Introduction
Do you use My Inbox on-premise with SAP Business Suite or SAP S/4HANA? Do you at the same time use My Inbox on the SAP Business Technology Plaform (BTP) to process your SAP Workflow Service tasks?
In case the above is valid, you might as well have probably wished for one single My Inbox to manage all your tasks.
In this post I am going to demonstrate how to technically connect My Inbox on-premise to SAP Workflow Service in the NEO environment, in order to have your on-premise My Inbox as the single entry point for managing all your tasks from your on-premise task provider systems and also those from the SAP Workflow Service.
As a result, you will no longer need a separate My Inbox for the local SAP Workflow Service case but instead you can use My Inbox on-premise to process all your tasks.
Benefits
- One My Inbox to manage all tasks you are responsible for
- Higher user productivity through a harmonized user experience
- Seamless integration between SAPvWorkflow Service on the NEO environment and My Inbox on-premise( including custom actions and custom task Fiori UIs)
Status quo
Prior to this integration being explored, business users who work with workflow tasks generated both by SAP S/4HANA and non-SAP S/4HANA systems, as well as the SAP Workflow Service engine, have to use two separate My Inbox apps - one on the on-premise SAP Fiori Launchpad, and the second on the SAP Launchpad homepage for the local SAP Workfow Service case. Refer to the screenshots below.
Screenshot 1 below visualizes My Inbox on the on-premise Gateway Hub system, which harmonizes workflow tasks from the connected company-specific backend task provider systems.
Screenshot 1:
Screenshot 2 represents My Inbox on the SAP Launchpad for the local SAP Workflow case in the NEO environment of SAP BTP.
Screenshot 2:
The goal of this post is to demonstrate how to bring the SAP Workflow tasks to My Inbox on-premise running on the Gateway Hub system (Screenshot 1).
General Approach
Hereinbelow I have added a diagram to visualize the general principal of approaching the integration:
As can be observed, the approach is to use SAP Web Dispatcher as a proxy server. In the setup above, SAP Web Dispatcher handles all browser requests from My Inbox on-premise. Based on predefined rules, it routes synchronous requests to the SAP BTP NEO environment in order to load the relevant task UI resources, custom or standard actions, and task properties for the SAPWorkflow tasks.
Prerequisites
- Install and configure My Inbox on-premise in a Gateway Hub system to support task federation. For more information, refer to Central Hub Deployment and Task Gateway Service Configuration
- Install SAP Web Dispatcher on-premise on the Gateway Hub system. Refer to SAP Note 908097
Note: The SAP Web Dispatcher can be installed on a dedicated on-premise system as well without any restrictions to end-to-end functionality.
Implementation Guide
Hereby, I will guide you through the necessary configuration which enables My Inbox on-premise to seamlessly consume tasks from SAP Workflow Sevice in the NEO environment.
Configure SAP Web Dispatcher
SAP Web Dispatcher comes with a .pfl file. This file provides the options to configure hosts, ports, rules, etc., so that you, as an Administrator, can define how the SAP Web Dispatcher handles each request it intercepts.
Configure .pfl file of SAP Web Dispatcher
Open the .pfl file of SAP Web Dispatcher. To enable our end-to-end scenario, change the default values of the properties as I have indicated below:
- Configure the port SAP Web Dispatcher listens to
icm/server_port_<xx> = PROT=HTTPS,PORT=<port_number>Note: The <port_number> can be any open port. <xx> stands for a number. The numbers must start from 0 and must be used in ascending order.
Example:
icm/server_port_2 = PROT=HTTPS,PORT=2080
Configure path to the SAP BTP NEO environment system
wdisp/system_0 = SID=<BTP NEO SID>, EXTSRV=<absolute URL path to BTP NEO Fiori Launchpad>, SRCSRV=*:<port_number>, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=<SID of Gateway Hub system>, SAML_SP_ENTITY_ID=<absolute URL path to BTP NEO account>Example:
wdisp/system_0 = SID=CAN, EXTSRV=https://flpsandbox-abcsampleaccount.dispatcher.int.sap.eu2.hana.ondemand.com, SRCSRV=*:2080, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=XYZ, SAML_SP_ENTITY_ID=https://int.sap.eu2.hana.ondemand.com/abcsampleaccount- Configure on-premise Gateway Hub system properties
wdisp/system_1 = SID=<SID of Gateway Hub system>, MSHOST=<Message Server host of Gateway Hub system>, MSPORT=<Message Server port of Gateway Hub system>, SRCSRV=*:<port_number>, SRCURL=/, CLIENT=<SID of Gateway Hub system>, SSL_ENCRYPT=2 Example:
wdisp/system_1 = SID=XYZ, MSHOST=ldcsxyz.mo.sap.corp, MSPORT=8101, SRCSRV=*:2080, SRCURL=/, CLIENT=000, SSL_ENCRYPT=2 - Configure "first match" semantics. If a matching conflict occurs, then the request is routed to the first system, which is configured, i.e. wdisp/system_0. In our case, this would be the SAP Workflow Service in NEO environment.
- See the wdisp/system_0 descriptor in the final .pfl file provided as an example in Result section below.
wdisp/system_conflict_resolution = 1- Specify the location of rules file
icm/HTTP/mod_0 = PREFIX=/,FILE=<file path to rules.txt>Example:
icm/HTTP/mod_0 = PREFIX=/,FILE=C:\webdispatcher_7.73\rules.txtResult: After the above configurations, the .pfl file should look similar to this example:
# Profile generated by sapwebdisp bootstrap
# unique instance identifier
SAPSYSTEMNAME = WDP
# unique instance number
SAPSYSTEM = 00
# add default directory settings
DIR_INSTANCE = C:\webdispatcher_7.73
DIR_EXECUTABLE = $(DIR_INSTANCE)
DIR_PROFILE = $(DIR_INSTANCE)
DIR_HOME = $(DIR_INSTANCE)
DIR_GLOBAL = $(DIR_HOME)
DIR_LOGGING = $(DIR_HOME)
Autostart = 1
Restart_Program_00 = local $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE) pf=$(DIR_PROFILE)\sapwebdisp.pfl
# SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=1080
icm/server_port_1 = PROT=HTTPS,PORT=4300
icm/server_port_2 = PROT=HTTPS,PORT=2080
wdisp/system_conflict_resolution = 1
is/HTTP/show_detailed_errors = TRUE
icm/HTTP/trace_info=TRUE
wdisp/system_0 = SID=CAN, EXTSRV=https://flpsandbox-abcsampleaccount.dispatcher.int.sap.eu2.hana.ondemand.com, SRCSRV=*:2080, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=XYZ, SAML_SP_ENTITY_ID=https://int.sap.eu2.hana.ondemand.com/abcsampleaccount
wdisp/system_1 = SID=XYZ, MSHOST=ldcsxyz.mo.sap.corp, MSPORT=8101, SRCSRV=*:2080, SRCURL=/, CLIENT=000, SSL_ENCRYPT=2
# number of parallel connections
icm/max_conn = 2000
# SAP Web Dispatcher Web Administration
icm/authfile = $(DIR_PROFILE)/icmauth.txt
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=$(icm/authfile)
icm/HTTP/mod_0 = PREFIX=/,FILE=C:\webdispatcher_7.73\rules.txt
2. Configure the rules.txt file of SAP Web Dispatcher
The function of this file is to inform SAP Web Dispatcher which requests should be redirected and how.
For our scenario, we should add a prefix for the requests which contain /html5apps or /bpmworkflowruntime. My Inbox delivers these routes and appends them to the URL for SAP Workflow Service tasks. This way, the relevant requests will be properly redirected to the SAP BTP.
This will make it possible to load task resources available on the SAP BTP, such as task custom UI, custom defined actions via API, standard actions or task properties.
- Copy and paste the following rules "as is" in the rules.txt file:
if %{PATH} RegIMatch ^/html5apps(.*)
RegIRedirectUrl ^/html5apps(.*) /sap/fiori/bpmmyinbox/html5apps$1
if %{PATH} RegIMatch ^/bpmworkflowruntime(.*)
RegIRedirectUrl ^/bpmworkflowruntime(.*) /sap/fiori/bpmmyinbox/bpmworkflowruntime$1
Assign Alias for SAP BTP in the NEO environment to the Gateway Hub
In order to show SAP Workflow tasks in My Inbox on-premise, a system alias has to be added to the Task Gateway. This configuration is done on the Gateway Hub system.
This is needed to ensure that the requests from My Inbox on-premise are properly redirected to the SAP BTP.
Warning: The value of SAP System Alias must be "NA", as shown in the Example below
- To create an alias, follow the instructions documented in Creating a System Alias
Example:
Note: In a Gateway Hub deployment options, here you probably already have configured aliases. In this case, just add a new alias as described above. It is important to make sure the name of the system alias is "NA", as indicated above.
Configure trust between the on-premise Gateway Hub and the SAP BTP
Configure SAML2 authentication between both systems. Follow the instructions documented in Configure Authentication. You need to implement the configurations in all sub-topics of the document structure.
Note: Disregard the references to SAP CoPilot in the above documentation topic. The configuration is valid generically, and is not restricted to SAP CoPilot.
Register the SAP Web Dispatcher as a Proxy
Follow the instructions documented in Register the SAP Web Dispatcher as a Proxy
Example:
neo map-proxy-host --account abcsampleaccount --app-host flpsandbox-abcsampleaccount.dispatcher.int.sap.eu2.hana.ondemand.com --proxy <WD host>:2080 -h int.sap.eu2.hana.ondemand.com -u <username>Result
As a result of the above configuration, you can already address My Inbox running on the SAP Gateway Hub on-premise system (XYZ) via the SAP Web Dispatcher. In addition, the workflow tasks generated by the SAP Workflow Service are provisioned seamlessly to My Inbox running on the SAP Gateway Hub System - along with all related resources, such as custom task UIs, custom actions defined using My Inbox API. Refer to the screenshot below:
Known Constraints
- Only one SAP BTP account can be added as a task provider for SAP Workflow Service in the NEO environment to My Inbox on-premise.
- The integration described in this blog is currently available for SAP BTP Neo environment only. It is not supported for SAP BTP Cloud Foundry environment currently and cannot be applied.
- SAP Managed Tags:
20 Comments
