This blog post is intended to showcase how easily the Principal Propagation setup between SAP BTP and SAP S/4HANA can be tested from SAP Build Process Automation in three simple steps.
Context:
Consume SAP S/4HANA API using Actions project from SAP Build Process Automation using SAP Cloud Connector via Principal Propagation
Below are the three simple steps to accomplish this scenario:
- Setup Principal Propagation between SAP BTP and SAP S/4HANA via Cloud Connector
- Create Actions project in SAP Build Process Automation
- Consume Actions project in Process
Let's Go...
Step 1: Setup Principal Propagation between SAP BTP and SAP S/4HANA via Cloud Connector
There are many good blog posts that help to accomplish this step however one such
blog from
claus.burgaard is a good starting point and I have only highlighted minor changes from this blog that I had to do for the setup to work
- For the user certificate in Cloud Connector, make sure the subject pattern is as highlighted below
Depending upon whether you use multiple trusted reverse proxies (in which case you use parameter icm/trusted_reverse_proxy_<x>) or single trusted reverse proxy (in this case you use parameters icm/HTTPS/trust_client_with_subject, and icm/HTTPS/trust_client_with_issuer). See the corresponding documentation
here
NOTE: Take help from your SAP BASIS or Security experts if needed to configure these values. To keep it simple for testing purposes, I entered the below values
icm/HTTPS/trust_client_with_issuer = *
icm/HTTPS/trust_client_with_subject = *
System configuration in Cloud Connector should look like below
The destination configuration in SAP BTP should look like below
Step 2: Create Actions project in SAP Build Process Automation
Again, there are several good blogs that give step-by-step details, you can refer to
this blog from
archana.shukla or
this blog from
thomas.jentsch
In my case, I created an Actions project to consume Business Partner OData (API_BUSINESS_PARTNER) from SAP S/4HANA
Step 3: Consume Actions project in Process
As the last step, I created a process in SAP Build Process Automation with Form trigger. In the Form, I added a dropdown control to display Business Partners using the Actions (GET method)
Now, launch the form and you should see Business Partner numbers in the drop-down which is fetched from SAP S/4HANA
A cool new feature "Run a Step on Behalf of (Principal Propagation)" was introduced in May 2023 release, see
this blog for further details.
To test this feature as well as the Actions' POST method, I created a simple process for Business Partner creation.
- End-user will submit the form for Business Partner creation
- A user task will be created for Business Partner approval
- Once the task is approved, the Action (to create Business Partner in SAP S/4HANA using the POST method) will be triggered on behalf of the user who approved the request
Validation that Principal Propagation worked:
In Cloud Connector logs, you should see the X.509 certificate generated as shown below
In SAP S/4HANA ICM logs you should see below
I would like to thank
robink17 for motivating me to write this blog and
kiran.kola for helping me troubleshoot and fix issues.