SAP Fiori Client (SP09+)
If you are using SP 13 or newer please see
https://blogs.sap.com/2016/11/10/sap-fiori-client-sp13/.
SAP Fiori is a set of applications that cover some of the most frequently used SAP software functions. These apps were written using SAPUI5 and hence can be accessed in a browser on a variety of devices. There is a demo of a few SAP Fiori apps available at
SAP Fiori, Demo Cloud Edition.
When a SAP Fiori app is run in the
SAP Fiori Client, it provides a set of enhancements to the app including the ability to customize or brand the app title, app icon, splash screen, first use tips, access native device functionality such as a barcode scanner, improved management of the app resources using the Cache Manager plugin, security enhancements such as the ability to set a whitelist of URLs the application can communicate with, handling of authentication challenges within a WebView via the AuthProxy plugin, improved attachment handling on Android and iOS and additional benefits when
integrated with the SMP 3.0 server.
See also the following posts.
SAP Fiori & SMP
Introducing SAP Fiori Client 1.2
SAP Fiori - Mobile
Fiori Guidelines
SAP Fiori Launchpad
SAP Fiori Reference Apps
Mobile Single Sign-On for SAP Fiori with SAP Authenticator
SAP Fiori apps reference library
Note the SAP Fiori Client should be used with Launchpad based apps as opposed to Launch Page apps.
See also
Migration of SAP Fiori Apps From SAP Fiori 1.0.
A prebuilt version of the SAP Fiori Client is available from the iTunes, Android, and Windows stores at
iOS SAP Fiori Client mobile app,
Android SAP Fiori Client mobile app, and
Windows 10 SAP Fiori Client.
The SAP Fiori Client for Android or iOS can also be created using Cordova and Kapsel plugins by running the following script.
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\create_fiori_client.js
Building the SAP Fiori Client yourself allows for the app to be customized. New plugins can be added or ones that are not being used can be removed.
Note, in SP12 it is not currently possible to create a custom Fiori Client for Windows using the script.
For additional details see the script that creates the SAP Fiori Client at
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\create_fiori_client.js,
the JavaScript file used by the Fiori Client plugin in a project that includes this plugin at
project_name\plugins\kapsel-plugin-fioriclient\www\fioriclient.js
and the documentation at
Mobilizing SAP Fiori.
The following steps will demonstrate how to create the SAP Fiori Client using SMP 3.0 SP10 SDK.
Building the SAP Fiori Client
Running the SAP Fiori Client
Additional Settings and Configuration
Changing the App Name, Icon, and Splash Screen
Changing the Background Image
Customizing Screens
Modifying the Version
Hiding Last Screen from AppSwitcher and Enabling or Disabling Screen Capture
Using an X.509 Certificate
Using a Mobile Device Management Solution to Configure Initial Settings
Modifying the Status Bar
Removing the Set Passcode Screen
Security
Opening the Fiori Client from an External Link
TroubleShooting
Proxying the Fiori Client through an SMP 3.0 Server
Building the SAP Fiori Client
- Edit the file
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\config.json or /Users/i82xxxx/SAP/MobileSDK3/KapselSDK/apps/fiori_client/config.json
Provide values such as those shown below. Note, if you if you are running the script on Windows remove "ios" from the platforms or if you are running on a Mac and only wish to build one platform remove either "ios" or "android".
{
"packageName": "com.sap.fiori",
"targetFolder": "FioriClient",
"appName": "FioriClient",
"platforms": ["ios", "android"]
}
- In a command window run the following.
cd C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client
or on a Mac
cd ~/SAP/MobileSDK3/KapselSDK/apps/fiori_client
npm install
node create_fiori_client.js
cd FioriClient
- Note it is also possible to debug the create_fiori_client.js script file. For additional details see Debug NodeJS Like A Pro. Note this is an optional step.
npm install -g node-inspector
node --debug-brk create_fiori_client.js
node-inspector --web-port=9999
- Note that the create_fiori_client.js script has conveniently created a Cordova project containing Kapsel and Cordova plugins.
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient>cordova plugins
cordova-plugin-camera 2.1.1 "Camera"
cordova-plugin-contacts 2.0.1 "Contacts"
cordova-plugin-crosswalk-webview 1.6.1 "Crosswalk WebView Engine"
cordova-plugin-customurlscheme 4.1.5 "Custom URL scheme"
cordova-plugin-device 1.1.2 "Device"
cordova-plugin-dialogs 1.2.1 "Notification"
cordova-plugin-file 4.1.1 "File"
cordova-plugin-geolocation 2.1.0 "Geolocation"
cordova-plugin-network-information 1.2.0 "Network Information"
cordova-plugin-privacyscreen 0.1.2 "PrivacyScreenPlugin"
cordova-plugin-screen-orientation 1.4.0 "Screen Orientation"
cordova-plugin-splashscreen 3.2.1 "Splashscreen"
cordova-plugin-statusbar 2.1.2 "StatusBar"
cordova-plugin-whitelist 1.2.1 "Whitelist"
de.appplant.cordova.plugin.printer 0.7.0 "Printer"
kapsel-plugin-apppreferences 3.12.2 "AppPreference"
kapsel-plugin-attachmentviewer 3.12.2 "AttachmentViewer"
kapsel-plugin-authproxy 3.12.2 "AuthProxy"
kapsel-plugin-barcodescanner 3.12.2 "BarcodeScanner"
kapsel-plugin-cachemanager 3.12.2 "CacheManager"
kapsel-plugin-calendar 4.4.4 "Calendar"
kapsel-plugin-cdsprovider 3.12.2 "CDSProvider"
kapsel-plugin-corelibs 3.12.2 "CoreLibs"
kapsel-plugin-encryptedstorage 3.12.2 "EncryptedStorage"
kapsel-plugin-federationprovider 3.12.2 "FederationProvider"
kapsel-plugin-fioriclient 3.12.2 "FioriClient"
kapsel-plugin-i18n 3.12.2 "i18n"
kapsel-plugin-inappbrowser 1.3.1 "InAppBrowser"
kapsel-plugin-inappbrowser-xwalk 3.12.2 "InAppBrowser"
kapsel-plugin-logger 3.12.2 "Logger"
kapsel-plugin-logon 3.12.2 "Logon"
kapsel-plugin-multidex 3.12.2 "Multidex"
kapsel-plugin-online 3.12.2 "Online"
kapsel-plugin-push 3.12.2 "Push"
kapsel-plugin-settings 3.12.2 "Settings"
kapsel-plugin-toolbar 3.12.2 "Toolbar"
kapsel-plugin-usage 3.12.2 "Usage"
kapsel-plugin-voicerecording 3.12.2 "Voice Recording"
- Edit the following file
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\www\appConfig.js
and provide values such as those shown below.
Note the fioriURL should be changed to reflect the webserver that host your SAP Fiori applications uses or to the trial SAP Fiori Launchpad.
Note the website http://jsonlint.com/can be used to validate JSON such the contents of the appConfig variable below.
fiori_client_appConfig = {
"appID": "com.sap.fiori",
//"fioriURL" : "https://www.sapfioritrial.com/sap/hana/uis/clients/ushell-app/shells/fiori/FioriLaunchpad.html?helps...",
"fioriURLIsSMP": false,
"certificate": "",
"autoSelectSingleCert": false,
"passcodePolicy": {
"expirationDays":"0",
"hasDigits":"false",
"hasLowerCaseLetters":"false",
"hasSpecialLetters":"false",
"hasUpperCaseLetters":"false",
"defaultAllowed":"true",
"lockTimeout":"10",
"minLength":"6",
"minUniqueChars":"0",
"retryLimit":"0"
}
};
The fioriURLIsSMP setting indicates if the SMP 3.0 server should be used as a proxy to access the SAP Fiori app enabling additional logging, authentication mechanisms, push notifications etc. An example of this being set to true is shown later in this document.
The passcode policy can be set in the SMP 3.0 management cockpit when fioriURLIsSMP is true or in the appConfig.js as shown above when fioriURLIsSMP is false. Since the passcode policy setting defaultAllowed is set to true, this enables the ability to disable the Passcode screen.
- Copy the files to the platform directory by running
cordova prepare
Use Android Studio, ADT command line or Xcode to deploy and run the project.
Note, if the build fails when building Android with a message of
The input line is too long
try installing a newer buildToolsVersion such as 21.1.1. See also Gradle Build Failed.
Running the SAP Fiori Client
Some of the functionality of the app is illustrated below.
If the fioriURL variable is not specified in the appConfig.js or if the app is the one downloaded from the public app stores, the first screen shown requests the user to choose between Log In or Demo Mode (New in SP08). Demo mode uses the trial URL automatically and disables the passcode screen.
If using SAP Mobile Secure, an email can be provided instead of a URL that the Fiori Client will then use the email domain to get the details on how to connect to the Fiori app. Entering an email is typically less error prone than entering a long a URL.
The passcode policy can be configured either in the appConfig.js or in the SMP management cockpit.
The Enter Passcode screen is shown when the app is subsequently opened or resumed from the background assuming Disable Passcode was not selected.
The first use tip is shown the first time the app is opened. To customize this see the method showFirstUseTips and also logonCompletedCallback in the following file.
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\plugins\kapsel-plugin-fioriclient\www\fioriclient.js
If the URL being accessed is not available or uses HTTPS and the certificate authority that signed the web server's certificate is not trusted by the device, an error page will be shown.
For additional details see
Installing a Certificate or the
HTTPS in the Security Appendix. A quick test to see if the site can be opened is to open the URL on the device's browser.
By double tapping, a native menu is shown. The menu items are added in the initClient method in the following file.
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\plugins\kapsel-plugin-fioriclient\www\fioriclient.js
New in SP06 is the ability to view the device log and email it.
The settings are implemented in fioriclient.js (and validation.html for Android).
Additional Settings and Configuration
Changing the App Name, Icon and Splash Screen
The app name and icon can be customized before create_fiori_client.js is run by modifying the appName in
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\config.json
and icon.PNG files under
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\template\res
As of SP11, the App Name in the Logon screen can be specified via the appName setting in the following file.
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\www\appConfig.js
If it is not specified it defaults to SAP Fiori Client.
Note that in SP09 and SP10, a default icon for the iPhone 6, 6 Plus, 6s an 6s Plus was not provided. This can be corrected by providing a custom icon with a resolution of 180 X 180 in the following location.
/SAP/MobileSDK3/KapselSDK/apps/fiori_client/assets/ios/icons/icon-60@3x.png
Note the Fiori Client on Android does not come with a Fiori splash screen in SP09, SP10 and SP11 so the default Cordova splash screen appears. This can be hidden by making the following change
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\ config.xml
<preference name="SplashScreenDelay" value="0" />
Changing the Background Image
The flowers background image of the SAP Fiori Client comes from the following file.
C:\SAP\MobileSDK3\KapselSDK\plugins\logon\www\common\assets\ui\img\background.jpg
That file can be replaced with an alternate image. See also
app.setBackgroundImage('img/background.jpg'); // display the fiori backrgound only if legacy mode is not enabled.
in the below file.
C:\SAP\MobileSDK3\KapselSDK\plugins\logon\www\common\assets\ui\LogonForm.js
Customizing Screens
The various screens shown when starting the SAP Fiori Client are shown below. Their contents can be customized.
C:\SAP\MobileSDK3\KapselSDK\plugins\logon\www\common\assets\ui\resources>dir *.view.js
Volume in drive C is OSDisk
Volume Serial Number is 42DC-7B76
Directory of C:\SAP\MobileSDK3\KapselSDK\plugins\logon\www\common\assets\ui\resources
05/15/2015 12:15 AM 19,137 changePasscode.view.js
05/15/2015 12:15 AM 6,453 chooseDemoMode.view.js
05/15/2015 12:15 AM 7,022 enterAfariaUsernamePassword.view.js
05/15/2015 12:15 AM 10,338 enterFioriConfiguration.view.js
05/15/2015 12:15 AM 8,658 enterPasscode.view.js
05/15/2015 12:15 AM 8,905 enterSSOPasscode.view.js
05/15/2015 12:15 AM 7,144 enterUsernamePassword.view.js
05/15/2015 12:15 AM 17,531 setPasscode.view.js
Modifying the Version
The version is specified in the following file on Android
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\plugins\kapsel-plugin-fioriclient\www\messages_en.properties
On iOS, the version is specified in the following file.
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\config.xml
<widget id="com.sap.fiori" version="3.0.10.1"
In Xcode the build field should match the value in the config.xml file after running cordova prepare ios.
Note there is also a version displayed on the iOS settings screen. This version can be changed by editing the Resources > Settings.bundle > Root.plist file.
Hiding Last Screen from AppSwitcher and Enabling or Disabling Screen Capture
As of SP11, the Fiori Client includes the
Privacy Screen plugin which on Android prevents the screen from being captured and on iOS and Android, prevents the last displayed screen from appearing in the app switcher. For additional details see
Preventing App Switcher From Showing the Last Screen and Preventing Screen Sharing.
Using an X.509 Certificate
When an X.509 certificate is installed on an iOS device, it is only accessible to select applications such as Mobile Safari or Mail. See
Making Certificates and Keys Available To Your App.
In SP08 of the SDK it is possible to use SAP Afaria to provision the SAP Fiori Client with an X.509 client certificate. To do this include the certificate=com.sap.afaria on the URL as shown below.
https://mo-39d7636c8.mo.sap.corp:44301/sap/bc/ui5_ui5/sap/zbarc_ui5_app?appid=test&fioriurlissmp=fal...
In prior versions registration with an SMP server was required.
For iOS, the new SAP Afaria certificate provider can be used when SMP is not present or if it is being used to proxy the connection to the Fiori App.
For Android, the new SAP Afaria certificate provider can only be used when SMP is not present.
If you wish to use a third party mobile device management solution to provide the X.509 client certificate, a custom SAP Fiori Client could be built that included a
custom certificate provider. The fioriURL would then include the parameter &certificate=com.mycompany.certprovider.CustomCertificateProvider.
One other option on iOS would be to create a second application that is able to acquire a X.509 certificate and then to share that with a custom SAP Fiori Client through key chain sharing. See also
Configuring Keychain Sharing.
Using a Mobile Device Management Solution to Configure Initial Settings
A mobile device management solution such as SAP Afaria can be used to configure initial settings similar to those that can be set in appConfig.js file on iOS.
Note if using SAP Mobile Secure or SAP Afaria place this info in the managed App Configuration section.
If the MDM supports JSON format, create a JSON object as follows:
config={
"appID":"com.sap.fiori.client.release",
"fioriURL":"https://<your-host>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html?sap-client=100&sap-language=EN",
"fioriURLIsSMP":false,
"certificate" : "com.sap.afaria",
"passcodePolicy":{}
}
Note the appID must match the bundle ID. If the MDM does not support JSON, convert the above JSON to base64-encoded.
Convert this:
{
"appID":"com.sap.fiori.client.release",
"fioriURL":"https://<your-host>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html?sap-client=100&sap-language=EN",
"fioriURLIsSMP":false,
"certificate" : "com.sap.afaria",
"passcodePolicy":{}
}
To something like that below:
eyANCiJhcHBJRCI6ImZpb3JpIiwNCiJmaW9yaVVSTCI6Imh0dHBzOi8vb
GRjaXUzZS53ZGYuc2FwLmNvcnA6NDQzMjYvc2FwL2JjL3VpNV91aTUvd
WkyL3VzaGVsbC9zaGVsbHMvYWJhcC9GaW9yaUxhdW5jaHBhZC5odG1
sP3NhcC1jbGllbnQ9MTAwJnNhcC1sYW5ndWFnZT1FTiIsDQoiZmlvcmlV
UkxJc1NNUCI6ZmFsc2UsDQoicGFzc2NvZGVQb2xpY3kiOnt9DQp9DQo=
Add a second parameter named version so it looks like this:
version=1
config=eyANCiJhcHBJRCI6ImZpb3JpIiwNCiJmaW9yaVVSTCI6Imh0dHBzOi8vb
GRjaXUzZS53ZGYuc2FwLmNvcnA6NDQzMjYvc2FwL2JjL3VpNV91aTUvd
WkyL3VzaGVsbC9zaGVsbHMvYWJhcC9GaW9yaUxhdW5jaHBhZC5odG1
sP3NhcC1jbGllbnQ9MTAwJnNhcC1sYW5ndWFnZT1FTiIsDQoiZmlvcmlV
UkxJc1NNUCI6ZmFsc2UsDQoicGFzc2NvZGVQb2xpY3kiOnt9DQp9DQo=
See also the following SAP notes demonstrating this process with SAP Afaria.
How to provision SAP Fiori client via Managed App Configuration using a JSON config. -Afaria/Mobile ....
Flow When Digitial Signing is Enabled.
Modifying the Status Bar
Note that on iOS, there are a few settings that can control how the status bar is displayed. The Fiori Client uses the
StatusBar Pluginwith the following settings set in index.js (SP10 and prior) or the config.xml in SP11+.
if (cordova.require("cordova/platform").id === "ios")
{
StatusBar.backgroundColorByName("white");
StatusBar.styleDefault();
StatusBar.overlaysWebView(false);
}
Here is an example of changing the style and background color of the status bar.
if (cordova.require("cordova/platform").id === "ios")
{
StatusBar.backgroundColorByHexString("#009ce6");
StatusBar.styleLightContent();
StatusBar.overlaysWebView(false);
}
Note that statusbar can be removed by adding the following code to the file Resources/FioriClient-Info.plist.
<key>UIStatusBarHidden</key><true/>
<key>UIViewControllerBasedStatusBarAppearance</key><false/>
Removing the Set Passcode Screen
It is possible to not show the screen Set Passcode for SAP Fiori Client by making the below modification. Edit
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\plugins\kapsel-plugin-logon\www\common\modules\LogonController.js
Search for the first instance of r21. Replace
action: 'SCR_SET_PASSCODE_OPT_ON'
with
action: function() {
onCreatePasscodeSubmit({});
}
Search for the second instance of r21. Replace
action: 'SCR_SET_PASSCODE_OPT_ON'
with
action: function() {
onCreateSecureStoreSubmit({});
}
Note, the file LogonController.js will appear in the project in multiple places.
Security
For additional security topics see the following documents.
Technical setup of an SAP Fiori Landscape - Part 3: Mobilizing Fiori
Configuration and Deployment Information and
Configuring Security in SAP Mobile Platform.
In SP10, a new feature was added to the SAP Fiori Client named
No Bridge. This feature prevents access to the native plugins added to the SAP Fiori Client unless the WebView URL has the same host as the fioriURL specified in the settings.
As the SAP Fiori Client from the app store can be used with a user provided Fiori URL the protections provided by the navigation whitelist in the
Whitelist pluginare disabled. Specifically the SAP Fiori Client from the app store has the following setting in its config.xml file.
<allow-navigation href="*" />
Prior to the No Bridge security enhancement, with the combination of the
Kapsel online plugin and the wildcard in the allow-navigation setting, it was possible for any page to be loaded by the WebView and that page would have access to the API's provided by the plugins included in the SAP Fiori Client.
If you know in advance the URLs that a custom SAP Fiori Client will access, it may make sense to specify them using the whitelist plugin. It is not possible to change the settings in the config.xml for the app store versions of the SAP Fiori Client.
The following steps will demonstrate this feature. Note, it requires an SP10 or greater custom SAP Fiori Client or an SAP Fiori Client 1.5 or greater from the app store.
- Copy the following two HTML pages to a location so they are available over HTTP such as the following location.
C:\SAP\MobilePlatform3\Server\webapps\sapui5
index1.html
index2.html
Modify them to use your machines fully qualified domain name and the IP address.
- Configure the fioriURL of the SAP Fiori Client to use index1.html referencing a fully qualified domain name such as the following URL.
http://YKFN00620418A.amer.global.corp.sap:8080/sapui5/index1.html
- To avoid the AuthProxy plugin on Android from changing the URL from HTTP to HTTPS, change the value of SAPKapselHandleHttpRequests from true to false in the following file.
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\config.xml
- Run the SAP Fiori Client.
- Notice that the navigations to all three versions of index2 work but the third navigation which uses an IP address rather than the machine name loads but that it is not possible to successfully call methods of the added plugins such as sap.Online.showBusyIndicator() as the machine name is different. The following message appears in the Android logcat when attempting to access this API.
E/SMP_SETTINGS(14313): plugin Online is disabled by foriURL security policy
The following appears in the Xcode All Output view when attempting to access this API.
ERROR: Plugin 'Online' not found, or is not a CDVPlugin. Check your plugin mapping in config.xml.
2015-11-04 12:05:33.398 FioriClient[576:104290] -[CDVCommandQueue executePending] [Line 159] FAILED pluginJSON = ["INVALID","Online","showBusyIndicator",[]]
- Note the following plugins are excluded from the No Bridge feature, Logger, Toolbar, Whitelist and Device.
- As of SP 12 it is possible to specify additional URL's that should not be affected by the no bridge feature. This can be specified via a parameter in the appconfig.js file named noBridgewhitelist as shown below.
"fioriURL":"http://YKFN00620418A.amer.global.corp.sap:8080/sapui5/index1.html", "noBridgewhitelist":"10.7.168.124:8080",
Alternatively it can be specified as a URL parameter in the Fiori Client UI when the user provides the Fiori URL. For example on the Enter Fiori URL page, the following URL could be provided.
http://YKFN00620418A.amer.global.corp.sap:8080/sapui5/index1.html?noBridgewhitelist=*
The following are a few examples of possible values.
noBridgewhitelist=*
noBridgewhitelist=wdf.sap.corp
noBridgewhitelist=*.wdf.sap.copr
noBridgewhitelist=*.yahoo.com,*.google.com
- This feature prevents the use of URL shortener services such as bitly.
- This feature can be disabled on Android by commenting out the following line in the file C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\create_fiori_client.js and rerunning the create_fiori_client.js script.
shelljs.exec('node platforms/android/prepare_restriction.js');
Opening the Fiori Client from an External Link
It is possible to provide a link to the Fiori Client or to a specific Fiori App within the Fiori Client on a webpage or an email. Here are a couple of examples. When the link is clicked on in an browser, the SAP Fiori Client will open.
<a href="com.sap.fiori.xcallbackurl://x-callback-url/openFioriUrl">Deep Link to Fiori Client</a>
<a href="com.sap.fiori.xcallbackurl://x-callback-url/openFioriUrl?url=https://www.sapfioritrial.com/sap/hana/uis/clients/ushell-app/shells/fiori/FioriLaunchpad.html?helpset=trial&sap-client=001#ContactPerson-MyContact">My Contacts</a>
Note, the com.sap.fiori comes from the packageName specified in the file C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\config.json.
The second link contains the url to be opened in the Fiori Client. In this case it contains #ContactPerson-MyContacts which will open the CRM app My Contacts.
See also
Creating a Mobile Deep Link to an Application in SAP Fiori Client.
TroubleShooting
Some of the Fiori Client screens such as the Log In / Demo Mode, Enter Fiori URL, Set/Enter Passcode, ToolTip and error screens are opened using an InAppBrowser window. Prior to SP11, by default the Web Inspector on Android cannot debug these screens. To enable debugging of these screens, edit the following file and include the bolded code below around line 764.
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\platforms\android\src\org\apache\cordova\inappbrowser\InAppBrowser.java
inAppWebView.setWebViewClient(client);
inAppWebView.setWebContentsDebuggingEnabled(true);
WebSettings settings = inAppWebView.getSettings();
If a problem is preventing the Fiori Client from successfully registering, the settings screen may not appear preventing the user from changing the log level. One way to do this is to first use demo mode to show the trial SAP Fiori app, then set the log level to debug from settings screen by double tapping. Then reset the app from setting screen and input the Fiori URL that is not working with the Fiori Client. The debug log level will persist across the application reset, so it will stay in debug log level.
If you cannot debug the app in Xcode, you can still view the device console output through Xcode’s Device menu. It will show the console output from all applications running on the device without debugging the application from Xcode.
The Fiori Client does not support URL shortener services or bitly URLs.
An SMP registration using a cert from the Android system keychain will not work with the Fiori Client since AuthProxy interception is required for that, and AuthProxy interception only starts after Logon success
The section
Troubleshooting SAPUI5 Apps contains some tips such as how to perform an end2end trace.
Proxying the Fiori Client through an SMP 3.0 Server
The following steps demonstrate how to proxy a SAP Fiori application through a SMP 3.0 server. See also
Integration of SAP Mobile Platform into SAP Fiori Landscape.
Note that the
Relay Server cannot be used in in this scenario. The Fiori Client does not work with a relay server when proxied through the SMP server as FC requires URL rewriting to be done by the backend. The backend is not capable of constructing URLs using the relay server artifacts like farm id etc.
- Create a Kapsel application with the following ID.
com.sap.fiori
Select Disable for Same-Origin Policy.
Set the endpoint to be a partial URL of your company's Fiori launchpad URL.
An example of a full URL to the app and then the partial URL follows.
https://host:port/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html?sap-client=100 and https://host:port/
Set the Use System Proxy connection if your network uses a proxy and the URL being accessed is not within your internal network.
Note the proxy host and port for the SMP 3.0 server are set under Settings > System > HTTP proxy host.
Add an SSO mechanism such as Basic for a URL that requires credentials.
Rewrite mode should be Rewrite URL in Backend System.
Select an HTTPS Authentication provider and provide a URL that requires authentication. The URL
https://host:port/sap/bc/ping?sap-client=100
will be used during the registration step to verify that the provided user name and password and if an SSO mechanism is used, the app will not need to display the app's login screen. See also Single Sign-On Integration Across Client Applications.
Save the application and attempt to ping the endpoint.
A partial SAP Fiori URL such as
https://host:port/
should return a 404 not found error, the same as you would see if the URL was entered into a browser.
- Notice that the endpoint uses HTTPS, the certificate that the endpoint server uses was signed by SAPNetCA_G2. This certificate and its the cert that signed it (SAP Global Root CA) need to be installed in the SMP 3.0 server's keystore.
For additional details on how to export a certificate and install it into the SMP server's keystore see Accessing the SAP OData Gateway Demo section.
The following are a couple of commonly seen error messages.
Backend system cannot be reached:::Root cause:::Exception during connection execute: peer not authenticated
This error may be seen if the SMP server does not trust the certificate used by the endpoint.
Backend system cannot be reached:::Root cause:::Exception during connection execute: host:port
This indicates that the SMP server cannot reach the URL. Check if the URL is reachable in a browser. If it is, it may be that your network requires a proxy server to access external URLs. Check the Use System Proxy setting and ensure the proxy settings under Settings > System > HTTP proxy host are correct in the SMP server management cockpit.
- In the file
C:\SAP\MobileSDK3\KapselSDK\apps\fiori_client\FioriClient\www\appConfig.js
set the variable fioriURLIsSMP to true to indicate that the connection to the app will be proxied through the SMP 3.0 server.
Set the fioriURL to a URL as shown below.
https://YKFN00620418A.amer.global.corp.sap:443/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad....
The methods parseAppConfig and handleFioriUrlWithFakeParameter will extract the host and port to connect to as well as other settings. Note there are additional settings that can be specified in the appConfig.js file. If the values are not specified in the appConfig.js file (for example the version of the Fiori Client available on the Apple App Store and Android Play Store does not have an appConfig.js file), then they can be specified in the user provided fioriURL. If the fioriURL is not specified in the appConfig.js file then the Enter Fiori URL screen will appear and the parameters normally specified in the appConfig can be specified in the FioriURL. Here are a few examples. Note these could be specified in the appConfig.js file or if the fioriURL is empty they could be specified by the end user when they enter a FioriURL.
//Direct to the Fiori Server via user supplied URL https://www.sapfioritrial.com/sap/hana/uis/clients/ushell-app/shells/fiori/FioriLaunchpad.html //Direct to the Fiori Server via appConfig.js "appID": "com.sap.fiori", "fioriURL": "https://www.sapfioritrial.com/sap/hana/uis/clients/ushell-app/shells/fiori/FioriLaunchpad.html", "fioriURLIsSMP": false,
//Proxying through an SMP server via user supplied URL https://YKFN00620418A.amer.global.corp.sap:443/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.... //Proxying through an SMP server via appConfig.js "appID": "com.sap.fiori", "fioriURL": "https://YKFN00620418A.amer.global.corp.sap:443/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad....", "fioriURLIsSMP": true,
//Mutual Authentication using Afaria/SAP Mobile Secure to provide the client certificate via user supplied URL https://YKFN00620418A.amer.global.corp.sap:443/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.... //Note that in SP08 of the SDK there is a new certificate provider named certificate=com.sap.afaria that is to only be used when not registering with the SMP server. //Mutual Authentication using Afaria/SAP Mobile Secure to provide the client certificate via appConfig.js "appID": "com.sap.fiori", "fioriURL": "https://YKFN00620418A.amer.global.corp.sap:443/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad....", "fioriURLIsSMP": true, "certificate": afaria,
//SAML Authentication via user supplied URL https://YKFN00620418A.amer.global.corp.sap:443/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.... //SAML Authentication via appConfig.js "appID": "com.sap.fiori", "fioriURL": "https://YKFN00620418A.amer.global.corp.sap:443/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad....", "fioriURLIsSMP": true, "auth": [ { "type": "saml2.web.post", "config": { "saml2.web.post.authchallengeheader.name": "com.sap.cloud.security.login", "saml2.web.post.finish.endpoint.uri": "/SAMLAuthLauncher", "saml2.web.post.finish.endpoint.redirectparam": "finishEndpointParam" } } ] //See also Enabling SAML Authentication
One tool that can be used to verify the JSON is jsonlint.com.
In order to use HTTPS the mobile device or simulator will need to trust the certificate used by the SMP server. For additional details see the HTTPSin the Security Appendix. Alternatively, use HTTP with port 8080 which is the default HTTP port for the SMP server. Note, if the Fiori Client does not trust the certificate used by the SMP server, an error such as the following will appear on the device's log.
"LogonController.getRegistrationErrorText: {\"errorCode\":\"80003\",\"errorMessage\":\"java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.\",\"errorDomain\":\"MAFLogonCoreErrorDomain\"}"
The device log can be viewed on Android via Logcat or on iOS via Xcode or via the Fiori Client View Log menu item.
- Deploy and run the app.Since fioriURLIsSMP is set to true and the fioriURL is specified, the first screen that appears is the user name and password screen.
The passcode policy is retrieved from the SMP 3.0 server during a successful registration process and then the set app passcode screen is shown next.
The first use tips page is shown and then the app is loaded.
- When the appConfig.js file has fioriURLIsSMP set to true, the settings screen has two additional read only settings Proxy Through SMP and AppID.
Note, if you wish to change the Fiori URL to point to a different SMP server and have not specified a value for fioriURL, click the Clear All Application Settings button under Reset Settings. This will cause the Logon plugin's registration screen to appear.
- When the SAP Fiori Client is used with the SMP 3.0 server, statistics can be viewed such as those shown below.
The log level can be set and a device log retrieved. Note the log will be available as shown here after the app has been restarted and the Log Upload checkbox has been checked.
In addition, the passcode policy can be set, notifications can be sent to the device, and additional security authentication mechanisms are available.
- The following are some known issues that have been documented as SAP Notes.Fiori Logoff does not work when proxying through SMP. http://service.sap.com/sap/support/notes/2122085
Use of proxy bypass on Fiori Client for Android results in Page Not Found. http://service.sap.com/sap/support/notes/2120995
Using SAML URL following "Clear All Application Settings" on Fiori Client for Android results in error. http://service.sap.com/sap/support/notes/2120994
SAPUI5 Cache Buster for Applications - Update via scheduled Report http://service.sap.com/sap/support/notes/1942086
Batch Req. of Cache Buster Info for many Apps, POST support http://service.sap.com/sap/support/notes/1878871
Allow other browsers to access the portal http://service.sap.com/sap/support/notes/1666862
SMP Hybrid SDK Offline Media Resources (Attachments) Fail to Open on Android when a Proxy is used http://service.sap.com/sap/support/notes/2168598
Printing issues on SAP Fiori Client 1.3 affecting Android http://service.sap.com/sap/support/notes/2168622
Configuring feature restriction policy in SMP 3.0 Server http://service.sap.com/sap/support/notes/2168720
Change required to manifest.xml on Android before submitting to Play store with SP08 PL01 http://service.sap.com/sap/support/notes/2174258
Back to Getting Started With Kapsel