEB/0] ERR {"level":"warn","logger":"error","correlation_id":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","tenant_id":"sap-provisioning","host":"aqa01-qa-quality-testfinanceapps-srv.cfapps.eu10-004.hana.ondemand.com","user_agent":"Java/17.0.9","content_length":"1116","request_size_b":"1116","accept":"text/plain, application/json, application/*+json, */*","authorization":"***","b3":"b81bb04c22534e9669e773f080e2f9ab-69e773f080e2f9ab","content_type":"application/json","sap_passport":"1B54482A0300E6890A736161732D7265676973747279000000000000000000000000000000000000000000612E726176696368616E6472616E4061746F6D646E2E636F6D0000000000000073756273637269626500000000000000000000000000000000000000000000000000000000000000000B736161732D7265676973747279000000000000000000000000000000000000004636444235393131444643303438333438363039444434463146434236423531000000001476967E30F24A4813A4F99A12C3122CF0AC094888B5994420A2098CA9EA65B26B00000001000000001B54482A","traceparent":"00-784695ee9fce7683f80f27ef0ee40ca3-4f09cca11bb4d134-01","w3c_traceparent":"00-784695ee9fce7683f80f27ef0ee40ca3-4f09cca11bb4d134-01","tracestate":"ac6a3d2a-69d2b3b0@dt=fw4;22;c51948e6;286a8;44;0;0;390;ec74;2h01;3hc51948e6;4h0286a8;5h01","x_b3_spanid":"69e773f080e2f9ab","x_b3_traceid":"b81bb04c22534e9669e773f080e2f9ab","x_cf_applicationid":"61694a0f-152a-4409-93d3-4599d7999b52","x_cf_instanceid":"83ce429d-1c79-4ce5-4680-f32f","x_cf_instanceindex":"0","x_correlationid":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","x_dynatrace":"FW4;1775416240;34;-988198682;165544;68;-1402323670;912;ec74;2h01;3hc51948e6;4h0286a8;5h01","x_forwarded_for":"3.67.246.74, 10.0.200.0","x_forwarded_proto":"https","x_request_start":"1739988253569","x_scp_request_id":"771d4b8a-dfd5-4f37-8b2f-50c0d47442a6-67B61D1D-1D8F9A9","x_vcap_request_id":"b81bb04c-2253-4e96-69e7-73f080e2f9ab","request_id":"b81bb04c-2253-4e96-69e7-73f080e2f9ab","x_correlation_id":"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f","timestamp":"2025-02-19T18:04:13.584Z","layer":"cds","component_type":"application","container_id":"10.0.201.42","component_id":"61694a0f-152a-4409-93d3-4599d7999b52","component_name":"testFinanceApps-srv","component_instance":0,"source_instance":0,"organization_name":"aqa01-qa","organization_id":"862117b4-663d-4e9d-97e6-bca8e467f9dd","space_name":"Quality","space_id":"9b2a1d05-8135-4b80-a1b2-613a85c9d7c8","tenant_subdomain":"sap-provisioning","msg":"400 > {\n  code: '400',\n  message: 'Property \"subscriptionAppName\" does not exist in subscriptionPayload'\n}","type":"log"}
   2025-02-19T18:04:13.58+0000 [RTR/4] OUT aqa01-qa-quality-testfinanceapps-srv.cfapps.eu10-004.hana.ondemand.com - [2025-02-19T18:04:13.569315189Z] "PUT /-/cds/saas-provisioning/tenant/1x12x1ae-4d11-4754-99ec-8be297d9e797 HTTP/1.1" 400 1116 107 "-" "Java/17.0.9" "10.0.200.0:34804" "10.0.201.42:61081" x_forwarded_for:"3.67.246.74, 10.0.200.0" x_forwarded_proto:"https" vcap_request_id:"b81bb04c-2253-4e96-69e7-73f080e2f9ab" response_time:0.016296 gorouter_time:0.000086 app_id:"61694a0f-152a-4409-93d3-4599d7999b52" app_index:"0" instance_id:"83ce429d-1c79-4ce5-4680-f32f" failed_attempts:0 failed_attempts_time:"-" dns_time:0.000000 dial_time:0.001171 tls_time:0.003813 backend_time:0.016210 x_cf_routererror:"-" x_correlationid:"1684c96e-c5eb-4a74-72a9-d51b0fbaff1f" tenantid:"-" sap_passport:"1B54482A0300E6890A736161732D7265676973747279000000000000000000000000000000000000000000612E726176696368616E6472616E4061746F6D646E2E636F6D0000000000000073756273637269626500000000000000000000000000000000000000000000000000000000000000000B736161732D7265676973747279000000000000000000000000000000000000004636444235393131444643303438333438363039444434463146434236423531000000001476967E30F24A4813A4F99A12C3122CF0AC094888B5994420A2098CA9EA65B26B00000001000000001B54482A" x_scp_request_id:"771d4b8a-dfd5-4f37-8b2f-50c0d47442a6-67B61D1D-1D8F9A9" x_cf_app_instance:"-" x_forwarded_host:"-" x_custom_host:"-" x_ssl_client:"-" x_ssl_client_session_id:"-" x_ssl_client_verify:"-" x_ssl_client_subject_dn:"-" x_ssl_client_subject_cn:"-" x_ssl_client_issuer_dn:"-" x_ssl_client_notbefore:"-" x_ssl_client_notafter:"-" x_cf_forwarded_url:"-" traceparent:"00-784695ee9fce7683f80f27ef0ee40ca3-4f09cca11bb4d134-01" true_client_ip:"-" x_request_id:"-" x_b3_traceid:"b81bb04c22534e9669e773f080e2f9ab" x_b3_spanid:"69e773f080e2f9ab" x_b3_parentspanid:"-" b3:"b81bb04c22534e9669e773f080e2f9ab-69e773f080e2f9ab"

Package.json

{
  "name": "testFinanceApps",
  "version": "1.0.0",
  "description": "A simple CAP project.",
  "repository": "<Add your repository here>",
  "license": "UNLICENSED",
  "private": true,
  "dependencies": {
    "@cap-js-community/odata-v2-adapter": "^1.13.8",
    "@cap-js/telemetry": "^0.2.2",
    "@sap-cloud-sdk/http-client": "^3.12.1",
    "@sap-cloud-sdk/resilience": "^3.12.1",
    "@sap/cds": "^8.7.1",
    "@sap/cds-hana": "^2",
    "@sap/cds-mtxs": "^1.9",
    "@sap/xb-msg-amqp-v100": "^0.9.58",
    "@sap/xsenv": "^5.2.0",
    "@sap/xssec": "^3.6.0",
    "@ui5/cli": "^3.11.1",
    "cds-caching": "^0.2.1",
    "cds-swagger-ui-express": "^0.10.0",
    "express": "^4",
    "express-mock-server": "^3.4.3"
  },
  "devDependencies": {
    "@cap-js/sqlite": "^1",
    "@sap/cds-dk": "8.6.0",
    "@sap/eslint-plugin-cds": "^3.1.2",
    "@sap/ux-specification": "UI5-1.120",
    "cds-launchpad-plugin": "^2.1.8",
    "cfenv": "^1.2.4",
    "concurrently": "^8.2.2",
    "eslint": "^9.17.0",
    "eslint-plugin-security": "^3.0.1",
    "rimraf": "^5.0.5"
  },
  "scripts": {
    "start": "cds serve",
    "cdsrun": "cds serve"
  },
  "cds": {
    "db": {
      "[development]": {
        "kind": "sql"
      },
      "[production]": {
        "kind": "hana",
        "pool": {
          "acquireTimeoutMillis": 1e4
        }
      },
      "[test]": {
        "kind": "sql"
      }
    },
    "hana": {
      "deploy-format": "hdbtable"
    },
    "requires": {
      "[production]": {
        "messaging-ficacreate-response": {
          "kind": "enterprise-messaging-shared",
          "queue": {
            "name": "test/srv/events/fica-create-response"
          }
        }
      },
      "[hybrid]": {
        "messaging-ficacreate-response": {
          "kind": "enterprise-messaging-shared",
          "queue": {
            "name": "test/srv/events/fica-create-response"
          }
        }
      },
      "[test]": {
        "messaging-ficacreate-response": {
          "kind": "file-based-messaging",
          "queue": {
            "name": "test/srv/events/fica-create-response"
          }
        }
      },
      "approuter": {
        "kind": "cloudfoundry"
      },
      "auth": {
        "[production]": {
          "strategy": "JWT"
        },
        "[hybrid]": {
          "kind": "mock",
          "auth": {
            "kind": "basic-auth"
          },
          "users": {
            "alice": {
              "roles": [
                "test-finance-texting-admin",
                "test-finance-texting-read",
                "test-finance-ficadashboard-user"
              ]
            },
            "*": true
          }
        },
        "[test]": {
          "strategy": "mock",
          "auth": {
            "kind": "basic-auth"
          },
          "users": {
            "test": {
              "roles": [
                "finance-texting-read",
                "finance-texting-maintain",
                "finance-ficadashboard-user"
              ]
            },
            "*": true
          }
        }
      },
      "caching": {
        "impl": "cds-caching",
        "kind": "caching",
        "options": {
          "ttl": 360000
        },
        "namespace": "myCache",
        "compression": "lz4",
        "store": "memory"
      }
    },
    "sapux": [
      "app/textingapplication"
    ]
  }
}

Creating SAP BTP global account region based or global account cockpit(Global URL)

2025-03-04T09:23:21.020000+01:00

Dear Expert,

We are currently based in Thimphu, Bhutan, Asia, and using S/4HANA Private Cloud hosted on AWS in Singapore. We have set up the BTP Cockpit globally for the APAC and EMEA regions with the following URLs:

Recently, we received a notification from SAP stating that these URLs will be deprecated by March 31, 2025.

Could you please confirm whether we need to manually configure a global URL, or will the existing region-based URLs be automatically linked to a new global URL?

Looking forward to your guidance.

Thank you.

sap BTP BUILD Apps no authorization for ABAP System

2025-03-04T10:03:59.564000+01:00

Hi Team ,

In BTP cloud i have created destination for ABAP and connection is success and reachable .

The issue is from BUILD App , when trying to access the ABAP system via the destination created in BTP Cockpit we are getting below error .

Error message : "You don't have permission to access this system. Choose another system or reach out to your admin."

Please suggest solution .

Error Image:

Destination Detail

Cloud Transport Management Service -getting error while importing iFlow

2025-03-07T07:39:33.950000+01:00

Hi Experts,

I want to transport an iFlow, but when I tried to import it into the target environment using Cloud Transport Management, the following error occurred, and the transport failed.

Exception during start of deployment for deploy type 'SLP_CTS': Error during client creation: Not Found

Could you please tell me the cause and how to resolve it?

The Check Connection results for each Destination (Cloud Transport Management Service, ContentAgentService, ProcessIntegrationRuntime, and the Cloud Foundry API Endpoint of the target environment) are as follows.

If there is any missing information, please let me know.

Thanks in advance.

Ryoki

Use Destinations During Local Development for Second API

2025-03-07T08:34:45.604000+01:00

Hello all,

I am currently working on a UI module of a mta project.

In my application I have two APIs, the default OData service and a REST API and I have maintained instance level destinations in BTP and calling the APIs when the app is running on BTP is totally fine.

I followed this blog and maintained a subaccount level destination as I am using managed app router.

However, when I call the APIs during local development, only the OData is working but the REST API is returning a Http 401 error.

This is my ui5.yaml

  customMiddleware:
    - name: fiori-tools-proxy
      afterMiddleware: compression
      configuration:
        ignoreCertError: false # If set to true, certificate errors will be ignored. E.g. self-signed certificates will be accepted
        ui5:
          path:
            - /resources
            - /test-resources
          url: https://ui5.sap.com
        backend:
          - path: /odata
            url: <odata hostname>.com
          - path: /workflow/rest
            url: <REST API hostname>.com

My xs-app.json

  "routes": [
    {
      "source": "^/odata/v2/(.*)$",
      "target": "/odata/v2/$1",
      "destination": "odata_dest",
      "csrfProtection": false
    },  
    {
      "source": "^/workflow/(.*)$",
      "target": "/workflow/$1",
      "destination": "rest_api_dest",
      "csrfProtection": false
    }
  ]

The code to call the api

wfRequests = await Helper.callRest("/workflow/rest/v1/workflow-instances" + query, "GET");

Appreciate if you could provide me some input.

Best Regards,

how do we automate space & org members access in SAP BTP cockpit(Cloud foundry env)

2025-03-14T09:00:54.977000+01:00

needs options to automate BTP space & org member access either using some tools or in a different way to reduce manual intervention every time.

SAP BAS - BTP deploy failed: throw cds.error `Didn't find auth implementation for ${config}`

2025-03-20T07:46:07.939000+01:00

Team:

My projects were working at some point. Now, I downloaded from github and cannot be deployed OK. I created a new project and I received this error message:

throw cds.error `Didn't find auth implementation for ${config}`

In the past, I created .cdsrc.jos containing:

{

"requires": {

"auth": "none"

}

This used to by pass the authorisation checking. Sadly, something has change with security. I modified the MTA.YML and package.json to not use authority checking. The same error message.

Any help is welcome.

Error "403 Forbidden The request has been blocked by UCON" when creating Handling Unit in S4

2025-04-04T08:55:56.182000+02:00

Hi,

Context: I have a SAP DM enviroment integreated with S4 Public cloud.

Objective: Create a HU in S4 from a production process in SAP DM, API: SAP Business Accelerator Hub

Error: When I execute the API in a production process in SAP DM, I get a 403 Forbidden error (see image). Apparently, SAP UCON is blocking the request.

I tested the same autentification for getting the data from order in S4 and it was working (API:SAP Business Accelerator Hub).

How can I solve this problem?

Thanks for your help! 🙂

Separate Client Credentials in a Multitenant REST API Application on BTP from XSUAA Service

2025-04-15T21:29:25.766000+02:00

Hello SAP Community,

I’m encountering a challenge with our multi‑tenant application deployed on SAP BTP. Let me provide some context and describe the problem in detail:

Current Setup:

We have a Spring Boot Java application (not CAP-based) that exposes REST APIs with no frontend UI.
The app is made multi‑tenant.
For Authentication we use XSUAA service (with tenant-mode: shared) in the provider’s subaccount. This setup allows us to subscribe multiple customers to the application.
Currently, for a new customer subscription, the client ID and secret used for OAuth2 are created in the provider’s XSUAA instance. We create a new service key for each consumer and provide that to the customer for use. The customer uses the provided clientid/secret along with their subaccount's token endpoint to retrieve JWT Token and use it for accessing out APIs.
This approach works, but it is not secure enough because the same client credentials (client ID/secret) can be shared among different subscribers. In other words, if Customer A knows Customer B’s subaccount domain, they could potentially use their own credentials together with Customer B’s token URL and access data for Customer B.

Desired Outcome:

We want each consumer/subscriber to have their own, separate client ID and secret that are not shareable across tenants.
Our initial research indicated that using XSUAA with tenant-mode: external might provide this isolation (see SAP Documentation on Tenant Mode). But it did not work.
Alternatively, I also attempted to return XSUAA service details as a dependency during the subscription process (with tenant-mode: external), but that approach has not worked either.

Question:
How should a new consumer/subscriber correctly receive or be provisioned with their own dedicated client ID and secret for accessing our REST APIs? Is tenant-mode: external in XSUAA the recommended approach for this use case, and if so:

What are the exact steps or configuration changes needed to enable XSUAA (tenant-mode: external) so that the tokens issued include tenant-specific credentials?
Are there best practices or recommended workflows to securely provision unique client credentials per customer in a multi‑tenant scenario where the provider’s app is a pure REST API without a UI?

Any guidance, documentation, or examples you can provide would be greatly appreciated. Thank you for your assistance.

SAP BTP, Cloud Foundry runtime and environment SAP BTP Security

Trust Configuration" in SAP BTP Trial Account – Unable to Proceed with SAP Build Work Zone

2025-04-22T17:09:20.090000+02:00

Dear SAP Team,

I am using a SAP BTP trial account for learning purposes and, until recently, the "Trust Configuration" option was available under the Security menu. This allowed me to experiment with services such as SAP Build Work Zone – Standard Edition.

However, I’ve recently noticed that the Trust Configuration menu has disappeared, and I am now unable to complete the setup or activation of SAP Build Work Zone, as this service requires identity provider configuration.

Could you please confirm:

If this is a permanent change to trial accounts?
If there is any alternative way to continue learning or testing SAP Build Work Zone?
Whether switching to a Free Tier account would restore access to Trust Configuration?

Any clarification or advice would be greatly appreciated. Thank you very much in advance for your support.

Best regards,
Isidro

S/4 content federation to BTP

2025-04-30T12:35:07.593000+02:00

Hi All,

When i expose/update some S4 roles in the 2nd round, then the roles that were exposed in the 1st run are neither available in Content Provider nor in Site and nor in Role collection. Can you please advise if all roles will need to be exposed in every run.

Regards

Plaban

Is it possible to refer the SAP BTP standard roles in xs-security.json?

2025-05-07T10:54:48.601000+02:00

Is it possible to refer the SAP BTP standard roles in xs-security.json? We have set-up role collections manually referencing the standard role, however we are unable to refer standard role in xs-security.json. Every blog/github code is creating role template and then role collection referencing that collection. However I am trying to refer SAP roles as this will save lot of time.
Can someone please confirm if referencing SAP standard roles or role collections in xs-security.json is possible or not? If possible can someone share the code snippet how to refer the SAP standard roles or role collections in xs-security.json?

Express Node.js Multi-Tenant Backend Application with XSUAA on BTP - Non CAP based

2025-05-08T12:47:43.348000+02:00

Hi community,

I have created a Multi tenant SAAS application (Non-CAP NodeJS based) and have deployed this app to SAP BTP in the Provider subaccount. Along with the application I have the saas-registry instance and xsuaa instance created in my Provider subaccount. I am also able to subscribe to this application from the Consumer subaccount.

Current Status: So far, I have successfully implemented application subscription from tenant subaccounts using the saas-registry and an xsuaa instance. I’ve also implemented the necessary logic for subscribe and unsubscribe events in the backend.

Note: This is a pure backend application, and I am not using an Approuter, as there is no frontend component involved. The application is intended to be consumed by tenant-specific backend or frontend apps via API calls.

Problems:

When I subscribe app in consumer subaccount, the xsuaa instance (using tenant-mode as "shared in provider subaccount) is not automatically created in consumer subaccount.
To address this, I added event for getting dependencies while subscribing in backend the code is shown in below picture.
Also added "url" for "getDependencies" in "appUrls" and dependencies detail in SaaS configuration file as shown below.
After these changes, I tried subscribing to the app again from the consumer subaccount got an error shown below.

Asking for Suggestions:

How can I achieve the automatic creation of an XSUAA instance in the consumer subaccount when subscribing to the app, to ensure full isolation between consumer subaccounts?
If not then how can I achieve independent OAuth 2.0 Authentication for tenants specific to their subaccount?

Cannot unsubscribe after trying to subscribe

2025-05-15T18:52:14.854000+02:00

Couldn't unsubscribe from Integration Suite.

Try again. If the problem persists, please post a question to SAP Community.

That was my question.

thx, gm

Significance of Origin Key in BTP Trust, especially sap.custom

2025-05-16T03:04:27.298000+02:00

Hi all,

we are about to onboard SAP Digital Manufacturing. With this comes BTP and establishing trust between subaccount and Cloud Integration Services.

That being said, when using the "Establish Trust" wizard, the default value for "Origin Key" will be "sap.custom".

I know about the overall posibility to use multiple Origin Key values to separate different IdPs / trusts within one subaccount, something that is feasible but not the norm, see Using Multiple Identity Providers from the Same Subaccount, however, I'm unsure about the significance of the wizard's default value "sap.custom"

My questions

Is there some kind of built in "fallback" or hard wired lookup for "sap.custom"? In other words, would it be a bad idea to not have at least one entry with "sap.custom" (providing we are going the route of using Cloud Identity Services and not the default IdP)
For our use case we have SAP Digital Manufacturing deployed in the subaccount and nothing more. Am I right that in this case it might be just fine to stay with the "sap.custom" moniker or is it (when planning ahead) a good idea to apply a more meaningful naming convention? And if so, what should I name the darn thing then? cis_dev (for cloud identity services development environment / tier) or something else?

Many thanks and cheers

How to Export a role collection in SAP BTP?

2025-05-17T21:26:59.307000+02:00

Can we export role collections in BTP security?