BTP – nocin.eu

BTP

[BTP] SAP BTP FAQs

December 5, 2024 December 5, 2024

Great collection of BTP FAQs:

SAP BTP FAQs – Part 1 (General Topics in SAP BTP)

SAP BTP FAQs – Part 2 (Application Development, Programming Models and Multitenancy)

SAP BTP FAQs – Part 3 (Security)

SAP BTP FAQs – Part 4 (DevOps)

SAP BTP FAQs – Part 5 (Side by side Extensibility)

BTP

[BTP] Retrieve details of the logged-in user from the identity provider

June 10, 2024 June 10, 2024

This URL will return details about the logged-in user. The identity provider can either be the default or a custom identity provider configured in the BTP Trust Configuration. The response will differ for OpenID Connect and SAML protocol.

https://<domain>.authentication.<region>.hana.ondemand.com/config?action=who&details=true

BTP, CAP

[BTP] Get access token for specific tenant in a multitenant scenario using http rest client

June 5, 2024 June 5, 2024

https://docs.cloudfoundry.org/api/uaa/version/4.6.0/index.html#password-grant

# url from XSUAA Service Key, but replace in the url the provider subdomain with the consumer subdomain (the tenant you want to call)
@xsuaaUrl = {{$dotenv xsuaaUrl}}
# clientid from XSUAA Service Key
@xsuaaClientId = {{$dotenv xsuaaClientId}}
# clientsecret from XSUAA Service Key
@xsuaaClientSecret = {{$dotenv xsuaaClientSecret}}

@username = {{$dotenv btp_username}}
@password = {{$dotenv btp_password}}

### Get Access Token for Cloud Foundry using Password Grant with BTP default IdP
# @name getXsuaaToken
POST {{xsuaaUrl}}/oauth/token
Accept: application/json
Authorization: Basic {{xsuaaClientId}}:{{xsuaaClientSecret}}
Content-Type: application/x-www-form-urlencoded

grant_type=password
&username={{username}}
&password={{password}}
&response_type=token

### Store access token 
@access_token = {{getXsuaaToken.response.body.$.access_token}}

BTP

[BTP] How to use the refresh_token to get a new valid access_token

June 1, 2024 June 6, 2024

https://oauth.net/2/refresh-tokens

https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token

https://docs.cloudfoundry.org/api/uaa/version/4.6.0/index.html#refresh-token

# url from XSUAA Service Key
@xsuaaUrl = {{$dotenv xsuaaUrl}}
# clientid from XSUAA Service Key
@xsuaaClientId = {{$dotenv xsuaaClientId}}
# clientsecret from XSUAA Service Key
@xsuaaClientSecret = {{$dotenv xsuaaClientSecret}}

#==================================================================#

### Get Access Token for Cloud Foundry using Grant Type Password with BTP default IdP 
# @name token_response
POST {{xsuaaUrl}}/oauth/token
Authorization: Basic {{xsuaaClientId}}:{{xsuaaClientSecret}}
Accept: application/json;charset=utf8
Content-Type: application/x-www-form-urlencoded

grant_type=password
&username={{$dotenv btp_username}}
&password={{$dotenv btp_password}}
&response_type=token

### Store access token and refresh token
@access_token = {{token_response.response.body.$.access_token}}
@refresh_token = {{token_response.response.body.$.refresh_token}}


### Use Refresh Token
# @name token_response
POST {{xsuaaUrl}}/oauth/token
Authorization: Basic {{xsuaaClientId}}:{{xsuaaClientSecret}}
Accept: application/json;charset=utf8
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token
&refresh_token={{refresh_token}}

### Store access token and refresh token
@access_token = {{token_response.response.body.$.access_token}}
@refresh_token = {{token_response.response.body.$.refresh_token}}

BTP

[BTP] cf top

November 10, 2023 November 10, 2023

Handy cli tool to monitor your applications and resource usage.

https://github.com/ECSTeam/cloudfoundry-top-plugin

BTP, SuccessFactors

[Cloud Identity Services] Assign SuccessFactors user to IAS group via transformation

June 14, 2023 June 14, 2023

Source System: SuccessFactors
Target System: Identity Authentication

When using ias.api.version 1

https://blogs.sap.com/2021/03/29/ias-integration-with-sap-successfactors-application-2-sync-users-using-identity-provisioning-serviceips/

            {
                "condition": "$.emails[0].value =~ /.*@abc.com.*/",
                "constant": "DEV_IDP1",
                "targetPath": "$.groups[0].value"
            },
            {
                "condition": "$.emails[0].value =~ /.*@def.com.*/",
                "constant": "DEV_AzureAD",
                "targetPath": "$.groups[1].value"
            },

When using ias.api.version 2

https://help.sap.com/docs/identity-provisioning/identity-provisioning/enabling-group-assignment

         {
            "condition":"($.emails EMPTY false)",
            "constant":[
               {
                  "id":"00f8ab94-a732-48fa-9169-e51f87b8dcd5"
               },
               {
                  "id":"01231139-4711-4a28-8f9d-6745843ef716"
               }
            ],
            "targetVariable":"assignGroup"
         }

BTP, SuccessFactors

[BTP] Create sap-successfactors-extensibility service providing a technicalUser

February 2, 2023 October 30, 2023

Prerequisite, you have registered an SAP SuccessFactors system in your Global Account (see here). Creating the sap-successfactors-extensibility service can be done via command line:

#Created the service instance
#An HTTP destination on a subaccount level with the same name as the service instance name is automatically generated
cf create-service sap-successfactors-extensibility api-access myInstanceName -c '{"systemName": "SFCPART000000","technicalUser": "sfadmin"}'

#Bind the instance to an application
cf bind-service myApp-srv myInstanceName

Find an explanation of the parameters here: https://help.sap.com/docs/btp/sap-business-technology-platform/authentication-type-json-file

This service instance will result in creating:

a separate OAuth2 client application on SFSF side (can find in SF in Manage OAuth2 Client Applications)
a separate destination definition on a BTP sub-account level

The technicalUser parameter can be specified only during creation. There is no possibility to provide it afterwards using cf update-service. It may be possible to manually update the technicalUser in the destination, which got automatically created. But I did not test this yet.

Of course, the same service creation can also be done via mta.yaml.

resources:
 #####################################################################################################################
  # SuccessFactors Extensibility Service
  #####################################################################################################################
  - name: myInstanceName 
    type: org.cloudfoundry.managed-service
    #type: org.cloudfoundry.existing-service
    parameters:
      service: sap-successfactors-extensibility
      service-plan: api-access
      config:
        systemName: SFCPART000000 # <-- Provide your system name
        technicalUser: sfadmin

For initial deployment, you need the line type: org.cloudfoundry.managed-service. For all further deployments, you have to comment that line out and comment in the next line type: org.cloudfoundry.existing-service. Else you will receive an error. Read more about that behavior here:https://github.com/SAP-samples/successfactors-extension-calculate-employee-seniority/issues/2

BTP

[BTP] Difference between Platform Users and Business Users

March 13, 2021 October 20, 2021

https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/cc1c676b43904066abb2a4838cbd0c37.html

“Platform users are usually developers, administrators or operators who deploy, administer, and troubleshoot applications and services on SAP BTP.”

“Business users use the applications that are deployed to SAP BTP. For example, the end users of your deployed application or users of subscribed apps or services, such as SAP Business Application Studio or SAP Web IDE, are business users.”