on 09-17-2020 7:41 PM
Hi,
We have UI5 application running on-premise and back end xsodata services are migrated to Cloud Foundry. (CF URLs use SAML authentication)
UI5 is currently using services from HANA on-premise, There is a web dispatcher which gets all UI5 back end calls routes them to on-prem HANA and now needs to be switched to services available on Cloud foundry.
Can you some suggest me how to configure cloud platform URLs to access from on-prem UI5 app?
Note: Calling Cloud foundry URLs directly from application is not allowed, It has to go through web dispatcher.
Thanks in advance,
Suchen.
I think this two blog posts:
Set up CAP application behind SAP WebDispatcher
and
Setup an SCP App as a Tile on On-Premise Fiori
from krishnakishor.kammaje2 should help you to solve this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi sucheno,
That's a weird setup. So, from what I could understand, all access has to go first to the SAP Web Dispatcher. In other words, SAP-WD is the main point of access to all applications. Once the user passes the SAP-WD it gains access to SAPUI5 application, correct?
And also, you say that the services the SAPUI5 consumes are no longer at the HANA on-premise. Instead you have moved them to the HANA Cloud Service, correct?
If my understanding is correct, then it all boils down to two topics:
1) SAP-WD is able to map an url suffix to a different system. In that case, you could have something like: <wd-hostname>:<wd-port>/xsodata and this would be forwarded to your HANA box. At your HANA box, your xsodata service will have to be set to public access (probably limited by the IP address of the SAP-WD). Please get in touch with the SAP-WD specialists for the configuration regarding the re-encryption scenario (which involves encrypting the request with the Hana Cloud certificate for the xsodata service).
2) Get the authentication going between your SAP-UI5 application and your HANA Services. Here is where it might get complicated. a) If you already use SAML authentication on-premise, then you might want to consider to use the same SAML IdP on the HANA Cloud instance. That way, you must ensure that the SAML Assertion Token gets forwarded by SAP-WD. That would be the easy way. b) Another way is to use OAuth2 authentication. This approach would require you to develop a proxy application for the Odata service that would deal with the retrieval of an OAuth2 token from SCP so your xsodata could be called from your on-premise system. In that case, your SAPUI5 application would require to make a call to the proxy app instead of the xsodata.
a) Browser --> IdP --> SAP-WD --> SAPUI5
--> /xsodata --> SAP-WD --> HANA Cloud
b) Browser --> SAP-WD --> SAPUI5
--> /xsodata --> SAP-WD --> Proxy --> HANA Cloud
These are just suggestions, you would really need to get a professional consultant to tell you other methods or options you may have based on other information, etc.
Hope this helps!
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi sucheno,
The following WD configuration will allow your to call your SCP application via an HTTP Proxy server:
wdisp/system_1 = SID=SA1, EXTSRV=http://external.server.com:80, SRCURL=/external_path, SRCSRV=*:*, PROXY=myproxy.com:8080
Please see the following note on details about the sub-parameter PROXY:
https://launchpad.support.sap.com/#/notes/1971571/E
Hope this helps!
Best regards,
Ivan
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.