In this step, you configure the REST tunnel.
You have completed the following procedures:
This configuration task is optional and currently not supported for external service providers other than SAP Jam.
However, this task is mandatory for SAP Fiori apps or any app using the collaboration components, and mandatory in any system used as ABAP SMI hub.
If OData or REST calls are made directly to an external service provider, each calling system has to have a trusted connection to the external service provider. When using a REST tunnel, only the tunnel system has a trusted connection and clients can make use of this type of indirect OData or REST call.
Front-end applications such as SAP Fiori apps can consume the SAP Jam's OData API directly. This, however, results in cross-domain authorization problems. For these applications, ABAP SMI provides a general REST tunnel that uses the same trusted connection as the one you have established in the Customizing steps for the server and applications settings. From the application's perspective, the application calls the tunnel instead of SAP Jam directly.
The REST tunnel can be addressed as an ICF service using the ICF node path /sap/bc/ui2/smi/rest_tunnel/ in a URL with the following format:
<back-end host>:<port>/sap/bc/ui2/smi/rest_tunnel/<tunnel destination>/<service provider service root>/<service resource path>
https://example.com:1111/sap/bc/ui2/smi/rest_tunnel/Jam/api/v1/OData/ Groups('ABC123')
The example URL consists of the following elements:
Element | Description |
---|---|
example.com:1111 | Back-end host and port |
sap/bc/ui2/smi/rest_tunnel | ICF node path |
Jam | Tunnel destination |
api/v1/OData | Service root of the service provider |
Groups('ABC123') | Resource path for the service |
The system uses the most specific entry matching the service root and the resource path to determine the service provider type, application ID, and authentication context. For security reasons, you have to explicitly activate tunneling for the services the tunnel is to address (whitelist). For information about REST tunnel security aspects, see Network and Communication Security.
By default, tunneling is not active. You have to activate the ICF node /sap/bc/ui2/smi/rest_tunnel/ and specify the allowed endpoints as described in the following procedure.