zhongwei/gh-secondsky-sap-skills-skills-sap-btp-cias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d5f8dc087c424cb68f6000266d63b9ca65d00b19
gh-secondsky-sap-skills-ski…/templates/destination-config.md
Zhongwei Li d5f8dc087c Initial commit
2025-11-30 08:54:54 +08:00

258 lines
7.3 KiB
Markdown
Raw Blame History

# CIAS Destination Configuration Templates
Templates for configuring destinations in Cloud Integration Automation Service.
---
## Basic HTTP Destination
### Configuration
| Property | Value | Notes |
|----------|-------|-------|
| Name | `<SYSTEM_ID>_DEST` | Use meaningful identifier |
| Type | `HTTP` | Default |
| Description | Integration destination for [System Name] | Purpose description |
| URL | `[https://<hostname>:<port>`](https://<hostname>:<port>`) | Always use HTTPS |
| Proxy Type | `Internet` | For cloud systems |
| Authentication | See options below | Based on requirements |
---
## Authentication Options
### Basic Authentication
```
Authentication: BasicAuthentication
User: <technical_user>
Password: <password>
```
**Use when**:
- Simple username/password authentication
- Technical user with limited scope
- Development/testing environments
**Security note**: Store credentials securely; delete destination after workflow completion.
### OAuth2 Client Credentials
```
Authentication: OAuth2ClientCredentials
Client ID: <client_id>
Client Secret: <client_secret>
Token Service URL: [https://<auth_server>/oauth/token](https://<auth_server>/oauth/token)
```
**Use when**:
- Machine-to-machine authentication
- SAP BTP services integration
- API access scenarios
### OAuth2 User Token Exchange
```
Authentication: OAuth2UserTokenExchange
Client ID: <client_id>
Client Secret: <client_secret>
Token Service URL: [https://<auth_server>/oauth/token](https://<auth_server>/oauth/token)
```
**Use when**:
- User context required in target system
- Principal propagation needed
### Client Certificate
```
Authentication: ClientCertificateAuthentication
Key Store Location: <path_to_keystore>
Key Store Password: <keystore_password>
```
**Use when**:
- mTLS required
- High-security environments
- Production systems
---
## Destination Templates by Target System
### SAP S/4HANA Cloud
```
Name: S4HC_<TENANT_ID>
Type: HTTP
URL: [https://<tenant>.s4hana.ondemand.com](https://<tenant>.s4hana.ondemand.com)
Proxy Type: Internet
Authentication: OAuth2SAMLBearerAssertion
Audience: [https://<tenant>.s4hana.ondemand.com](https://<tenant>.s4hana.ondemand.com)
Client Key: <client_key>
Token Service URL: [https://<tenant>.s4hana.ondemand.com/sap/bc/sec/oauth2/token](https://<tenant>.s4hana.ondemand.com/sap/bc/sec/oauth2/token)
Token Service User: <communication_user>
Token Service Password: <password>
```
### SAP S/4HANA On-Premise (via Cloud Connector)
```
Name: S4OP_<SYSTEM_ID>
Type: HTTP
URL: [http://<virtual_host>:<virtual_port>](http://<virtual_host>:<virtual_port>)
Proxy Type: OnPremise
Location ID: <cloud_connector_location_id>
Authentication: BasicAuthentication
User: <system_user>
Password: <password>
```
### SAP SuccessFactors
```
Name: SFSF_<COMPANY_ID>
Type: HTTP
URL: [https://<datacenter>.successfactors.com](https://<datacenter>.successfactors.com)
Proxy Type: Internet
Authentication: OAuth2SAMLBearerAssertion
Audience: www.successfactors.com
Client Key: <api_key>
Token Service URL: [https://<datacenter>.successfactors.com/oauth/token](https://<datacenter>.successfactors.com/oauth/token)
Token Service User: <admin_user>
Token Service Password: <password>
```
### SAP Integration Suite (CPI)
```
Name: CPI_<TENANT_ID>
Type: HTTP
URL: [https://<tenant>.it-cpi<region>.cfapps.<region>.hana.ondemand.com](https://<tenant>.it-cpi<region>.cfapps.<region>.hana.ondemand.com)
Proxy Type: Internet
Authentication: OAuth2ClientCredentials
Client ID: <client_id>
Client Secret: <client_secret>
Token Service URL: [https://<tenant>.authentication.<region>.hana.ondemand.com/oauth/token](https://<tenant>.authentication.<region>.hana.ondemand.com/oauth/token)
```
### SAP BTP ABAP Environment
```
Name: ABAP_ENV_<SYSTEM_ID>
Type: HTTP
URL: [https://<system_id>.abap.<region>.hana.ondemand.com](https://<system_id>.abap.<region>.hana.ondemand.com)
Proxy Type: Internet
Authentication: OAuth2ClientCredentials
Client ID: <client_id>
Client Secret: <client_secret>
Token Service URL: [https://<system_id>.authentication.<region>.hana.ondemand.com/oauth/token](https://<system_id>.authentication.<region>.hana.ondemand.com/oauth/token)
```
### SAP Ariba
```
Name: ARIBA_<REALM_ID>
Type: HTTP
URL: [https://<datacenter>.ariba.com](https://<datacenter>.ariba.com)
Proxy Type: Internet
Authentication: OAuth2ClientCredentials
Client ID: <application_key>
Client Secret: <shared_secret>
Token Service URL: [https://api.ariba.com/v2/oauth/token](https://api.ariba.com/v2/oauth/token)
```
### SAP Concur
```
Name: CONCUR_<ENTITY_ID>
Type: HTTP
URL: [https://<datacenter>.concursolutions.com](https://<datacenter>.concursolutions.com)
Proxy Type: Internet
Authentication: OAuth2ClientCredentials
Client ID: <client_id>
Client Secret: <client_secret>
Token Service URL: [https://<datacenter>.concursolutions.com/oauth2/v0/token](https://<datacenter>.concursolutions.com/oauth2/v0/token)
```
---
## Additional Properties
### Common Additional Properties
| Property | Value | Purpose |
|----------|-------|---------|
| `sap-client` | `<client_number>` | ABAP system client |
| `HTML5.DynamicDestination` | `true` | Dynamic destination resolution |
| `WebIDEEnabled` | `true` | Enable for BAS/WebIDE |
| `WebIDEUsage` | `odata_abap` | OData service usage |
### Example with Additional Properties
```
Name: S4HC_PROD
Type: HTTP
URL: [https://my-tenant.s4hana.ondemand.com](https://my-tenant.s4hana.ondemand.com)
Proxy Type: Internet
Authentication: OAuth2SAMLBearerAssertion
[Authentication details...]
Additional Properties:
sap-client: 100
HTML5.DynamicDestination: true
```
---
## Security Best Practices
### Do
- Always use HTTPS for URLs
- Use technical/service users with minimal required permissions
- Rotate credentials regularly
- Delete destinations after workflow completion
- Document destination purpose in description
### Don't
- Store production credentials in non-production environments
- Share destination credentials across teams
- Use personal user credentials
- Leave unused destinations active
- Skip certificate validation in production
---
## Troubleshooting
### Destination Not Found in Dropdown
1. Verify destination exists in subaccount
2. Check URL matches tenant Host Base URL exactly
3. Confirm destination type is HTTP
4. Refresh dropdown after creation
### Authentication Failures
1. Verify credentials are correct
2. Check token service URL accessibility
3. Confirm user has required authorizations in target system
4. Review audit logs for specific error
### Connection Timeouts
1. Check Cloud Connector status (for on-premise)
2. Verify network connectivity
3. Confirm target system is available
4. Review timeout settings
---
## Documentation Links
- Destinations: [https://github.com/SAP-docs/btp-cloud-integration-automation-service/blob/main/docs/destinations-496a763.md](https://github.com/SAP-docs/btp-cloud-integration-automation-service/blob/main/docs/destinations-496a763.md)
- Destination Creation: [https://github.com/SAP-docs/btp-cloud-integration-automation-service/blob/main/docs/destination-creation-b2cd7e9.md](https://github.com/SAP-docs/btp-cloud-integration-automation-service/blob/main/docs/destination-creation-b2cd7e9.md)
- SAP BTP Destinations: [https://help.sap.com/docs/btp/sap-business-technology-platform/destination](https://help.sap.com/docs/btp/sap-business-technology-platform/destination)
Reference in New Issue View Git Blame Copy Permalink