Connect to Cloud Foundry Services

You can create destinations to Cloud Foundry services and consume them in the applications you create with SAP Web IDE for Full-Stack Development.


You must be an administrator in your SAP Cloud Platform account.


  1. Create a destination (on the SAP Cloud Platform account running your SAP Web IDE) to your Cloud Foundry service, as described in SAML Bearer Assertion Authentication.
    Set the following parameters:
    • Type: HTTP
    • URL: https://[myorg-myspace]-[service]
    • Proxy Type: internet
    • Authentication: OAuth2SAMLBearerAssertion
    • Client Key, Client Secret, Audience, and Token Service URL: Go to the Cloud Foundry command line and enter cf env <application-name>, which will provide service credentials.
      • Client Key: Use the value in clientid
      • Client Secret: Use the value in clientsecret
      • Audience and Token Service URL: Use the value in url followed by the path /oath/token.
    Make sure to add the following additional parameters to the destination:
    • TrustAll: true

    • WebIDEEnabled: true

    • WebIDESystem: API

    • WebIDEUsage: odata_gen

  2. Establish trust from your SAP Cloud Platform account (where you are running SAP Web IDE) to your SAP Cloud Platform Cloud Foundry organization, as described in Principal Propagation from the Neo to the Cloud Foundry Environment.


When trying to connect to your Cloud Foundry system, here are some errors you may get and some probable causes:
  • 500:
    • The identity provider (IDP) is not in an active state.

    • No trust was configured

    • The default user account and authentication (UAA) needs to be used

  • 403:
    • Roles collection is missing

    • Application roles are missing

    • Roles collection was assigned incorrectly