To allow inbound communication with the SAP S/4HANA tenant, you need to explicitly allow the API's to be accessible from external systems like SAP BTP. Read about Communication Management for more detailed information.
In this document, we describe using the SAMLAssertion Authentication method to access the SAP S/4HANA Cloud APIs. You can also start testing the scenario with Basic Authentication using a technical user, look in the section Basic Authentication. Select the communication scenario SAP_COM_0008 when creating a communication arrangement to expose the Business Partner API.
Download the subaccount specific key certificate from your Cloud Foundry subaccount on SAP BTP which is used to connect to other remote systems. You will need this in the next step when configuring the SAP S/4HANA Cloud system.
-
In SAP BTP Cockpit, navigate to your subaccount.
-
From the left-side subaccount menu navigate from Connectivity → Destinations.
-
Choose Download Trust.
-
Enter the URL of the SAP S/4HANA Cloud System in your browser, which is of format:
https://myXXXXXX.s4hana.ondemand.com/ui#Shell-home
Replace the X with your actual tenant hostname.
-
Enter your administrator E-MAIL.
-
Enter your administrator Password.
-
Choose the Communication Systems application tile.
-
Choose New.
-
Enter the System ID and a unique value for System Name.
-
Choose Create.
-
Navigate to General > Technical Data section and select the checkbox Inbound Only
-
Set the switch SAML Bearer Assertion Provider from OFF to ON.
-
Choose Upload Signing Certificate and select the BTP Trust certificate which you have downloaded in the previous step and choose Upload
-
Copy the complete value of the CN property from the Signing Certificate Issuer including the unique GUID and paste it in the SAML Bearer Issuer field.
-
Choose Save.
You have configured the SAP S/4HANA Cloud system to allow the OData services associated with the communication scenario SAP_COM_0008
to be consumed. You now need to create the corresponding destination in your SAP BTP subaccount where you use the communication user and password that you configured here.
If you want to OAuth2SAMLBearerAssertion authentication, see section User Propagation from the Cloud Foundry Environment to SAP S/4HANA Cloud for more details.