One of the most common extension pattern in SAP Sales and Service Cloud Version 2 are UI Mashups. The general guidance on UI Mashups is to use the same identity provider for SAP Sales and Service Cloud Version 2 and the mashup. This way, users will not have to login twice and can directly consume the mashup.
For API Calls towards SAP Sales and Service Cloud Version 2, we recommend to use the SAP BTP Destination service. Using the OAuth2SAMLBearerAssertion allows the extension to retrieve an SAP Sales and Service Cloud Version 2 API Token to do API calls in context of the user. This will ensure the User can only see and manipulate data he is entitled to access. Also the correct user context is used for write requests to ensure a propper audit trail.
Architecture
{
"xsappname": "case-list",
"tenant-mode": "dedicated",
"scopes": [
{
"name": "$XSAPPNAME.read",
"description": "With this scope, USER can read cases."
},
{
"name": "$XSAPPNAME.write",
"description": "With this scope, USER can write cases."
}
],
"role-templates": [
{
"name": "Viewer",
"description": "Role to get the list of cases",
"scope-references": [
"$XSAPPNAME.read"
]
},
{
"name": "Writer",
"description": "Role to get change cases",
"scope-references": [
"$XSAPPNAME.write"
]
}
],
"role-collections": [
{
"name": "CaseListViewer",
"description": "Case List Viewer",
"role-template-references": [
"$XSAPPNAME.Viewer"
]
},
{
"name": "CaseWriter",
"description": "Case Writer",
"role-template-references": [
"$XSAPPNAME.Writer"
]
}
],
"oauth2-configuration":
{
"redirect-uris": ["https://approuter-case-list-joek001.cfapps.us10-001.hana.ondemand.com/login/callback"]
}
}
cf create-service xsuaa application xsuaa-service-tutorial -c security/xs-security.json
{ "routes": [ { "source": "^/cases", "target": "/", "destination": "cases-destination", "csrfProtection": false } ], "cors": [ { "uriPattern": "^/cases1$", "allowedOrigin": [ { "host": "my1000335.de1.test.crm.cloud.sap", "protocol": "https" } ] } ] }xs-app.json
... # Application Router - name: approuter path: ./approuter routes: - route: approuter-case-list-joek001.cfapps.us10-001.hana.ondemand.com buildpacks: - nodejs_buildpack memory: 128M services: - xsuaa-service env: destinations: > [ {"name":"cases-destination", "url":"https://cases-joek001.cfapps.us10-001.hana.ondemand.com", "forwardAuthToken": true} ] SEND_XFRAMEOPTIONS: false COOKIES: "{ \"SameSite\":\"None\" }"
cf create-service destination lite destination-service
const response = await client.executeHttpRequest({destinationName: "service-cloud", jwt: req.tokenInfo.getTokenValue()}, { method: 'get', url: `/sap/c4c/api/v1/case-service/cases?$filter=(isIrrelevant%20eq%20null%20or%20isIrrelevant%20eq%20false)%20and%20(account.displayId%20eq%20${accountId})%20and%20(status%20ne%2007)&$orderby=adminData.updatedOn%20desc` });
For the UI you need to ensure you are using the same IDP than the SAP Sales and Service Cloud V2. As the server side is taking care of the token exchange, there is no destination service specific code required.
The Application Code is deployed as another Cloud Foundry Application, which is referencing the destination and xsuaa service.
# Product List Application
- name: cases
path: ./cases
instances: 1
memory: 128M
routes:
- route: cases-joek001.cfapps.us10-001.hana.ondemand.com
buildpacks:
- nodejs_buildpack
timeout: 180
services:
- xsuaa-service
- destination-service
# Application Router
...
The deployment is done with a simple cf push.
Integration the mashup in SAP Sales and Service Cloud V2 is a simple process.
After we integrated the mashup on the page, we are testing the Mashup. As we are already logged in via the IdP there is no dedicated Login Screen shown. As soon as we are clicking the "Escalate" button, the case is escalated. The change history contains a personal user. Also the case list is filtered based on the access rights of the user.
In this blog post, we have created an application, which is secured using the application router and XSUAA. We created an Destination for SAP Sales and Service Cloud V2 and used the Destination Service to call the case API. At the end, we tested, that calls to the SAP Sales and Service Cloud V2 API are done on behalf of the Business User and that the correct user is used in the change log.
If we review the steps we have done to build the extension, we observe, that many steps are configurations, which needs to be done once. As soon as the infrastructure is configured, we can simply add more use-cases with low effort. For implementation projects it is now important to consider the infrastructure setup at the beginning of the project. This will allow to react agile on upcoming development needs during the project execution.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
9 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |