BTP Neo to Cloud Foundry ADS Migration.

Forms Service by Adobe:

Adobe Forms Service in SAP Business Technology Platform (BTP) is a cloud-based service that allows organizations to create, manage, and process interactive forms efficiently.

The primary reason for migrating from SAP Neo to SAP Cloud Foundry is that SAP Neo is being decommissioned. As SAP focuses its future development and support on Cloud Foundry, Neo will no longer be actively maintained or receive new updates. Migrating to Cloud Foundry ensures continued access to new features, improvements, and support within the SAP Business Technology Platform (BTP).

1.In existing Neo Environment, Create a Subaccount for ADS

2.Goto Subaccount you have Created -> Entitlements -> Edit -> Add Service Plan -> Search Forms Service by Adobe

2.1 Add these below Service Plans
             Standard
             Default (Application)

3.Goto Subaccount -> Enable Cloud Foundry Environment
Since no services won’t support in NEO environment, enable cloud foundry

4.In right Pane, you can able to see Create Space-> Give the name and assign the specific roles mentioned

5.Upon Creation of the Space, in top right Create Instance for the plan Standard and Default

6.Upon Subscribing to the Forms Service by Adobe, assign the roles to the user.

7.As we’re not able to see the roles with respect to ADS in the role collection, Create the role collection

8.Click Edit and in the Role name, Click the icon.

9.Click the Search Help Icon

10.In the application identifier -> Drop Down -> Select ads

9.1 Select these both role and add it to the user

11.Copy the Subaacount ID.

Cloud Connector Configurations:

1.Go to Cloud Connector -> Add subaccount

Issue:

We can’t able to see the GCP - Damam region in drop down

Resolution:

The region KSA (Damman) - cf.sa30.hana.ondemand.com uses the DigiCert TLS RSA4096 Root G5 as root CA. Furthermore, it is not yet listed as region in Cloud Connectors available for download from https://tools.hana.ondemand.com/#cloud. If you want to add a subaccount for it, you need to do 2 things before being able to do so. Firstly, run Cloud Connector using a JVM that trusts this root CA, secondly you need to add a custom region for it. The steps are as follows,

Upgrade to a JVM trusting the the DigiCert TLS RSA4096 Root G5 certificate following the procedure explained in https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/update-java-vm to one JVM of at least the version listed below
1.SAP JVM 8.1.097
2.SapMachine 11.0.22
3.SapMachine 17.0.10
4.SapMachine 21.0.2
5.Oracle JVM 8u401
Add the custom region KSA (Damman) - cf.sa30.hana.ondemand.com following the procedure explained in https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/configure-custom-regions

Go to Configuration -> Cloud -> Add Custom Region

2.We can able to see the Region, now add the subaccount which we have created in BTP

3.Go to the added Subaccount -> Click Cloud to On-Premise

4.Add the backend system Ip and Port

5.Add the resource and check whether it is reachable or not

Resource as /sap -> Paths and Sub-Paths

Backend Configuration:

1.Go to Backend System and activate the following Services

SICF -> Activate the below Services

1.fp
2.Fpads
3.OA2C_GRANTAPP
4.OAUTH2_AUTHORIRY
5.OAUTH2_CONFIG
6.OAUTH2_REVOCATION
7.OA2C_CONFIG
8.OAUTH2_REVOKE_ADM

2.Goto BTP -> Click the ADS Subaccount -> Connectivity -> Destination -> Add Destination (FP_ICF_DATA_<SID>)

3.Create the User in SU01 and assign these roles

4.Click Instance & Subscription -> Instance -> Click three dots -> Create Service Key

5.Copy the Client ID, Client Secret and URL

6.Use the below link to download the Digicert Certificate

https://www.digicert.com/digicert-root-certificates.htm

Download below certificates and import them under SSL Client Standard and SSL Client Anonymous.
 
DigiCert Global Root CA
DigiCert Global Root G2

OAUTH CONFIGURATION:

1.Tcode : OA2C_CONFIG

2.Click Create OAUTH Profile which will be used in RFC

3.Paste the URL which you have copied in Service key
Authorization Endpoint : <url>/oauth/authorization
Token Endpoint : <url>/oauth/token

Creating RFC:

1.Create RFC Connection SM59 -> Create ‘G’ Type

2.Allow(Whitelist) the Destination from Backend System

3.Click Logon & Security -> Click OAUTH Settings -> Give the OAUTH Profile we have created

4.Give Connection Test

Validation:

1.SE38 -> FP_TEST_00