zhongwei/gh-secondsky-sap-skills-skills-sap-btp-cias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:54:54 +08:00
commit d5f8dc087c
13 changed files with 3235 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

281
SKILL.md Normal file
View File

@@ -0,0 +1,281 @@
---
name: sap-btp-cias
description: |
SAP BTP Cloud Integration Automation Service (CIAS) skill for guided integration workflows.
Use when: setting up CIAS subscriptions, configuring destinations, assigning roles (CIASIntegrationAdministrator, CIASIntegrationExpert, CIASIntegrationMonitor), planning integration scenarios, working with My Inbox tasks, monitoring scenario execution, troubleshooting CIAS errors, creating OAuth2 instances, configuring identity providers for CIAS, understanding CIAS security architecture, or integrating SAP products (S/4HANA, SuccessFactors, BTP services, SAP Build, IBP).
license: GPL-3.0
metadata:
version: "1.0.1"
last_verified: "2025-11-27"
sap_product: "Cloud Integration Automation Service"
source_docs: "[https://github.com/SAP-docs/btp-cloud-integration-automation-service"](https://github.com/SAP-docs/btp-cloud-integration-automation-service")
---
# SAP BTP Cloud Integration Automation Service (CIAS)
Cloud Integration Automation Service provides guided workflows to integrate SAP cloud solutions with on-premise and other SAP cloud solutions. It offers both manual task instructions and automated configuration capabilities.
## Quick Reference
### Service Plans
| Plan | Type | Purpose |
|------|------|---------|
| **Standard** | Application | UI access for scenario planning, task monitoring, integration management |
| **OAuth2** | Service | API access for programmatic operations (required for ABAP automation) |
### Role Collections
| Role | Collection | Capabilities |
|------|------------|--------------|
| Integration Administrator | `CIASIntegrationAdministrator` | Full access: Plan for Integration, My Inbox, Monitoring; terminate scenarios |
| Integration Expert | `CIASIntegrationExpert` | My Inbox access; work on assigned tasks |
| Integration Monitor | `CIASIntegrationMonitor` | Read-only access to Scenario Execution Monitoring |
### Supported Regions
**AWS**: EU10 (Frankfurt), EU11 (Frankfurt EU Access), US10 (Virginia), AP10 (Sydney), JP10 (Tokyo), CA10 (Montreal)
**Azure**: EU20 (Netherlands), CN20 (China North 3)
**Alibaba**: CN40 (Shanghai)
## Core Workflows
### 1. Subscribe to CIAS (Standard Plan)
1. Navigate to SAP BTP Cockpit → Global Account → Subaccount
2. Go to **Services****Service Marketplace**
3. Filter by "Cloud Integration Automation Service"
4. Click tile → **Create** → Select **Standard** plan
5. Confirm creation
6. Access via **Instances and Subscriptions** → "Go to Application" icon
### 2. Assign Roles to Users
1. Navigate to **Security****Role Collections** in subaccount
2. Select role collection (e.g., `CIASIntegrationAdministrator`)
3. Click **Edit****Users** tab
4. Add users by email ID or login user ID
5. Save changes
> Multiple users can be assigned per role using comma-separated user IDs.
### 3. Plan Integration Scenario
1. Access CIAS application from Instances and Subscriptions
2. Open **Plan for Integration** tile
3. Browse available solutions in **Solutions** tab
4. Select scenario and scenario option
5. Choose systems for integration (by customer number)
6. Specify:
- Target subaccount for workflow
- SAP BTP Workflow Users (must have subaccount access)
- Transaction name for monitoring
7. Confirm workflow generation
8. Access tasks in **My Inbox** tile
### 4. Work with Tasks (My Inbox)
1. Open **My Inbox** tile (requires Administrator or Expert role)
2. Click **Claim** to lock task for your user
3. Follow instructions in **Task Instructions** tab
4. For automation tasks: Configure parameters → Click **Execute Step**
5. Click **Task Completed** when done
6. Click **Refresh** to display next task
7. Repeat until viewing Execution Summary
### 5. Create Destination for Automation
1. In My Inbox → Confirm System Components task
2. Click **Create Destination** link
3. Configure:
- **Name**: Valid identifier
- **Description**: Purpose description
- **URL**: Target system host URL
- **Authentication**: Method + credentials
- **Type**: HTTP (default)
4. Save configuration
> Always use HTTPS for secure communication.
### 6. Monitor Scenario Execution
1. Open **Scenario Execution Monitoring** tile (requires Administrator or Monitor role)
2. Filter workflows by status: Running, Completed, Canceled
3. View tabs: Task Details, Targets, Roles and Users, Scope, Support Information
4. Use **Terminate Execution** to remove scenarios permanently
5. Access **Logs** tab for automation execution details
## Service Limitations
- Maximum **15 active workflows** per subaccount
- No self-service data deletion (submit ticket to component `BC-INS-CIT-RT`)
- Logs retained for **90 days**
- OAuth2 certificate maximum validity: **1 year**
- Execution scope cannot be changed after confirmation
- Destination cannot be changed if already used in automation task
- Supported browsers: Google Chrome, Microsoft Edge (Chromium), Mozilla Firefox, Apple Safari (macOS)
## Security Architecture
CIAS comprises six core components:
1. **Runtime**: Backbone framework rendering integration tasks
2. **Planning**: UI for planning integration scenarios
3. **Inbox**: UI for end-user task access
4. **Monitoring**: UI for scenario implementation monitoring
5. **Managed System**: System configured during integration
6. **Automation Runtime**: Calls configuration APIs of managed systems
Security features:
- Role-based access via SAP BTP authorization framework
- XSRF protection for backend connectivity calls
- Identity provider integration (SAML assertion Name ID attribute supported)
- Credentials stored in Credential Store service (inaccessible to external parties)
## Common Error Patterns
### Empty Destination Dropdown
**Symptom**: Destination dropdown shows no options during task execution.
**Cause**: No destinations exist matching the tenant's Host Base URL.
**Solution**:
1. Create destination manually following Destination Creation steps
2. Ensure destination URL matches tenant Host Base URL exactly
3. Refresh the dropdown after creation
### Workflow Conflict Lock
**Symptom**: Cannot proceed with task; execution lock activated.
**Cause**: Multiple integration workflows exist with identical system components.
**Solutions**:
- **Proceed**: Continue without resolving (manual resolution later)
- **Terminate**: End selected conflicting instances
- **Terminate Current Instance**: Stop active workflow only
- **Cancel**: Halt operation entirely
### Application Access Denied After IdP Change
**Symptom**: Users cannot access CIAS application after identity provider change.
**Cause**: Users not managed by newly configured identity provider.
**Solution**:
1. Add users to new identity provider
2. Reassign role collections in subaccount Security settings
3. Verify user IDs exist in configured IdP
### Task Marked as Reserved
**Symptom**: Cannot claim task; shows "Reserved" status.
**Cause**: Another assigned user has already claimed the task.
**Solution**: Coordinate with team; only one user can work on claimed task at a time.
## Support Channels
| Issue Type | Component | Action |
|------------|-----------|--------|
| General CIAS support | `BC-INS-CIT-RT` | Create support ticket |
| Manual task instructions | Check Support Information tab | Submit incident to listed component |
| Data deletion request | `BC-INS-CIT-RT` | Include email ID and subaccount name |
| Service availability | Consumer account | Check Service Availability feature |
## OAuth2 API Access
For programmatic access (required for ABAP automation):
1. Navigate to subaccount → **Services****Service Marketplace**
2. Select Cloud Integration Automation Service → **Create**
3. Choose **OAuth2** plan
4. Select runtime: "Other" or "Cloud Foundry"
5. Provide instance name → Create
### Create Service Key (for API calls)
**With mTLS (Certificate)**:
```json
{
"xsuaa": {
"credential-type": "x509",
"x509": {
"key-length": 2048,
"validity": 365,
"validity-type": "DAYS"
}
}
}
```
**Without Certificate**: Create with name only.
Use generated client ID and client secret to create OAuth JWT token for API authentication.
## Data Protection
- Email IDs and subaccount names stored in service database
- System/tenant selection data preserved for workflow execution
- Logs do not store user-related personal data
- Audit logs follow SAP BTP Audit Log retention policy
- Sensitive data stored in Credential Store service
## Glossary
| Term | Definition |
|------|------------|
| **Personal Data** | Any information relating to identified/identifiable natural person |
| **Sensitive Personal Data** | Racial/ethnic origin, political opinions, religious beliefs, genetic/biometric data |
| **Residence Period** | Time between business end and end-of-purpose when data remains accessible |
| **Retention Period** | Time from last business activity through data deletion |
| **Blocking** | Restricting access to data whose primary business purpose has ended |
## Task UI Controls Quick Reference
### Automation Task Controls
| Control | Function |
|---------|----------|
| **Refresh** | Update automation statuses |
| **Expand All** | Show all parameter panels |
| **Collapse All** | Hide all parameter panels |
| **Show/Hide Read-Only Parameters** | Toggle read-only visibility |
| **Save Parameters** | Preserve current values |
| **Logs** | View execution records |
| **Information** | Parameter descriptions |
| **Execute Step** | Run automation (async) |
### Error Recovery
After automation failure:
- **Only Failed Automations** - Retry failed steps only
- **All Automations** - Retry entire sequence
## Bundled Resources
### Reference Files
1. `references/setup-guide.md` - Complete subscription, OAuth2, and destination configuration procedures
2. `references/security-guide.md` - Security architecture, identity provider configuration, and role management
3. `references/integration-scenarios.md` - Full list of 100+ supported integration scenarios with codes (1M1, 22K, 4A1, etc.)
4. `references/troubleshooting.md` - Detailed error resolution procedures and common issues
5. `references/maintenance-planner.md` - Maintenance Planner integration guide and workflow invocation
6. `references/task-ui-guide.md` - Complete task UI controls, tabs, behaviors, and automation steps
7. `references/whats-new.md` - Complete release notes from 2021-2025 with feature updates
### Template Files
1. `templates/destination-config.md` - Destination configuration templates by target system type
2. `templates/role-assignment.md` - Role assignment procedures and checklists for different scenarios
## Documentation Sources
**Primary**:
- GitHub: [https://github.com/SAP-docs/btp-cloud-integration-automation-service/tree/main/docs](https://github.com/SAP-docs/btp-cloud-integration-automation-service/tree/main/docs)
- SAP Help Portal: [https://help.sap.com/docs/cloud-integration-automation-service](https://help.sap.com/docs/cloud-integration-automation-service)
**Related**:
- Maintenance Planner: [https://maintenanceplanner.cfapps.eu10.hana.ondemand.com](https://maintenanceplanner.cfapps.eu10.hana.ondemand.com)
- Credential Store: [https://help.sap.com/viewer/601525c6e5604e4192451d5e7328fa3c/Cloud/en-US/02e8f7d1016740b8adf68690f36df142.html](https://help.sap.com/viewer/601525c6e5604e4192451d5e7328fa3c/Cloud/en-US/02e8f7d1016740b8adf68690f36df142.html)
- SAP BTP Destinations: [https://help.sap.com/docs/btp/sap-business-technology-platform/destination](https://help.sap.com/docs/btp/sap-business-technology-platform/destination)