Defining Connectivity¶
Define destinations for the selected application. You can also edit Mobile and On-Premise destinations.
A destination is a connection to a data source.
The Mobile Connectivity feature of SAP Mobile Services allows you to define the connectivity to back-end systems that the application can use. You can define any number of destinations to different back ends. Those destinations are to be used exclusively by the application for which they are configured. You can restrict access to allowed paths. For applications that access Web services containing relative URLs, you can add the relative paths to enable the product to handle requests correctly. You can implement service keys for authentication.
In SAP mobile service cockpit, you can view the properties of SAP Fiori applications and connections that were developed using other tools and imported into SAP Mobile Services, but you cannot edit their properties; input fields and buttons are grayed out or hidden.
Creating Destinations¶
- In SAP mobile service cockpit, select Mobile Applications > Native/
MDK
.
For a Native/MDK
app, you see a list of mobile applications with columns for Application ID, Name, Vendor, Type of Application, License Type, State, Outdated, and Creation Date.
-
For Native/
MDK
apps, select an application, then select Mobile Connectivity under Assigned Features (or add it first). -
For Configuration Under Mobile Destinations, you can view current destinations for the selected application.
Destinations
Field Value Name The destination name. URL The destination URL. Rewrite Mode For application back-end connections, the rewrite mode defines how the mobile services handles request and response messages. To enable applications that use external back ends to run offline, select one of the supported rewrite modes. SSO Mechanism/Authentication The single sign-on or authentication security methods employed for the destination. Actions The actions available, such as edit or delete a connection, ping a back-end connection, and test an OData application destination. If an action is not supported, the icon is grayed out or absent. For example, pinging and testing OData destinations are not supported for some SSO methods. Use the icon to test connectivity using the mobile application URL in a separate web browser. -
(Optional) Select , and use the Create Destination dialog to create a new destination. For more information, see Creating a Destination for details.
-
Select a row to view its settings in the Destination Overview.
The overview varies by configuration, but common sections include:
-
Info ‒ basic configuration settings.
-
Rewrite Method ‒ rewrite URL settings.
-
Security ‒ important security settings.
-
Custom Headers ‒ key: value pairs defined for static headers, or a cookie value with a variable.
Note
You can edit some settings, or Ping the connection if Ping is supported for the SSO method used.
-
-
(Optional) From the Service Keys tab, for some features you can implement a service key, which enables an application to access a service instance using a service key as its credentials. The feature must be able to support service keys. If you do not see the Service Keys tab for a feature, the option is not available. For more information, see Service Keys.
-
(Optional) Select the Info tab to see useful URLs.
Creating a Destination¶
Define a new destination to a data source or service. Options for creating destinations in the Cloud Foundry environment:
-
Create a new mobile destination, configuring all aspects of its connection, including security. This gives you full control of all available configuration settings.
-
Create a mobile destination using an existing Cloud Foundry service instance in the same space. This enables you to quickly configure a connection by reusing an existing instance.
-
Create a mobile destination that references an existing cloud destination. The mobile destination uses the security configuration of the cloud destination. This enables you to use existing cloud destinations that are already available on the SAP Business Technology Platform sub-account for a mobile application in mobile services.
Create the destination:
-
In SAP mobile service cockpit, select Mobile Applications > Native/
MDK
. -
Select an application, then select Mobile Connectivity under Assigned Features (or add it first).
If the create icon does not appear, this means you have reached the destination limit imposed by your service plan. You may also see a message, such as "Total destinations per application can be 5 only in a free license type". To mitigate, delete one of the destinations. For more information, about service plan limits see Service Plans.
-
Choose the Create icon . Alternatively you can create a destination using an existing Cloud Foundry service instance in the same space, as described in Creating a Destination with Service Instances.
-
In Create Destination, under Basic Info screen, enter the following as required, and then click Next:
Field Value Destination Name Provide a name for the destination. Destination Type Choose your Destination Type from the drop-down list. You will find the following options: Internet Destination(default), SAP Destination Service and Use Cloud Connector Cloud Destination Name (appears only if SAP Destination Service
is selected under Destination Type)Select the value help icon, and then select an existing cloud destination. Relative Service Path (appears only if SAP Destination Service
is selected under Destination Type)Specify the path to be appended to your OData Service. URL (appears only if Internet Destination
orUse Cloud Connector
is selected under Destination Type)URL that the application uses to access business data on the back-end system or service. If the URL points to a service, it must include the document destination that you assign to the service. You can enter an http://
URL or anhttps://
URL (for the latter, you are prompted for keystore, certificate, and truststore values later in the process). If you are implementing Custom Push, enter the URL of the push notification server that will distribute push notifications. The mobile services server sends a general notification message to the push destination server. The destination server handles further forwarding of the notifications. For more information, see Custom Push.Allowed Paths Use Allowed Paths to restrict access to a few sub-paths of the Destination URL. For example, if the Destination URL is configured as https://www.test.com/sap
, and you only want to allow access tohttps://www.test.com/sap/customer.svc
andhttps://www.test.com/sap/product.svc
, then configure Allowed Paths to contain/customer.svc
and/product.svc
. HTTP requests starting with these URLs will be allowed, and others will be rejected with a 403 status code. The entered paths are case-sensitive. Please notice that wildcard characters are not supported but are implicit at the end of the string.Use Cloud Connector f you select to use the SAP Cloud Connector
, provide the location id in the Cloud Connector Location ID field or leave it blank.Maximum Connections (Optional) The maximum number of connections that this application can use for connection pooling. Valid values are 0‒9999. Factors to consider are: - Expected number of concurrent application users
- Acceptable load for the back-end system
Maximum Request Size (bytes) (Optional) The maximum size of the HTTP request payload in bytes. Set a value from 1 ‒ 134217728. Set to 0 to indicate the request should not contain a request body. If the value is not set, then 10485760 (default) is used. Timeout (ms) (Optional) The number of milliseconds before the connection times out. If set to 0, a system-wide default value of 60 seconds is used. Online Request Threshold (Optional) Set a threshold value from 1 ‒ 2147483647 to restrict the maximum number of requests per second. Leave blank (default) or set to 0 or -1 to remove a threshold. Rewrite Mode Keep in mind that to enable applications that use external back ends to run offline, you must select either Rewrite URL or Rewrite URL on Back End. Select one of: - Rewrite URL – in request and response messages, the mobile services replaces all back-end URLs with the mobile service URL. The Rewrite URL format for Web-type applications is
https://<mobileServiceHost>/<back-end_connection_ID>?X-SMP-APPID=<applicationID>
. Note that if you enable URL rewrite in the Mobile Offline service, you must also configure these settings for the Mobile Connectivity destination: (1) set the Rewrite Mode attribute to Rewrite URL, and (2) ensure that the Relative Rewrite Paths attribute is empty. See Editing the Application Configuration for information about URL Rewrite in Offline Service. - Rewrite URL on Back End – the back end rewrites the URLs. The mobile services forwards the host name and port to the back end in an HTTP header, and the back end creates the URL to retrieve back-end resources. To expose the full URL to clients, the mobile service passes the endpoint in the
X-SMP-ENDPOINTNAME
header. The URL format for Web applications ishttps://<host>/<back-end path>?X-SMP-APPID=<applicationID>
. - No Rewriting – request and response messages are not modified. The mobile services passes messages directly between clients and the back end. The URL format for Web applications is
https://<mobileServiceHost>/<back-end_connection_ID>?X-SMP-APPID=<applicationID>
.
Note: The mobile services does not provide the functionality to use No Rewriting mode to support external back ends for offline usage. - Rewrite URL: The server performs a virus check scan for the incoming data. Rewrite URL applications should use only No Rewriting mode.
- Custom Rewrite URL – for request and response messages, you can define a search string and a replacement string, which need not be URLs.
Keep X-Forwarded-* Header This option appears when you edit a destination. Select the check box to enable or disable the SetXForwardedHeaders
property (disabled by default). The property is used by proxy to establish endpoint connection.Select the check box to enable or disable the option to pass along theX-Forwarded-*
headers, which contain information about the sender of the HTTP request and the original URL being called (disabled by default) to the Destination. -
(Optional) If you set the Rewrite Mode to Custom Rewrite URL, define its values on the subsequent Inbound Rewrite Rules and Outbound Rewrite Rules screens, and click Next.
For more information, see URL Rewrite Modes.
-
(Optional) On Custom Headers, configure key/value pairs for the header destination, and then click Next.
Select to configure headers for the destination. For example, you can:
-
Set up a static HTTP header for an API key when consuming SAP Business Accelerator Hub APIs.
-
Create a custom header with a cookie value that includes a variable for outgoing requests. For example, if a back-end server generates a cookie, all subsequent requests for the same back end include a custom header with the value of the cookie (if the specified cookie does not exist, the custom header is not added to the outgoing request). For more information, see Custom Headers for Cookie Variables.
The headers must comply with IF RFC Standards, 7230, section 3.2: https://tools.ietf.org/html/rfc7230section-3.2.
The key/value pairs are sent to the back end with each request.
Field Value Header Name - Must not be empty.
- Must start with an alphabetic character.
- Must include only alphanumeric characters, numbers, and minus signs (no special characters).
Header Value - Can be empty.
- The first and last character cannot be a space, per HTTP standards.
- The value format for a cookie header:
"${cookie::<cookie name>}"
. For example,"${cookie::SAP_SESSIONID_GW1_001}"
, which retrieves the value of cookie"SAP_SESSIONID_GW1_001"
at runtime.
Override Client - Indicates if the header should override the header sent from client.
-
-
(Optional) On Annotations, configure annotations for the destination, so that all apps using this destination can access the annotations and generate the UI, and then click Next.
Choose Add Annotation URL if you know the URL for the annotation file. Choose Add Annotation File to browse and upload the file.
When configuring the annotation, keep in mind that the current framework is based on the Endpoint configuration. This means that the back-end URL is the base, and any path must be a relative path to the base URL, otherwise security issues may be the result.
For example, if the back-end URL is:
http://host:port/odata.svc/
and the annotation path is:
/a1/annotations(...)
the actual URL requested is:
http://host:port/odata.svc/a1/annotations(...)
Note
Relative paths are not supported when an ABAP Gateway back end, and the OData Service and annotation file are in different paths.
-
On Destination Configuration screen, enter the following as required, and then click Next.
Field Value Relative Rewrite Paths Enter a comma-delimited list of relative URLs, for example, /sap/bc, /sap/public/bc
. If an application requires data from a back end that uses relative URLs, define them here. The mobile services rewrites the relative URLs to include the connection name, enabling access to the back-end data. For example, a Web service application requests an HTML page namedabc.html
, which contains the relative URLs/sap/bc
and/sap/public/bc
in itssrc
orhref
tags. When a request is made, the relative URLs contained in the response are rewritten, so that subsequent requests (to these relative URLs) can be processed correctly. For example, if "webApp" is the connection name, and the response contains the relative URLs/sap/bc,/sap/public/bc
, these are changed to/webApp/sap/bc,/webApp/sap/public/bc
Propagate User Name Not applicable when application Security Configuration is set to None. When enabled, the back end uses information in the X-SMP-ENDUSERNAME <user name>
header to identify the user who sent the request. For more information, see HTTP Headers Used to Propagate User IDs.Virus Scans - Inbound Traffic: The server performs a virus check scan for the incoming data.
- Outbound Traffic: The server performs a virus check scan for the outgoing data.
SSO Mechanism (does not appear if SAP Destination Service is enabled) Select a single sign-on option from the list of available options. SAP Mobile Services supports the following SSO options:
-
No Authentication does not add any authentication or user information to the request. It can be used when the targeted service does not require any authentication or the authentication is performed by adding an API-Key header, like
X-API-Key
. For more information, see SSO Option: None. -
Basic Authentication is used when the target service requires technical user Authentication. No caller information is forwarded. For more information, see SSO Option: Basic Authentication.
-
Application to Application SSO is used for legacy services deployed on BTP Neo. This is an interim solution and it is recommended to migrate your service to BTP Cloud Foundry. For more information, see SSO Option: Application to Application SSO.
-
Forward Authentication can be used when the target is deployed in the same space and uses the same XSUAA instance, or the back-end grants scope access to SAP Mobile Services. Check Forward User Token to App Router when the target is the app router. For more information, see SSO Option: Forward Authentication.
-
OAuth2 SAML Bearer Assertion is for legacy services deployed on BTP Neo that uses OAuth2 SAML authentication. This is an interim solution and it is recommended to migrate your service to BTP Cloud Foundry. For more information, see SSO Option: OAuth2 SAML Bearer Assertion.
-
OAuth2 Client Credentials can be used for technical user authentication via OAuth2 client credentials. No caller information is forwarded. For more information, see SSO Option: OAuth2 Client Credentials.
-
OAuth2 User Token Exchange is used when the target is in the same BTP Cloud Foundry sub account, but uses a different XSUAA instance. For more information, see SSO Option: OAuth2 User Token Exchange.
-
Cloud Connector SSO Enables principal propagation through SAP SAP Cloud Connector.
-
IAS Application-to-Application SSO can be used when SAP Cloud Identity Service is used by your mobile app and target. For more information, see SSO Option: IAS Application-to-Application
For detailed configuration examples, see How to configure SSO Mechanism in Mobile Connectivity
-
On Certificate Configuration, if you entered an
https://
URL in step 4, enter keystore, certificate, andTrustStore
values. If you entered anhttp://
URL, or enabled SAP Destination service, proceed to the next step.Certificate Configuration
Field Value Keystore The Keystore file in .keystore
or.jks
format. You can Browse to locate a keystore.Encoded Keystore The name for the encrypted version of your private key. Keystore Password The password associated with the Keystore. Certificate Alias The alias name associated with the Keystore. Truststore The Truststore file. You can Browse to locate a truststore. Encoded Truststore The name for the encrypted version of your private key. Truststore Password The password associated with the Truststore. -
Click Finish to complete the configuration. A summary of configuration settings appears, with appropriate categories for the app, such as Info, Security, Rewrite Method, Annotations, and Customer Headers.
You can click Edit to make corrections.
For Security > SAML Metadata, select Download to download application-level metadata locally. In Download Metadata, specify the metadata expiration date, and then select Download. You can select one year (default), or use the date picker to select the expiration month and year. If the metadata value is set at a global level, this value will overwrite the global value for this application.
Once you create a new destination, action icons appear on the overview page for the selected application. Use the icons to test connectivity.
-
Select Testing OData Destination Quality in a Browser to check OData quality for the selected destination. This enables administrators and developers to conduct inspections on the back-end OData service and to identify and resolve potential issues.
-
Select OData Application Destination Test to test destination links for OData applications. This enables an Admin user to verify an OData service, and provides a way to browse metadata information and preview back-end data.
-
Select Ping to verify the connection to the destination.
-
Select Launch in Browser to test destination connectivity for all authentication types and for OData applications from a web browser. A new browser tab is launched using the mobile application URL, the same URL that the application uses to interact with the destination.
-
Note
This feature is not available for some app types, such as Micro App and DingTalk. If the feature is not available for the selected app type, the action icons do not appear or are grayed out.
SSO Option: No Authentication¶
Back ends require no credentials for authentication. Your destination is granted direct access to the relevant on-premise service.
SSO Option: Basic Authentication¶
Enables basic authentication to the back-end system. Enter:
-
User Name and Password – the user name and password to access the back-end system.If you do not provide a user name and password, and mobile services authenticates the end-user credentials using Basic, the user name and password credentials are propagated to the back end.
-
Credential
Charset
Name – the default isUTF-8
. Use the default, or enter another value. If the destination is an SAP NetWeaver ABAP application server, you must enterISO-8859-1
. (This is because SAP Mobile Services uses UTF-8 encoding and SAP NetWeaver ABAP application server requires ISO-8859-1 encoding).
SSO Option: Application to Application SSO¶
Enables mobile services to propagate user identities to other applications, which are consumed (deployed or subscribed) in the same SAP Business Technology Platform account. A user identity is propagated to the application that is specified in the URL.
- Issuer – the trusted application source, such as "mobile services.
- Audience – the recipient audience, such as "hana.ondemand.com.
- Signing Key – the generated key used to propagate the user identity. Select Generate Key to generate the signing key. A SAML Download field appears in the destination overview page once you complete the configuration.
Keep in mind these requirements:
- The proxy type for the destination must be Internet.
- To configure Application-to-Application SSO for an application not hosted on the same SAP Business Technology Platform account; see the
saml2_audience
section in Application-to-Application SSO Authentication.
SSO Option: Forward Authentication¶
Forwards the incoming JWT token in the authorization header to the back end. The token could be used to log in as a certain user type, such as an Admin. Typical uses for Forward Authentication include accessing the WeChat sample back end, and accessing the Fiori Launchpad as a user type.
When the Forward Authentication Certificate Configuration is configured for an end point, the checkbox Forward User Token To AppRouter appears. Select the checkbox to enable. When enabled, the user token is forwarded to the app-router application as an x-approuter-authorization
header. Keep in mind that the app-router version installed on the back-end server must be equal to or later than version 5.15.0. Earlier versions do not support SSO access.
SSO Option: OAuth2 SAML Bearer Assertion¶
Enables applications to use SAML assertions to access OAuth protected resources. Enter:
- Forward User Token to AppRouter – enable capability to forward user tokens to the AppRouter for SSO authentication.
- Audience (required) – intended assertion audience, which is verified by the target OAuth authorization server.
- Token Service URL (required) – URL of the OAuth server.
- Token Service URL Type (required) – the URL type, either Dedicated or Common.
- Client Key (required) – key that identifies the consumer to the authorization server.
- Client Secret – password for the token service user (no longer mandatory).
- SAML Assertion Issuer (required) – issuer of the SAML assertion.
- Signing Key (required) – key used for signing the SAML Assertion, which is used for exchanging the token from OAuth Server. Select Generate Key to generate the signing key. Once you finish the configuration, a summary page is provided for the destination. In the Security section, the SAML Metadata field appears. You can configure the metadata expiration date for the application, and download the SAML metadata locally.
- Name ID Format – value of the
NameIdFormat
tag, which is part of the generated OAuth2 SAML Bearer Assertion authentication. Select a value from the drop-down list:urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified [default value]
. Other format values include:urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
,urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
andurn:oasis:names:tc:SAML:2.0:nameid-format:transient
. - Authentication Context – value of the
AuthnContextClassRef
tag, which is part of the generated OAuth2 SAML Bearer Assertion authentication. For more information, see SAML 2.0 specification. - Scope (optional) – limits an application's access to a users account. You can make one or more entries; this information is presented to the user in the consent screen, and the access token issued to the application will be limited to those granted.
- SAML System User – SAML user who requests an access token from the OAuth authorization server. If this property is not specified, the currently logged-in user is used.
- SAML Name Qualifier – security domain of the user for which the access token is requested.
- Company ID – the company identifier associated with the security domain.
- User ID Source – the issuer of the user identifier, typically the currently logged-in user.
- API Key – the API-key that is sent in the request header and used as the password to authenticate a request.
SSO Option: OAuth2 Client Credentials¶
The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user. Enter:
- Token Service URL – URL of the OAuth server.
- Client ID– the client username.
- Client Secret– the client password.
- Scope (optional) – limit an application's access to a user's account. You can make one or more entries; this information is presented to the user in the consent screen, and the access token issued to the application is limited to those granted.
SSO Option: OAuth2 User Token Exchange¶
Supports JSON Web Token (JWT) authentication. Token exchange enables easier integration of Cloud Foundry service instances from the same space. You can find the required information in the Service Key details of the target service. If required, you must create a Service Key beforehand. Enter:
- Forward User Token to AppRouter – enables the capability to forward user tokens to the AppRouter for SSO authentication.
- Token Service URL – URL of the OAuth token exchange server.
- Token Service URL Type – select Dedicated (default) or Common. Common is used for multi-tenant services, whereas Dedicated is used for single tenant services.
- Client ID – the client username.
- Client Secret – the client password.
- Scope (optional) – limits an application's access to a user's account. You can make one or more entries; this information is presented to the user in the consent screen, and the access token issued to the application will be limited to those granted.
SSO Option: Cloud Connector SSO¶
Enables principal propagation through SAP SAP Cloud Connector.
SSO Option: IAS Application-to-Application SSO¶
The IAS Application to Application SSO type introduced to enable access to backend service that is protected as an SAP Cloud Identity Service (IAS) application from an IAS based mobile application. This is Implemented based on the corresponding IAS concept. For more information, see Integrating Applications.
This requires a single mandatory property, dependencyName, which is the name of the dependency configured for the IAS application of the mobile application as the consumer application in IAS. The IAS application of backend service is the provider application in IAS. For details on how to configure this, see Configure Integration Between Applications.
For this SSO type requires mobile application must be IAS security type, and the backend service must also use IAS security. However, they should be using different IAS applications within the same IAS tenant.
Note
While configuring the new mobile application, in Security Settings screen, if the user select IAS Settings, this SSO type will be displayed during the destination configuration. This SSO type is not applicable for XSUAA Settings.
BuildApp
type application will create a destination with this type SSO to send usage metering.
Custom Headers for Cookie Variables¶
As an administrator, you can configure a mobile destination that uses a custom header with a cookie value in outgoing requests, instead of a static HTTP header. This extends the mobile destination custom header feature.
Before you start, you must identify the cookie value that the back-end server generates, such as "SAP_SESSIONID_GW1_001"
. You'll need this value to configure the custom header.
With this feature you can specify a cookie name as the custom header value; retrieve the cookie value from the server; and use the custom header value at runtime. For example, a back-end server generates a cookie named, "SAP_SESSIONID_GW1_001"
. Once the cookie is generated, all subsequent requests for this back-end server includes the custom header "SAP_SESSIONID"
and the cookie value, "SAP_SESSIONID_GW1_001"
.
The value format is "${cookie::<cookie name>}"
, for example, "${cookie::SAP_SESSIONID_GW1_001}"
. This retrieves the cookie value "SAP_SESSIONID_GW1_001"
at runtime. If the specified cookie does not exist, the custom header is not added to the outgoing request.
-
Create a mobile destination using the Create Destination dialog, as described in Creating a Destination.
-
On the Custom Headers page, for Header Name and Header Value, create a key/value pair using the custom header and cookie values.
-
Complete additional configuration, and then save the destination.
Once configured, all requests that are sent to the back-end server include the custom header and cookie values in outgoing requests.
Editing a Destination¶
Modify settings for an existing destination.
Note
To prevent momentary inconsistencies, SAP recommends that you modify destination configurations when few users are active. Users should be able to use destinations without inconsistencies after you save the changes.
In SAP mobile service cockpit, you can view the properties of SAP Fiori applications and connections that were developed using SAP Business Technology Platform mobile service for app and device management and imported into SAP Mobile Services, but you cannot edit their properties; input fields and buttons are grayed out or hidden.
-
In SAP mobile service cockpit, select Mobile Applications > Native/
MDK
. -
Select an application, then select Mobile Connectivity under Assigned Features (or add it first)
-
Select a destination and click .
-
In the Edit Destination window, edit the details as required.
Note
If the application is configured with an origin policy, some fields may not be available.
-
Click Finish.
Deleting a Destination¶
You can delete a destination only if it is not mapped to an application.
-
In SAP mobile service cockpit, select Mobile Applications > Native/
MDK
. -
Select an application, then select Mobile Connectivity under Assigned Features (or add it first)
-
Select a destination and click .
-
Click OK to confirm. You are prompted if the destination is in use and cannot be deleted.
Creating a Destination with Service Instances¶
Define a new destination to a back-end system using existing Cloud Foundry service instances.
Prerequisites for Document service:
-
In SAP Business Technology Platform, Entitlements, add an entitlement for the Document Management Repository option to the subscriber subaccount.
The Document Management Repository option entitlement must include a quota. The free plan includes a quota of two units. If that is not enough, you can update it by removing the current entitlement and creating a new entitlement with a larger quota.
-
In SAP Business Technology Platform, Services > Service Instances, create a Document Management, integration option instance for the service instance.
-
Only Document service instances that have been allow-listed are available.
You can create destinations from existing service instances that are available in the same Cloud Foundry space. All aspects of the destination are configured, including URL and security (usually OAuth Token Exchange). You can select only one service instance at a time, so if you want to create multiple service instances you must create separate destinations.
Note
Currently these service instances can be integrated:
- Workflow service instances
- Document service instances
-
In SAP mobile service cockpit, select Mobile Applications > Native/
MDK
. -
Select an application, then select Mobile Connectivity under Assigned Features (or add it first).
-
Select Use a Cloud Foundry Service.
-
On Select Cloud Foundry Service, select a service from the list of available service instances, and select OK. When the document service destination is created successfully, you can Ping it.
You can only add one service at a time. Depending on the service, one or several destinations are created.
-
You can take action, such as edit or delete; or you can add another destination using another existing service. For some SSO methods, you can test the destination.
Creating a Micro App Destination¶
Define destinations for the selected Micro App. A destination is a connection to a data source or service. SAP mobile service cockpit supports one primary endpoint per application ID.
However, an administrator can create multiple secondary endpoints for services that an application uses; these secondary endpoints are treated as proxy connections. For applications that access Web services containing relative URLs, add the relative paths to enable the product to handle requests correctly.
-
In the SAP mobile service cockpit, select Mobile Applications > Micro App, then select the application.
-
Select Mobile Connectivity under Assigned Features.
-
Select Configuration to configure application connectivity. Under Mobile Destinations is a list of available connections.
-
Select Use a Cloud Foundry Service to use an available service.
-
Alternatively, select the create icon and use the Create Destination dialog to create a new destination.
Provide entries for Basic Information, Custom Headers, Annotations, Destination Configuration, Annotations, and Destination Configuration as needed.
-
Select Finish.
Creating a DingTalk Destination¶
The DingTalk H5 Application requires you to set different exit node IPs for different customers. Destination service is used to distinguish between different customers in the same landscape. You can either use the SAP Cloud Connector as a proxy server or create your own HTTP proxy server.
Configuring Destinations Using the SAP Cloud Connector¶
You can configure DingTalk destinations by using the SAP Cloud Connector as a proxy server.
-
In the SAP Cloud Connector cockpit, select your Subaccount.
-
Select Cloud To On-Premise on the left navigation panel.
-
Select Access Control and click the Add icon .
-
In the Add System Mapping dialog:
-
Select Non-SAP System as the Back-end Type and click Next.
-
Select HTTPS as the Protocol and click Next.
-
Enter
oapi.dingtalk.com
as the Internal Host,443
as the Internal Port, and click Next. -
Enter
oapi.dingtalk.local
as the Virtual Host,80
as the Virtual Port, and click Next. Note that the virtual host name can be anything other thanoapi.dingtalk.com
. -
Select Use Internal Host as the Host in Request Header and click Next.
-
Verify the mapping and click Finish.
-
-
Select the mapping you created and click the Add icon to add the resources.
-
In the Add Resource dialog, enter
/
as the URL Path, select Path And All Sub Paths as the Access Policy, and click Save. -
In any web browser, open
<https://oapi.dingtalk.com>
, click the lock icon and save the certificate file. -
Select Configuration on the left navigation panel.
-
Select ON PREMISE > Trust Store and click the Add icon .
-
In the Add Public Key dialog:
-
Click Browse.
-
Select the certificate you downloaded and click Save.
-
-
In the SAP Business Technology Platform cockpit, select your Subaccount.
-
Select Destinations on the left navigation panel and click New Destination.
-
Under Destination Configuration, enter:
Properties
Field Value Name dingtalk
Type HTTP URL http://oapi.dingtalk.local
Note that the URL ishttp://<virtual host name>
.Proxy Type OnPremise
Authentication NoAuthentication
Location ID Your SAP Cloud Connector location ID. MobileEnabled
(Optional)True -
Click Save.
Configuring Destinations Using HTTP Proxy¶
You can configure DingTalk destinations by creating your own proxy server.
-
In the SAP Cloud Connector cockpit, select your Subaccount.
-
Select Destinations on the left navigation panel and click New Destination.
-
In the Destination Configuration dialog, enter:
Properties
Field Value Name dingtalk
Type HTTP URL Specify your HTTP proxy server URL. Proxy Type Internet Authentication NoAuthentication
MobileEnabled
(Optional)True Use default JDK truststore Select the checkbox to enable. -
Click Save.