Hi anandprakash.rai2,

1) I don't know exactly what you meant by "need". However, if you want to use the ABAP service in a Java or HTML5 application on Neo, you should at least think about using a destination for it. The idea of a destination is that you avoid hard-coding the service's URL endpoint. On Cloud Foundry things work a little different. The endpoints are called internally between each microservice - even though their endpoints are public. Thus, you would protect each service (including those made with ABAP runtime) putting an AppRouter in front of it. Thus, a destination will still be used but its configuration would be made directly in the MTA's. Each microservice will accept incoming calls with a JWT only but wouldn't necessarily generate one. JWT generation would be the job of the AppRouter.

2) Yes. You would require to create a destination of type internet and use the OAuthSAMLBearerAssertion authentication. muralidaran.shanmugham2 has written a great blog on how to create this type of destination:

https://blogs.sap.com/2018/11/06/setting-up-sap-webide-as-development-environment-for-sap-cloud-plat...

The blog shows you how to create the destination for the Functions (serverless) service in CF. The same procedure can be used in the case of an ABAP service.

Pay special attention on his instructions on step 4 (session Creating a Destination). The OAuth token URL must be the one from tag AssertionConsumerService. Most people might overlook this information and simply enter the authoriaztion url with the suffix /oauth/token/ - but this is not correct.

Best regards,
Ivan