SAP Cloud Platform is the strategic platform to extend SAP scenarios. Here I will be explaining just a small portion of the extension topic showing how S/4 Cloud brings the tools to easily be connected. For those of you experienced in connecting both worlds it will be clear the simplification achieved by using OAuth 2.0 with automatic token management. In this particular scenario, the example is based on SAP Cloud Platform Integration, but the principle and configuration also applies to other UX scenarios.
(This is part of the “How do I” blog series by sudhanshu.srivastava where you can find a large number of enablement assets for SAP Cloud Platform.)
First let’s understand the proposed scenario. A client application (client proxy style) is connecting to SAP Cloud Platform to achieve some integration.
There are 2 configuration components in S/4 Hana Cloud for communications, one is the arrangement and the other is the system.
OAuth configuration in SAP Cloud Platform Cockpit
Access your subaccount:
In the left pannel select OAuth configuration:
Select to configure clients:
Register a new client:
Add a name and description for the OAuth client, also specify the subscription for the tenant, in our example it is "iflmap" for SAP Cloud Platform Integration message executions.
Notice the system generates and ID (1).
Also specify the authorization grant "Client Credentials", a "Secret" password and save.
Switch to "Branding" tab and note we finally have the authorization and token endpoints:
Configuration in S/4 Cloud
Locate the Communication Arrangements:
Access the communication systems to define the communication options for target systems:
Create a new one:
Define the target system and add the OAuth 2.0 settings configured previously along with the Client ID and the "Secret" password.
As shown here the outbound communications options may include other options, later the arrangement will determine which one will be used.
After saving access the communication arrangements to select what specific configuration will be used, since the configuration system may allow several options:
In outbound communication configure the OAuth 2.0 for user name including the Client ID and save it (the options comes from the communication system set up).
Example: Configure a SAP Cloud Platform Integration - Process Integration user based on OAuth 2.0 Client ID
Access the authorization configurations in the SAP Cloud Cockpit:
Under users, specify the name using the OAuth Client ID with the "oauth_client_" preffix:
Add the required role to the user afterwards and save.
Next time you execute the S4 Cloud process the systems will negotiate the token and authentication behind the scenes.
Using S/4 Cloud OAuth 2.0 protocol, allows you to quicly connect to SAP Cloud Platform, basically it represents a big advantage in terms of authentication in contrast to certificate based authentication.
Also this example applies to other SAP and non-SAP clients which support OAuth.
Special thanks to nghia.nguyen for the guidance and example on SAP Cloud Plaform Integration.