Connect 2024 - User Manual

Connections: Cloud Connector connection on SAP BTP (Connect 2024)

This page describes how to configure a connection to an on-premise system with the SAP Cloud Connector when Conigma Connect is hosted on an SAP BTP Cloud Foundry environment. The basic idea is that we send requests to a virtual URL exposed within the SAP Cloud Connector to a proxy of the SAP BTP Connectivity Service. In the following example, OAuth is used for proxy authentication and basic authentication for the on-premise system.

Configure on-premise system in SAP Cloud Connector

You can expose every SAP or non SAP system in SAP Cloud Connector if the system provides an API that can be accessed with HTTP. As an example, an on-premise Jira system is used that is to be accessed via the SAP Cloud Connector. As a virtual host the URL http://jira.galileo-group.local:8080 was defined. The Jira system is connected to an SAP BTP sub-account that hosts an instance of Conigma Connect.

For the allowed resources, you can limit the path to the base path of the REST API you are using.

Bind Connectivity Service to deployed Conigma Connect application

To connect to systems provided by SAP Cloud Connector, the Connectivity Service in SAP BTP has to be binded to the Conigma Connect application.

To check whether the Connectivity Service is bound to the Conigma Connect application, navigate to the application overview and click on the entry "Environment Variables" in the left navigation bar.

In the Environment variables you should find the following properties in a section labeled with “connectivity”:

  • clientid: Client ID for OAuth authentification.

  • clientsecret: Client secret for OAuth authentification.

  • onpremise_proxy_host: Proxy host for the connection.

  • onpremise_proxy_port: Proxy port for the connection.

  • url: Part of the URL to retrieve an OAuth token.

The above property values are required when the connection is set up in Conigma Connect.

Conigma Connect Service Definition

In Conigma Connect, a service definition is required that describes how a connection to a system can be established and which information is required. These definitions are usually provided by Galileo Group, but can also be adapted by the customer. The following definition describes how a connection to Jira can be established via the SAP Cloud Connector.

The above service definition describes that a basic authentication is used for the Jira backend system and OAuth is used for the proxy authentication. The HttpOAuthHandler normally sends the OAuth token using the "Authorization" header, but with the "headerName" parameter we can change it to "Proxy-Authorization" which is a special header for authentication to the proxy.

Since the Cloud Connector is identified with a location ID, we add the additional header "SAP-Connectivity-SCC-Location_ID" with the HttpRequestUpdateHandler that contains the value for our location ID.

OAuth Authorization Provider Definition

Since we have to authenticate at the proxy of the Connectivity Service via OAuth, a provider has to be created in Conigma Connect, which defines how an access token can be requested.

The documentation of the Authorization provider to be used can be found at this location: Consuming the Destination Service | SAP Help Portal.

The following values must be set in the Authorization provider:

  • Type = Always OAuth 2.0

  • Supported authentification flows = Client Credentials

  • Authorization Endpoint URI = The value for the connectivity service environment variable "url" + "/oath/token".

  • Token Endpoint URI = Identical to Authorization Endpoint URI.

OAuth Credentials

We also must create OAuth Credentials which contains the client ID and the client secret from the corresponding connectivity service environment variables.

The following parameters must be provided for the credentials:

  • Authorization Provider = The provider which was created in the previous section.

  • Client ID = The value for the connectivity service environment variable “clientid”.

  • Client Secret = The value for the connectivity service environment variable “clientsecret”.

  • Authentification Flow = Client Credentials.

When saving the credentials, a popup window will be displayed asking you if a new request token should be requested. Please confirm the request with the Yes button.

Connection to the on-premise system via Cloud Connector

After all the preliminary work has been done, the actual connection to the on-premise system can now be created.

The connection displays all parameters defined in the corresponding service definition. In our Jira example the following parameters are displayed.

  • baseUri = The virtual URL that is exposed in the Cloud Connector.

  • securityStoreItemNameProxy = The name of the credentials created for the SAP BTP connectivity service.

  • jiraUser = Jira user ID for basic authentification.

  • jiraPassword = Password of the user ID used for basic authentification.

  • proxyUri = Proxy host and proxy port, separated by the ":" character of the connectivity service. The names of the environment variables are "onpremise_proxy_host" and "onpremise_proxy_host".

The Validate button can be used to check whether the configuration matches the corresponding service definition. To check whether the connection to the on-premise system can be established, the “Test connection” button can be used.

Please be aware that the connetion test can only be performed, when the property “httpPerformanceTestMethodName” was defined in the corresponding service definition. For Jira the API method “getServerInfo” is used.