Skip to content

Defining Connectivity

Define destinations for the selected application. You can also edit Mobile and On-Premise destinations.

A destination is a connection to a data source.

SAP Cloud Platform Mobile Services supports one primary endpoint per application ID. However, an administrator can create multiple secondary endpoints for services that an application uses; these secondary endpoints are treated as proxy connections. For applications that access Web services containing relative URLs, add the relative paths to enable the product to handle requests correctly.

In Mobile Services cockpit, you can view the properties of Fiori applications and connections that were developed using SAP Cloud Platform mobile service for app and device management and imported into SAP Cloud Platform Mobile Services, but you cannot edit their properties; input fields and buttons are disabled or hidden.

Creating Destinations

  1. In Mobile Services cockpit, select Mobile Applications > Native/Hybrid or SAP Mobile Cards.

  2. Select an application, then select Mobile Connectivity under Assigned Features (or add it first).

    View current mobile and cloud platform destinations for the selected application.

    • Under Cloud Destinations, you can enable cloud destinations, which allows applications to access cloud destinations that are defined in /destination_{<destination name>}/{<path>}. See Enabling Cloud Destinations for details.

    • Under Mobile Destinations, you can view current mobile and cloud platform destinations for the selected application.

    Destinations

    Field Value
    Name The destination name.
    URL The destination URL.
    Rewrite Mode For application back-end connections, the rewrite mode defines how the Mobile Services handles request and response messages. To enable applications that use external back ends to run offline, select one of the supported rewrite modes.
    SSO Mechanism/Authentication The single sign-on or authentication security methods employed for the destination.
    Actions The actions available, such as edit or delete a connection, ping a back-end connection, and test an OData application destination. If an action is not supported, the icon is grayed out or absent. For example, pinging and testing OData destinations are not supported for some SSO methods. Use the popup-window icon to test connectivity using the mobile application URL in a separate web browser.
  3. (Optional) Select create , and use the Create Destination dialog to create a new destination.

  4. Alternatively, select a row to view its settings in the Destination Overview.

    The overview varies by configuration, but common sections include:

    • Info ‒ basic configuration settings.

    • Rewrite Method ‒ rewrite URL settings.

    • Security ‒ important security settings.

    • Custom Headers ‒ key:value pairs defined for static headers.

Creating a Destination

Define a new destination to a data source or service.

Options for creating destinations in the Cloud Foundry environment.

  • Create a mobile destination, configuring all aspects of its connection, including security. This gives you full control of all available configuration settings.

  • Create a mobile destination using an existing Cloud Foundry service instance in the same space. This enables you to quickly configure a connection by reusing an existing instance.

  • Create a mobile destination that references an existing cloud destination. The mobile destination uses the security configuration of the cloud destination. This enables you to use existing cloud destinations that are already available on the SAP Cloud Platform sub-account for a mobile application in Mobile Services.

  • In Mobile Services cockpit, select Mobile Applications > Native/Hybrid or SAP Mobile Cards.

  • Select an application, then select Mobile Connectivity under Assigned Features (or add it first).

  • Select the Create icon create . Alternatively you can create a destination using an existing Cloud Foundry service instance in the same space, as described in Creating a Destination with Existing Service Instances.

  • In Create Destination, enter the following as required:

    Field Value
    Destination Name Provide a name for the destination.
    Cloud Platform Destination Select to create a mobile destination that uses the settings of an existing Cloud Platform destination.
    Cloud Destination Name (appears only if Cloud Platform Destination is enabled) Enter the exact name of the cloud destination. There is currently no way for Mobile Services to validate the correctness of the entered name. Please ensure that the name exactly corresponds to the name of the cloud destination.
    Standard Path to Add (appears only if Cloud Platform Destination is enabled) Enter the path information to be added by default to the URL configured in the cloud destination.
    URL URL that the application uses to access business data on the back-end system or service. If the URL points to a service, it must include the document destination that you assign to the service. You can enter an http:// URL or an https:// URL (for the latter, you are prompted for keystore, certificate, and trustore values later in the process).
    Allowed Paths Use Allowed Paths to restrict access to a few sub-paths of the Destination URL. For example, if the Destination URL is configured as https://www.test.com/sap, and you only want to allow access to https://www.test.com/sap/customer.svc and https://www.test.com/sap/product.svc, then configure Allowed Paths to contain /customer.svc and /product.svc. HTTP requests starting with these URLs will be allowed, and others will be rejected with a 403 status code. The entered paths are case-sensitive. Please notice that wildcard characters are not supported but are implicit at the end of the string.
    Use Cloud Connector (does not appear if Cloud Platform Destination is enabled) (Optional) Indicates if SAP Cloud Connector must be used. If you choose to use the SAP Cloud Connector and you have multipe Cloud Connector instances running, provide the location id in the Cloud Connector Location ID field. You can leave it blank if you just use a single instance.
    Maximum Connections (Optional) The maximum number of connections that this application can use for connection pooling. Valid values are 0‒9999. Factors to consider are:
    • Expected number of concurrent application users
    • Acceptable load for the back-end system
    To disable connection pooling, set the value to 0. This creates a new connection for each new request, which may increase processing times. SAP recommends that you disable connection pooling only if the back-end system does not support pooled connections
    Maximum Request Size (bytes) (Optional) The maximum size of the HTTP request payload. Set a value from 1 ‒ 1000000. Please note that Mobile Services applies an internal limit on requests that require URL rewriting, because of in-memory processing. This limit is currently set at 128 MB.
    Timeout (ms) (Optional) The number of milliseconds before the connection times out. If set to 0, a system-wide default value of 60 seconds is used.
    Online Request Threshold (Optional) The threshold value to throttle incoming online requests per second for a connection. Set to 0 to remove threshold or set a value from 1 ‒ 2147483647.
    Rewrite Mode Note: To enable applications that use external back ends to run offline, you must select either Rewrite URL or Rewrite URL on Back End.

    Select one of:
    • Rewrite URL – in request and response messages, the Mobile Services replaces all back-end URLs with the mobile service URL. The Rewrite URL format for Web-type applications is https://<mobileServiceHost>/<back-end_connection_ID>?X-SMP-APPID=<applicationID>.
    • Rewrite URL on Back End – the back end rewrites the URLs. The Mobile Services forwards the host name and port to the back end in an HTTP header, and the back end creates the URL to retrieve back-end resources. To expose the full URL to clients, the mobile service passes the endpoint in the X-SMP-ENDPOINTNAME header. The URL format for Web applications is https://<host>/<back-end path>?X-SMP-APPID=<applicationID>.
    • No Rewriting – request and response messages are not modified. The Mobile Services passes messages directly between clients and the back end. The URL format for Web applications is https://<mobileServiceHost>/<back-end_connection_ID>?X-SMP-APPID=<applicationID>.
      Note: The Mobile Services does not provide the functionality to use No Rewriting mode to support external back ends for offline usage. For SAP Mobile Cards, the server performs a virus check scan for the incoming data.
    • Rewrite URL: The server performs a virus check scan for the incoming data. Rewrite URL applications should use only No Rewriting mode.
    • Custom Rewrite URL – for request and response messages, you can define a search string and a replacement string, which need not be URLs.
    For more details about the different rewrite mode options, see Rewrite Modes.
  • Click Next.

    (Optional) If you set the Rewrite Mode as Custom Rewrite URL, define the Inbound Rewrite Rules and Outbound Rewrite Rules in subsequent screens.

    For more information, see Rewrite Modes.

  • Click Next.

    (Optional) Select add to configure static HTTP headers for the destination.

    For example, set up a static HTTP header for an API key when consuming SAP API Business Hub APIs.

    The headers must comply with IF RFC Standards, 7230, section 3.2: https://tools.ietf.org/html/rfc7230section-3.2.

    The key/value pairs are sent to the back end with each request.

    Field Value
    Header Name
    • Must not be empty.
    • Must start with an alphabetic character.
    • Must include only alphanumeric characters, numbers, and minus signs (no special characters).
    Header Value
    • Can be empty
    • The first and last character cannot be a space, per HTTP standards.
    Override Client
    • Indicates if the header should override the header sent from client.
  • Click Next.

    (Optional) Configure annotations for the destination, so that all apps using this destination can access the annotations and generate the UI.

    Choose Add Annotation URL if you know the URL for the annotation file. Choose Add Annotation File to browse and upload the file.

    When configuring the annotation, keep in mind that the current framework is based on the Endpoint configuration. This means that the back-end URL is the base, and any path must be a relative path to the base URL, otherwise security issues may be the result.

    For example, if the back-end URL is:

    http://host:port/odata.svc/

    and the annotation path is:

    /a1/annotations(...)

    the actual URL requested is:

    http://host:port/odata.svc/a1/annotations(...)

    Note

    Relative paths are not supported when an ABAP Gateway back end, and the OData Service and annotation file are in different paths.

  • Click Next and enter the following as required:

    Field Value
    Relative Rewrite Paths Enter a comma-delimited list of relative URLs, for example, /sap/bc, /sap/public/bc. If an application requires data from a back end that uses relative URLs, define them here. The Mobile Services rewrites the relative URLs to include the connection name, enabling access to the back-end data. For example, a Web service application requests an HTML page named abc.html, which contains the relative URLs /sap/bc and /sap/public/bc in its src or href tags. When a request is made, the relative URLs contained in the response are rewritten, so that subsequent requests (to these relative URLs) can be processed correctly. For example, if "webApp" is the connection name, and the response contains the relative URLs /sap/bc,/sap/public/bc, these are changed to /webApp/sap/bc,/webApp/sap/public/bc
    Propagate User Name Not applicable when application Security Configuration is set to None) When enabled, the back end uses information in the X-SMP-ENDUSERNAME <user name> header to identify the user who sent the request. See HTTP Headers Used to Propagate User IDs. By default, this option is disabled.
    Virus Scans
    • Inbound Traffic: The server performs a virus check scan for the incoming data.
    • Outbound Traffic: The server performs a virus check scan for the outgoing data.
    SSO Mechanism Select a single sign-on option from the list of available options.
    SSO Mechanism Description
    Application-to-Application SSO Enables mobile services to propagate user identities to other applications, which are consumed (deployed or subscribed) in the same SAP Cloud Platform account. A user identity is propagated to the application that is specified in the URL. - Issuer – the trusted application source, such as "mobile services."
    • Audience – the recipient audience, such as "hana.ondemand.com.".
    • Signing Key – the generated key used to propagate the user identity.
      Select Generate Key to generate the signing key. A SAML Download field appears in the destination overview page once you complete the configuration.
    Keep in mind these requirements:
    • The proxy type for the destination must be Internet.
    • To configure ApptoAppSSO for an application not hosted on the same SAP Cloud Platform account; see the saml2_audience section in Application-to-Application SSO Authentication.
    OAuth2 SAML Bearer Assertion Enables applications to use SAML assertions to access OAuth-protected resources. Enter:
    • Audience – intended assertion audience, which is verified by the target OAuth authorization server.
    • Token Service URL – URL of the OAuth server.
    • Client Key – key that identifies the consumer to the authorization server.
    • Client Secret – password for the token service user (no longer mandatory).
    • SAML Assertion Issuer – issuer of the SAML assertion.
    • Name ID Format – value of the NameIdFormat tag, which is part of the generated OAuth2 SAML Bearer Assertion authentication.
    • Signing Key – key used for signing the SAML Assertion, which is used for exchanging the token from OAuth Server.
    Select Generate Key to generate the signing key. A SAML Download field appears in the destination overview page once you complete the configuration.
    Basic Authentication Enables basic authentication to the back-end system. Enter:
    • User Name and Password – the user name and password to access the back-end system.
      If you do not provide a user name and password, and the Mobile Services authenticates the end-user credentials using Basic, the user name and password credentials are propagated to the back end.
    • Credential Charset Name – the default is UTF-8. Use the default, or enter another value. If the destination is an SAP NetWeaver ABAP application server, you must enter ISO-8859-1. (This is because SAP Cloud Platform Mobile Services uses UTF-8 encoding and SAP NetWeaver ABAP application server requires ISO-8859-1 encoding).
    No Authentication Back ends require no credentials for authentication. Your destination is granted direct access to the relevant on-premise service.
    Forward Authentication Forwards the incoming JWT token in the authorization header to the back end.
    Cloud Connector SSO Enables principal propagation through SAP Cloud Connector.
  • Click Finish to complete the configuration. A summary of configuration settings appears. You can click Edit to make any corrections.

Editing a Destination

Modify settings for an existing destination.

Note

To prevent momentary inconsistencies, SAP recommends that you modify destination configurations when few users are active. Users should be able to use destinations without inconsistencies after you save the changes.

In Mobile Services cockpit, you can view the properties of Fiori applications and connections that were developed using SAP Cloud Platform mobile service for app and device management and imported into SAP Cloud Platform Mobile Services, but you cannot edit their properties; input fields and buttons are disabled or hidden.

  1. In Mobile Services cockpit, select Mobile Applications > Native/Hybrid or SAP Mobile Cards.

  2. Select an application, then select Mobile Connectivity under Assigned Features (or add it first)

  3. Select a destination and click edit .

  4. In the Edit Destination window, edit the details as required.

    Note

    If the application is configured with an origin policy, some fields may not be available.

  5. Click Finish.

Deleting a Destination

You can delete a destination only if it is not mapped to an application.

  1. In Mobile Services cockpit, select Mobile Applications > Native/Hybrid or SAP Mobile Cards.

  2. Select an application, then select Mobile Connectivity under Assigned Features (or add it first)

  3. Select a destination and click delete .

  4. Click OK to confirm. You are prompted if the destination is in use and cannot be deleted.

Testing a Destination Rewrite Modes


Last update: November 19, 2020