cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to access CF XS Odata services in on-premise UI5 Applications

sucheno
Participant

on ‎09-17-2020 7:41 PM

0 Kudos

Hi,

We have UI5 application running on-premise and back end xsodata services are migrated to Cloud Foundry. (CF URLs use SAML authentication)

UI5 is currently using services from HANA on-premise, There is a web dispatcher which gets all UI5 back end calls routes them to on-prem HANA and now needs to be switched to services available on Cloud foundry.

Can you some suggest me how to configure cloud platform URLs to access from on-prem UI5 app?

Note: Calling Cloud foundry URLs directly from application is not allowed, It has to go through web dispatcher.

Thanks in advance,

Suchen.

Show replies
Show replies
gregorw
Active Contributor
‎09-17-2020 8:54 PM
0 Kudos

Can you please give additional details:

  1. Will parts of your solution remain on premise?
  2. You know that XS OData is in maintenance mode do you think about migrating to CAP?
  3. Do you use a Fiori Launchpad?
sucheno
Participant
‎09-18-2020 10:07 AM
0 Kudos

Hello gregor.wolf

1. Yes, at least for now as we are still validating possible options.

2. We see complications and more migration effort if we consider CAP at this moment. We are going to continue with XS OData from migration perspective at least.

3. Yes, we use Fiori Launchpad.

gregorw
Active Contributor
‎09-18-2020 12:35 PM
0 Kudos

Hi Suchen,

some follow-up question:

  1. How is the authentication done on premise? Also using SAML or do you authenticate the HANA users?
  2. Where is the Fiori Launchpad hosted? HANA, NetWeaver ABAP?
sucheno
Participant
‎09-18-2020 5:10 PM
0 Kudos

Hi gregorw,

1. Current on-premise authentication is with SAP logon ticket.

2. Fiori Launchpad is hosted on NetWeaver ABAP.

Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

gregorw
Active Contributor
‎09-19-2020 8:38 AM
0 Kudos

I think this two blog posts:

Set up CAP application behind SAP WebDispatcher

and

Setup an SCP App as a Tile on On-Premise Fiori

from krishnakishor.kammaje2 should help you to solve this.

Show replies
Show replies
Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎09-17-2020 9:24 PM
0 Kudos

Hi sucheno,

That's a weird setup. So, from what I could understand, all access has to go first to the SAP Web Dispatcher. In other words, SAP-WD is the main point of access to all applications. Once the user passes the SAP-WD it gains access to SAPUI5 application, correct?

And also, you say that the services the SAPUI5 consumes are no longer at the HANA on-premise. Instead you have moved them to the HANA Cloud Service, correct?

If my understanding is correct, then it all boils down to two topics:

1) SAP-WD is able to map an url suffix to a different system. In that case, you could have something like: <wd-hostname>:<wd-port>/xsodata and this would be forwarded to your HANA box. At your HANA box, your xsodata service will have to be set to public access (probably limited by the IP address of the SAP-WD). Please get in touch with the SAP-WD specialists for the configuration regarding the re-encryption scenario (which involves encrypting the request with the Hana Cloud certificate for the xsodata service).

2) Get the authentication going between your SAP-UI5 application and your HANA Services. Here is where it might get complicated. a) If you already use SAML authentication on-premise, then you might want to consider to use the same SAML IdP on the HANA Cloud instance. That way, you must ensure that the SAML Assertion Token gets forwarded by SAP-WD. That would be the easy way. b) Another way is to use OAuth2 authentication. This approach would require you to develop a proxy application for the Odata service that would deal with the retrieval of an OAuth2 token from SCP so your xsodata could be called from your on-premise system. In that case, your SAPUI5 application would require to make a call to the proxy app instead of the xsodata.

a) Browser --> IdP --> SAP-WD --> SAPUI5
                              --> /xsodata --> SAP-WD --> HANA Cloud
b) Browser --> SAP-WD --> SAPUI5
                      --> /xsodata --> SAP-WD --> Proxy --> HANA Cloud

These are just suggestions, you would really need to get a professional consultant to tell you other methods or options you may have based on other information, etc.

Hope this helps!

Best regards,
Ivan

Show replies
Show replies
sucheno
Participant
‎09-18-2020 10:26 AM
0 Kudos

Thanks ivan.mirisola for your suggestions. I am validating these options with WD specialists.

Current setup is as below.

Browser --> SAP-WD --> SAPUI5
                   --> /xsodata --> SAP-WD --> HANA 1.0
Ivan-Mirisola
Product and Topic Expert
Product and Topic Expert
‎09-21-2020 5:32 PM
0 Kudos

Hi sucheno,

The following WD configuration will allow your to call your SCP application via an HTTP Proxy server:

wdisp/system_1 = SID=SA1, EXTSRV=http://external.server.com:80, SRCURL=/external_path, SRCSRV=*:*, PROXY=myproxy.com:8080

Please see the following note on details about the sub-parameter PROXY:

https://launchpad.support.sap.com/#/notes/1971571/E

Hope this helps!

Best regards,
Ivan

Ask a Question