Skip to content

Defining Connectivity

Define destinations for the selected application. You can also edit Mobile and On-Premise destinations.

A destination is a connection to a data source.

The Mobile Connectivity feature of SAP Mobile Services allows you to define the connectivity to back-end systems that the application can use. You can define any number of destinations to different back ends. Those destinations are to be used exclusively by the application for which they are configured. You can restrict access to allowed paths. For applications that access Web services containing relative URLs, you can add the relative paths to enable the product to handle requests correctly. You can implement service keys for authentication.

In SAP mobile service cockpit, you can view the properties of SAP Fiori applications and connections that were developed using other tools and imported into SAP Mobile Services, but you cannot edit their properties; input fields and buttons are grayed out or hidden.

Creating Destinations

  1. In SAP mobile service cockpit, select Mobile Applications > Native/MDK or SAP Mobile Cards.

For a Native/MDK app, you see a list of mobile applications with columns for Application ID, Name, Vendor, License Type, State, Outdated, and Creation Date.

For SAP Mobile Cards, you see a list of card templates, with columns for Name, Destination/SAP Client/Site ID, Status, Version, Card Template Class, Card Template Type, and Actions.

  1. For Native/MDK apps, select an application, then select Mobile Connectivity under Assigned Features (or add it first).

    For SAP Mobile Cards select Features, then select Mobile Connectivity under Assigned Features (or add it first)).

  2. For Configuration Under Mobile Destinations, you can view current destinations for the selected application.

    Destinations

    Field Value
    Name The destination name.
    URL The destination URL.
    Rewrite Mode For application back-end connections, the rewrite mode defines how the mobile services handles request and response messages. To enable applications that use external back ends to run offline, select one of the supported rewrite modes.
    SSO Mechanism/Authentication The single sign-on or authentication security methods employed for the destination.
    Actions The actions available, such as edit or delete a connection, ping a back-end connection, and test an OData application destination. If an action is not supported, the icon is grayed out or absent. For example, pinging and testing OData destinations are not supported for some SSO methods. Use the popup-window icon to test connectivity using the mobile application URL in a separate web browser.
  3. (Optional) Select add , and use the Create Destination dialog to create a new destination. See Creating a Destination for details.

  4. Select a row to view its settings in the Destination Overview.

    The overview varies by configuration, but common sections include:

    • Info ‒ basic configuration settings.

    • Rewrite Method ‒ rewrite URL settings.

    • Security ‒ important security settings.

    • Custom Headers ‒ key:value pairs defined for static headers, or a cookie value with a variable.

    Note

    You can edit some settings, or Ping the connection if Ping is supported for the SSO method used.

  5. (Optional) From the Service Keys tab, for some features you can implement a service key, which enables an application to access a service instance using a service key as its credentials. The feature must be able to support service keys. If you do not see the Service Keys tab for a feature, the option is not available. See Service Keys.

  6. (Optional) Select the Info tab to see useful URLs.

Creating a Destination

Define a new destination to a data source or service. Options for creating destinations in the Cloud Foundry environment:

  • Create a mobile destination, configuring all aspects of its connection, including security. This gives you full control of all available configuration settings.

  • Create a mobile destination using an existing Cloud Foundry service instance in the same space. This enables you to quickly configure a connection by reusing an existing instance.

  • Create a mobile destination that references an existing cloud destination. The mobile destination uses the security configuration of the cloud destination. This enables you to use existing cloud destinations that are already available on the SAP Business Technology Platform sub-account for a mobile application in mobile services.

Create the destination:

  1. In SAP mobile service cockpit, select Mobile Applications > Native/MDK or SAP Mobile Cards.

  2. Select an application, then select Mobile Connectivity under Assigned Features (or add it first).

    If the create icon does not appear, this means you have reached the destination limit imposed by your service plan. You may also see a message, such as "Total destinations per application can be 5 only in a free license type". To mitigate, delete one of the destinations. See Service Plans for information about service plan limits.

  3. Select the Create icon add . Alternatively you can create a destination using an existing Cloud Foundry service instance in the same space, as described in Creating a Destination with Service Instances.

  4. In Create Destination, under Basic Info, enter the following as required, and then click Next:

    Field Value
    Destination Name Provide a name for the destination.
    SAP Destination Service Select to create a mobile destination that uses the settings of an existing SAP Business Technology Platform destination.
    Cloud Destination Name (appears only if SAP Destination Service is enabled) Select the value help icon, and then select an existing cloud destination. The value help only shows destinations having the property MobileEnabled=true.
    Standard Path to Add (appears only if SAP Destination Service is enabled) Enter the path information to be added by default to the URL configured in the cloud destination.
    URL URL that the application uses to access business data on the back-end system or service. If the URL points to a service, it must include the document destination that you assign to the service. You can enter an http:// URL or an https:// URL (for the latter, you are prompted for keystore, certificate, and truststore values later in the process). If you are implementing Custom Push, enter the URL of the push notification server that will distribute push notifications. The mobile services server sends a general notification message to the push destination server. The destination server handles further forwarding of the notifications. See Custom Push for additional information.
    Allowed Paths Use Allowed Paths to restrict access to a few sub-paths of the Destination URL. For example, if the Destination URL is configured as https://www.test.com/sap, and you only want to allow access to https://www.test.com/sap/customer.svc and https://www.test.com/sap/product.svc, then configure Allowed Paths to contain /customer.svc and /product.svc. HTTP requests starting with these URLs will be allowed, and others will be rejected with a 403 status code. The entered paths are case-sensitive. Please notice that wildcard characters are not supported but are implicit at the end of the string.
    Use Cloud Connector (does not appear if SAP Destination Service is enabled) (Optional) Indicates if SAP Cloud Connector must be used. If you choose to use the SAP Cloud Connector and you have multiple SAP Cloud Connector instances running, provide the location id in the Cloud Connector Location ID field. You can leave it blank if you only use a single instance.
    Maximum Connections (Optional) The maximum number of connections that this application can use for connection pooling. Valid values are 0‒9999. Factors to consider are:
    • Expected number of concurrent application users
    • Acceptable load for the back-end system
    To disable connection pooling, set the value to 0. This creates a new connection for each new request, which may increase processing times. SAP recommends that you disable connection pooling only if the back-end system does not support pooled connections.
    Maximum Request Size (bytes) (Optional) The maximum size of the HTTP request payload in bytes. Set a value from 1 ‒ 2147483647. Set to 0 to indicate the request should not contain a request body. If the value is not set, then 10485760 (default) is used.
    Timeout (ms) (Optional) The number of milliseconds before the connection times out. If set to 0, a system-wide default value of 60 seconds is used.
    Online Request Threshold (Optional) Set a threshold value from 1 ‒ 2147483647 to restrict the maximum number of requests per second. Leave blank (default) or set to 0 or -1 to remove a threshold.
    Rewrite Mode Keep in mind that to enable applications that use external back ends to run offline, you must select either Rewrite URL or Rewrite URL on Back End. Select one of:
    • Rewrite URL – in request and response messages, the mobile services replaces all back-end URLs with the mobile service URL. The Rewrite URL format for Web-type applications is https://<mobileServiceHost>/<back-end_connection_ID>?X-SMP-APPID=<applicationID>. Note that if you enable URL rewrite in the Mobile Offline service, you must also configure these settings for the Mobile Connectivity destination: (1) set the "Rewrite Mode" attribute to "Rewrite URL", and (2) ensure that the "Relative Rewrite Paths" attribute is empty. See Editing the Application Configuration for information about URL Rewrite in Offline Service.
    • Rewrite URL on Back End – the back end rewrites the URLs. The mobile services forwards the host name and port to the back end in an HTTP header, and the back end creates the URL to retrieve back-end resources. To expose the full URL to clients, the mobile service passes the endpoint in the X-SMP-ENDPOINTNAME header. The URL format for Web applications is https://<host>/<back-end path>?X-SMP-APPID=<applicationID>.
    • No Rewriting – request and response messages are not modified. The mobile services passes messages directly between clients and the back end. The URL format for Web applications is https://<mobileServiceHost>/<back-end_connection_ID>?X-SMP-APPID=<applicationID>.
      Note: The mobile services does not provide the functionality to use No Rewriting mode to support external back ends for offline usage. For SAP Mobile Cards, the server performs a virus check scan for the incoming data.
    • Rewrite URL: The server performs a virus check scan for the incoming data. Rewrite URL applications should use only No Rewriting mode.
    • Custom Rewrite URL – for request and response messages, you can define a search string and a replacement string, which need not be URLs.
    For more details about the different rewrite mode options, see Rewrite Modes.
    Keep X-Forwarded-* Header This option appears when you edit a destination. Select the check box to enable or disable the SetXForwardedHeaders property (disabled by default). The property is used by proxy to establish endpoint connection.
    Select the check box to enable or disable the option to pass along the X-Forwarded-* headers, which contain information about the sender of the HTTP request and the original URL being called (disabled by default) to the Destination.
  5. (Optional) If you set the Rewrite Mode to Custom Rewrite URL, define its values on the subsequent Inbound Rewrite Rules and Outbound Rewrite Rules screens, and click Next.

    For more information, see URL Rewrite Modes.

  6. (Optional) On Custom Headers, configure key/value pairs for the header destination, and then click Next.

    Select add to configure headers for the destination. For example, you can:

    • Set up a static HTTP header for an API key when consuming SAP Business Accelerator Hub APIs.

    • Create a custom header with a cookie value that includes a variable for outgoing requests. For example, if a back-end server generates a cookie, all subsequent requests for the same back end include a custom header with the value of the cookie (if the specified cookie does not exist, the custom header is not added to the outgoing request). See Custom Headers for Cookie Variables.

    The headers must comply with IF RFC Standards, 7230, section 3.2: https://tools.ietf.org/html/rfc7230section-3.2.

    The key/value pairs are sent to the back end with each request.

    Field Value
    Header Name
    • Must not be empty.
    • Must start with an alphabetic character.
    • Must include only alphanumeric characters, numbers, and minus signs (no special characters).
    Header Value
    • Can be empty.
    • The first and last character cannot be a space, per HTTP standards.
    • The value format for a cookie header: "${cookie::<cookie name>}". For example, "${cookie::SAP_SESSIONID_GW1_001}", which retrieves the value of cookie "SAP_SESSIONID_GW1_001" at runtime.
    Override Client
    • Indicates if the header should override the header sent from client.
  7. (Optional) On Annotations, configure annotations for the destination, so that all apps using this destination can access the annotations and generate the UI, and then click Next.

    Choose Add Annotation URL if you know the URL for the annotation file. Choose Add Annotation File to browse and upload the file.

    When configuring the annotation, keep in mind that the current framework is based on the Endpoint configuration. This means that the back-end URL is the base, and any path must be a relative path to the base URL, otherwise security issues may be the result.

    For example, if the back-end URL is:

    http://host:port/odata.svc/

    and the annotation path is:

    /a1/annotations(...)

    the actual URL requested is:

    http://host:port/odata.svc/a1/annotations(...)

    Note

    Relative paths are not supported when an ABAP Gateway back end, and the OData Service and annotation file are in different paths.

  8. On Destination Configuration, enter the following as required, and then click Next.

    Field Value
    Relative Rewrite Paths Enter a comma-delimited list of relative URLs, for example, /sap/bc, /sap/public/bc. If an application requires data from a back end that uses relative URLs, define them here. The mobile services rewrites the relative URLs to include the connection name, enabling access to the back-end data. For example, a Web service application requests an HTML page named abc.html, which contains the relative URLs /sap/bc and /sap/public/bc in its src or href tags. When a request is made, the relative URLs contained in the response are rewritten, so that subsequent requests (to these relative URLs) can be processed correctly. For example, if "webApp" is the connection name, and the response contains the relative URLs /sap/bc,/sap/public/bc, these are changed to /webApp/sap/bc,/webApp/sap/public/bc
    Propagate User Name Not applicable when application Security Configuration is set to None) When enabled, the back end uses information in the X-SMP-ENDUSERNAME <user name> header to identify the user who sent the request. See HTTP Headers Used to Propagate User IDs. By default, this option is disabled.
    Virus Scans
    • Inbound Traffic: The server performs a virus check scan for the incoming data.
    • Outbound Traffic: The server performs a virus check scan for the outgoing data.
    SSO Mechanism (does not appear if SAP Destination Service is enabled) Select a single sign-on option from the list of available options.

    SAP Mobile Services supports the following SSO options:

    • None does not add any authentication or user information to the request. It can be used when the targeted service does not require any authentication or the authentication is performed by adding an API-Key header, like X-API-Key. See SSO Option: None.

    • Basic Authentication is used when the target service requires technical user authentication. No caller information is forwarded. See SSO Option: Basic Authentication.

    • OAuth2 Client Credentials can be used for technical user authentication via OAuth2 client credentials. No caller information is forwarded. See SSO Option: OAuth2 Client Credentials.

    • Forward Authentication can be used when the target is deployed in the same space and uses the same XSUAA instance, or the back-end grants scope access to mobile services. Check Forward User Token to App Router when the target is the app router. See SSO Option: Forward Authentication.

    • OAuth2 User Token Exchange is used when the target is in the same BTP Cloud Foundry sub account, but uses a different XSUAA instance. See SSO Option: OAuth2 User Token Exchange.

    • Application to Application SSO is used for legacy services deployed on BTP Neo. This is an interim solution and it is recommended to migrate your service to BTP Cloud Foundry. See SSO Option: Application to Application SSO.

    • OAuth2 SAML Bearer Assertion is for legacy services deployed on BTP Neo that uses OAuth2 SAML authentication. This is an interim solution and it is recommended to migrate your service to BTP Cloud Foundry. See SSO Option: OAuth2 SAML Bearer Assertion.

    For detailed configuration examples, see How to configure SSO Mechanism in Mobile Connectivity

  9. On Certificate Configuration, if you entered an https:// URL in step 4, enter keystore, certificate, and TrustStore values. If you entered an http:// URL, or enabled SAP Destination service, proceed to the next step.

    Certificate Configuration

    Field Value
    Keystore The Keystore file in .keystore or .jks format. You can Browse to locate a keystore.
    Encoded Keystore The name for the encrypted version of your private key.
    Keystore Password The password associated with the Keystore.
    Certificate Alias The alias name associated with the Keystore.
    Truststore The Truststore file. You can Browse to locate a truststore.
    Encoded Truststore The name for the encrypted version of your private key.
    Truststore Password The password associated with the Truststore.
  10. Click Finish to complete the configuration. A summary of configuration settings appears, with appropriate categories for the app, such as Info, Security, Rewrite Method, Annotations, and Customer Headers.

    You can click Edit to make corrections.

    For Security > SAML Metadata, select Download to download application-level metadata locally. In Download Metadata, specify the metadata expiration date, and then select Download. You can select one year (default), or use the date picker to select the expiration month and year. If the metadata value is set at a global level, this value will overwrite the global value for this application.

    Once you create a new destination, action icons appear on the overview page for the selected application. Use the icons to test connectivity.

    • Select Ping to verify the connection to the destination.

    • Select OData Application Destination Test to test destination links for OData applications. This enables an Admin user to verify an OData service, and provides a way to browse metadata information and preview back-end data

    • Select Launch in Browser to test destination connectivity for all authentication types and for OData applications from a web browser. A new browser tab is launched using the mobile application URL, the same URL that the application uses to interact with the destination.

Note

This feature is not available for some app types, such as Micro App and DingTalk. If the feature is not available for the selected app type, the action icons do not appear or are grayed out.

SSO Option: None

Back ends require no credentials for authentication. Your destination is granted direct access to the relevant on-premise service.

SSO Option: Basic Authentication

Enables basic authentication to the back-end system. Enter:

  • User Name and Password – the user name and password to access the back-end system.
    If you do not provide a user name and password, and mobile services authenticates the end-user credentials using Basic, the user name and password credentials are propagated to the back end.

  • Credential Charset Name – the default is UTF-8. Use the default, or enter another value. If the destination is an SAP NetWeaver ABAP application server, you must enter ISO-8859-1. (This is because SAP Mobile Services uses UTF-8 encoding and SAP NetWeaver ABAP application server requires ISO-8859-1 encoding).

SSO Option: OAuth2 Client Credentials

The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user. Enter:

  • Token Service URL – URL of the OAuth server.
  • Client ID– the client username.
  • Client Secret– the client password.
  • Scope (optional) – limit an application's access to a users account. You can make one or more entries; this information is presented to the user in the consent screen, and the access token issued to the application is limited to those granted.

SSO Option: Forward Authentication

Forwards the incoming JWT token in the authorization header to the back end. The token could be used to log in as a certain user type, such as an Admin. Typical uses for Forward Authentication include accessing the WeChat sample back end, and accessing the Fiori Launchpad as a user type.

When the Forward Authentication Certificate Configuration is configured for an end point, the checkbox Forward User Token To AppRouter appears. Select the checkbox to enable. When enabled, the user token is forwarded to the app-router application as an x-approuter-authorization header. Keep in mind that the app-router version installed on the back-end server must be equal to or later than version 5.15.0. Earlier versions do not support SSO access.

SSO Option: OAuth2 User Token Exchange

Supports JSON Web Token (JWT) authentication. Token exchange enables easier integration of Cloud Foundry service instances from the same space. You can find the required information in the Service Key details of the target service. If required, you must create a Service Key beforehand. Enter:

  • Forward User Token to AppRouter – enables the capability to forward user tokens to the AppRouter for SSO authentication.
  • Token Service URL – URL of the OAuth token exchange server.
  • Token Service URL Type – select Dedicated (default) or Common. Common is used for multi-tenant services, whereas Dedicated is used for single tenant services.
  • Client ID – the client username.
  • Client Secret – the client password.
  • Scope (optional) – limits an application's access to a users account. You can make one or more entries; this information is presented to the user in the consent screen, and the access token issued to the application will be limited to those granted.

SSO Option: Application to Application SSO

Enables mobile services to propagate user identities to other applications, which are consumed (deployed or subscribed) in the same SAP Business Technology Platform account. A user identity is propagated to the application that is specified in the URL.

  • Issuer – the trusted application source, such as "mobile services.
  • Audience – the recipient audience, such as "hana.ondemand.com.
  • Signing Key – the generated key used to propagate the user identity. Select Generate Key to generate the signing key. A SAML Download field appears in the destination overview page once you complete the configuration.

Keep in mind these requirements:

  • The proxy type for the destination must be Internet.
  • To configure Application-to-Application SSO for an application not hosted on the same SAP Business Technology Platform account; see the saml2_audience section in Application-to-Application SSO Authentication.

SSO Option: OAuth2 SAML Bearer Assertion

Enables applications to use SAML assertions to access OAuth protected resources. Enter:

  • Forward User Token to AppRouter – enable capability to forward user tokens to the AppRouter for SSO authentication.
  • Audience (required) – intended assertion audience, which is verified by the target OAuth authorization server.
  • Token Service URL (required) – URL of the OAuth server.
  • Token Service URL Type (required) – the URL type, either Dedicated or Common.
  • Client Key (required) – key that identifies the consumer to the authorization server.
  • Client Secret – password for the token service user (no longer mandatory).
  • SAML Assertion Issuer (required) – issuer of the SAML assertion.
  • Signing Key (required) – key used for signing the SAML Assertion, which is used for exchanging the token from OAuth Server. Select Generate Key to generate the signing key. Once you finish the configuration, a summary page is provided for the destination. In the Security section, the SAML Metadata field appears. You can configure the metadata expiration date for the application, and download the SAML metadata locally.
  • Name ID Format – value of the NameIdFormat tag, which is part of the generated OAuth2 SAML Bearer Assertion authentication. Select a value from the drop-down list: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified [default value]. Other format values include: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent and urn:oasis:names:tc:SAML:2.0:nameid-format:transient.
  • Authentication Context – value of the AuthnContextClassRef tag, which is part of the generated OAuth2 SAML Bearer Assertion authentication. See the SAML 2.0 specification.
  • Scope (optional) – limits an application's access to a users account. You can make one or more entries; this information is presented to the user in the consent screen, and the access token issued to the application will be limited to those granted.
  • SAML System User – SAML user who requests an access token from the OAuth authorization server. If this property is not specified, the currently logged-in user is used.
  • SAML Name Qualifier – security domain of the user for which the access token is requested.
  • Company ID – the company identifier associated with the security domain.
  • User ID Source – the issuer of the user identifier, typically the currently logged-in user.
  • API Key – the API-key that is sent in the request header and used as the password to authenticate a request.

As an administrator, you can configure a mobile destination that uses a custom header with a cookie value in outgoing requests, instead of a static HTTP header. This extends the mobile destination custom header feature.

Before you start, you must identify the cookie value that the back-end server generates, such as "SAP_SESSIONID_GW1_001". You'll need this value to configure the custom header.

With this feature you can specify a cookie name as the custom header value; retrieve the cookie value from the server; and use the custom header value at runtime. For example, a back-end server generates a cookie named, "SAP_SESSIONID_GW1_001". Once the cookie is generated, all subsequent requests for this back-end server includes the custom header "SAP_SESSIONID" and the cookie value, "SAP_SESSIONID_GW1_001".

The value format is "${cookie::<cookie name>}", for example, "${cookie::SAP_SESSIONID_GW1_001}". This retrieves the cookie value "SAP_SESSIONID_GW1_001" at runtime. If the specified cookie does not exist, the custom header is not added to the outgoing request.

  1. Create a mobile destination using the Create Destination dialog, as described in Creating a Destination .

  2. On the Custom Headers page, for Header Name and Header Value, create a key/value pair using the custom header and cookie values.

  3. Complete additional configuration, and then save the destination.

Once configured, all requests that are sent to the back-end server include the custom header and cookie values in outgoing requests.

Editing a Destination

Modify settings for an existing destination.

Note

To prevent momentary inconsistencies, SAP recommends that you modify destination configurations when few users are active. Users should be able to use destinations without inconsistencies after you save the changes.

In SAP mobile service cockpit, you can view the properties of SAP Fiori applications and connections that were developed using SAP Business Technology Platform mobile service for app and device management and imported into SAP Mobile Services, but you cannot edit their properties; input fields and buttons are grayed out or hidden.

  1. In SAP mobile service cockpit, select Mobile Applications > Native/MDK or SAP Mobile Cards.

  2. Select an application, then select Mobile Connectivity under Assigned Features (or add it first)

  3. Select a destination and click edit .

  4. In the Edit Destination window, edit the details as required.

    Note

    If the application is configured with an origin policy, some fields may not be available.

  5. Click Finish.

Deleting a Destination

You can delete a destination only if it is not mapped to an application.

  1. In SAP mobile service cockpit, select Mobile Applications > Native/MDK or SAP Mobile Cards.

  2. Select an application, then select Mobile Connectivity under Assigned Features (or add it first)

  3. Select a destination and click delete .

  4. Click OK to confirm. You are prompted if the destination is in use and cannot be deleted.

Creating a Destination with Service Instances

Define a new destination to a back-end system using existing Cloud Foundry service instances.

Prerequisites for Document service:

  • In SAP Business Technology Platform, Entitlements, add an entitlement for the Document Management Repository option to the subscriber subaccount.

    The Document Management Repository option entitlement must include a quota. The free plan includes a quota of two units. If that is not enough, you can update it by removing the current entitlement and creating a new entitlement with a larger quota.

  • In SAP Business Technology Platform, Services > Service Instances, create a Document Management, integration option instance for the service instance.

  • Only Document service instances that have been allow-listed are available.

You can create destinations from existing service instances that are available in the same Cloud Foundry space. All aspects of the destination are configured, including URL and security (usually OAuth Token Exchange). You can select only one service instance at a time, so if you want to create multiple service instances you must create separate destinations.

Note

Currently these service instances can be integrated:

  • Workflow service instances
  • Document service instances
  1. In SAP mobile service cockpit, select Mobile Applications > Native/MDK.

  2. Select an application, then select Mobile Connectivity under Assigned Features (or add it first).

  3. Select Use a Cloud Foundry Service.

  4. On Select Cloud Foundry Service, select a service from the list of available service instances, and select OK. When the document service destination is created successfully, you can Ping it.

    You can only add one service at a time. Depending on the service, one or several destinations are created.

  5. You can take action, such as edit or delete; or you can add another destination using another existing service. For some SSO methods, you can test the destination.

Creating a Micro App Destination

Define destinations for the selected Micro App. A destination is a connection to a data source or service. SAP mobile service cockpit supports one primary endpoint per application ID.

However, an administrator can create multiple secondary endpoints for services that an application uses; these secondary endpoints are treated as proxy connections. For applications that access Web services containing relative URLs, add the relative paths to enable the product to handle requests correctly.

  1. In the SAP mobile service cockpit, select Mobile Applications > Micro App, then select the application.

  2. Select Mobile Connectivity under Assigned Features.

  3. Select Configuration to configure application connectivity. Under Mobile Destinations is a list of available connections.

  4. Select Use a Cloud Foundry Service to use an available service.

  5. Alternatively, select the create icon and use the Create Destination dialog to create a new destination.

    Provide entries for Basic Information, Custom Headers, Annotations, Destination Configuration, Annotations, and Destination Configuration as needed.

  6. Select Finish.

Creating a DingTalk Destination

The DingTalk H5 Application requires you to set different exit node IPs for different customers. Destination service is used to distinguish between different customers in the same landscape. You can either use the SAP Cloud Connector as a proxy server or create your own HTTP proxy server.

Configuring Destinations Using the SAP Cloud Connector

You can configure DingTalk destinations by using the SAP Cloud Connector as a proxy server.

  1. In the SAP Cloud Connector cockpit, select your Subaccount.

  2. Select Cloud To On-Premise on the left navigation panel.

  3. Select Access Control and click the Add icon add .

  4. In the Add System Mapping dialog:

    1. Select Non-SAP System as the Back-end Type and click Next.

    2. Select HTTPS as the Protocol and click Next.

    3. Enter oapi.dingtalk.com as the Internal Host, 443 as the Internal Port, and click Next.

    4. Enter oapi.dingtalk.local as the Virtual Host, 80 as the Virtual Port, and click Next. Note that the virtual host name can be anything other than oapi.dingtalk.com.

    5. Select Use Internal Host as the Host in Request Header and click Next.

    6. Verify the mapping and click Finish.

  5. Select the mapping you created and click the Add icon add to add the resources.

  6. In the Add Resource dialog, enter / as the URL Path, select Path And All Sub Paths as the Access Policy, and click Save.

  7. In any web browser, open <https://oapi.dingtalk.com>, click the lock icon and save the certificate file.

  8. Select Configuration on the left navigation panel.

  9. Select ON PREMISE > Trust Store and click the Add icon add .

  10. In the Add Public Key dialog:

    1. Click Browse.

    2. Select the certificate you downloaded and click Save.

  11. In the SAP Business Technology Platform cockpit, select your Subaccount.

  12. Select Destinations on the left navigation panel and click New Destination.

  13. Under Destination Configuration, enter:

    Properties

    Field Value
    Name dingtalk
    Type HTTP
    URL http://oapi.dingtalk.local Note that the URL is http://<virtual host name>.
    Proxy Type OnPremise
    Authentication NoAuthentication
    Location ID Your SAP Cloud Connector location ID.
    MobileEnabled True
  14. Click Save.

Configuring Destinations Using HTTP Proxy

You can configure DingTalk destinations by creating your own proxy server.

  1. In the SAP Cloud Connector cockpit, select your Subaccount.

  2. Select Destinations on the left navigation panel and click New Destination.

  3. In the Destination Configuration dialog, enter:

    Properties

    Field Value
    Name dingtalk
    Type HTTP
    URL Specify your HTTP proxy server URL.
    Proxy Type Internet
    Authentication NoAuthentication
    MobileEnabled True
    Use default JDK truststore Select the checkbox to enable.
  4. Click Save.

Testing a Destination

Rewrite Modes


Last update: February 16, 2024