When it comes to exposing data in the OData format from your SAP backend systems SAP Gateway is your go-to solution. There are a number of different deployment options how you can set up your system landscape for this scenario.

Since the release of SAP Process Orchestration 7.31 SP13 or SAP Process Orchestration 7.40 SP08 you have the additional option to expose SAP Gateway services from your SAP backend systems as OData services directly from your Process Orchestration server.

This has the benefit that it can replace the need to install a separate Gateway Hub server in many cases, thus lowering the TCO of your IT landscape. Also, it gives you the possibility to consolidate the exposure of your different web services in one location – the SAP Process Orchestration server.

Additionally, there are some technical upsides to this approach: For example, you might create a BPM process with some generated TaskUI screens, running directly on your SAP Process Orchestration server. If you now want to add some some SAP backend data that is not a part of your process context, you can now expose this data as an OData service from the same server, thus avoiding Cross-Origin Requests that would trigger security warnings otherwise.

At the moment, there are some scenarios in which you can’t use this feature:

  • A SAP Process Orchestration Java Single Stack installation is a pre-requisite
  • SAP Fiori app deployment is not yet supported
  • Unified Inbox is not yet supported

The OData Provisioning feature is a part of the usage type AEX and therefore comes pre-installed with SAP Process Orchestration. The only thing left for you to do, is to assign the proper authorizations GW_ADMIN and GW_USER to the respective users.

You can find the official documentation for the feature Exposing Back-End Data as OData Service here:

I now want to show you how easy it is to expose a Gateway service on SAP Process Orchestration:

Adding a new destination to your backend system

First you want to add a new destination in your NetWeaver administrator console pointing to the IWBEP service in your SAP backend system. This is the “catalogue” from where all the Gateway services are exposed.

      1. Go to your NetWeaver Administrator interface:
        http://<SAP Process Orchestration server>:<port>/nwa
      2. Go to Configuration –> Destinations
        Picture1.png
      3. In the Destination List, click on the Create button:
        Picture2.png
      4. In the Destination Wizard, select your Hosting System, assign a Destination Name and select the Destination Type „HTTP“:
        Picture3.png
      5. In the Connection and Transport Security Settings step enter the connection information to your SAP Gateway IW_BEP service and enter the Additional Settings for SAP Systems:
        Picture4.png
      6. If you use a HTTPS connection, select the Trusted Servers Certificates Keystore, where the (root) certificate of the backend server is stored:
        Picture5.png
      7. In the Logon step enter the logon information to authenticate against the IW_BEP service in the SAP backend:
        Picture6.png
      8. To test your destination, select the new entry and click on the Ping Destination button; you should receive a success message if everything is configured correctly:
        Picture7.png

Register Gateway Services in the OData Provisioning Administration interface

      1. Go to Integration Gateway OData Provisioning Administration:
        http://<SAP Process Orchestration Server>:<Port>/igwj/Admin
      2. Click on Register a New Service
        Picture8.png
      3. Select the backend destination you created in the NetWeaver Administrator
        Picture9.png
      4. Perform a search for the service you would like to register from SAP Gateway
        Picture10.png
      5. Select the service and click on Register
        Picture11.png
      6. Open the Service Document
        Picture12.png
      7. View and work with your OData Service published on the Process Orchestration Server
        08-10-2014 12-51-08.jpg

This is all you need to do to expose an SAP Gateway service on your SAP Process Orchestration server. Apart from the not supported scenarios mentioned above, you can do everything to this service that you could do to a regular Gateway service.

To report this post you need to login first.

41 Comments

You must be Logged on to comment or reply to a post.

  1. Rajesh pasupula

    Thanks for the detailed info …

    Is there any plan to combine the service registry and oData Provisioning models to provide unified provisioning…

    Regards
    Rajesh

    (0) 
    1. Bjoern Woppmann Post author

      Hi Rajesh,

      I don’t fully understand what you mean by Unified Provisioning. Could you please elaborate on what you want to do?

      Thanks and regards

      Björn

      (0) 
      1. Rajesh pasupula

        Hi Björn,

        Currently to register the webservices we are using the service registry.. and i understood the Integration gateway is doing the same thing for the oData services… so going ahead can we expect to have single registry/repository to have these information ( both for soap and odata services..)..

        HTH

        Rajesh

        (0) 
  2. Russel Irvine

    Hi Bjoern

    Can you tell us if there is a way of providing an alias for use by consumers of these services? Something like ABAP transaction SICF-> External Aliases?

    Regards

    Russel

    (0) 
    1. Bjoern Woppmann Post author

      Hi Russel,

      currently the service is exposed exactly the same way as it is modeled in SAP Gateway. There you can define how the service is supposed to be called for consumption. Is there a specific reason why you want to provide an alias name for a Gateway service?

      Regards

      Björn

      (0) 
      1. Russel Irvine

        Hi Bjorn

        There is a preference in our compmay to not show the full sap path to the service.  So, instead of host:port/igwj/odata/SAP/ZGW_service_name;v=1/, it would be host:port/service_alias/v1.

        We have used SICF to do this in the back end systems to hide the path …/sap/opu/odata/sap…

        Regards

        Russel

        (0) 
        1. Bjoern Woppmann Post author

          Hi Russel,

          when exposing the service using the OData provisioning feature in Process Orchestration, you don’t have this capability. The service will be exposed at the following URL:

          http://<server>:<port>/igwj/odata/<service namespace>/<service>;v=1

          Kind regards

          Björn

          (0) 
          1. Rahul Mehta

            Hi Bjoern

            We have used java gateway to consume gateway services from our UI application. SAPUI5 application is deployed on SAP PO sever and gateway services on ECC. With Java gateway we avoid typical cross origin issues. Also in the destination we have used a service user to connect to gateway system. I am assuming this user is used when gateway services are invoked from ui application. We don’t have any sso between sap po and gateway since for sso same user should exist in both systems. We don’t want that.

            Second point is around usage of substringof function in gateway url. Strangely this is not working for us. However if I test the same in gateway client, it works. Any clues here ?

            Regards

            Rahul

            (0) 
  3. jeetendra choudhary

    Hi Bjoern Woppmann,

    Thanks for a wonderful descriptive document, I have a question can you please help.

    I couldn’t find the role GW_Admin and GW_User in identity manager. We are using the server NW 7.4 SP 08. Any pointers what might be wrong.

    Thanks & Regards

    (0) 
  4. Peter Chezowitch

    Hello Björn,

    What are the plans to allow altering of these Services on the PO System? Can we adjust backend exposed Services on Gateway Java in any way or is it a 1:1 Routing through?

    Is it possible to use the existing REST Adapter on PO to consume these Services and alter them?

    In General, will we have an integrated Adapter on PO in future for OData Service provisioning or will Gateway Java be the strategic tool?

    Which Approach is advisable for consumption in BPM? Should the BPM process rather call the OData Service via JGW or should BPM talk to PI via XI protocol and then PI calls the backend via Proxy or similar? Any adventages / disadvantages?

    (0) 
    1. Christian Loos

      Hi Peter,

      Right now, it’s a 1:1 routing (aside from aggregation of multiple sources).

      You could of course also use the PO REST adapter (or any other PO adapter) to do service adaptation, but you need to factor in the additional costs of the message processing in the PO pipeline.

      While the OData provisioning is currently technically separated from the other PO adapters/integration scenarios, in the future this will merge (as you can also see in our road map).
      So it is planned to support mapping/transformation and different source types (e.g. REST and SOAP) also for OData provisioning.

      Regarding BPM, it depends on the use case. For triggering transactions in the backend system, e.g. creating a purchase order, this should go via XI as there you have full monitoring, error handling and retry functionality.

      If you need data from the backend for display in a BPM task application UI, you can use the embedded Gateway. This actually allows you to keep the BPM process context small and load additional data directly from the UI, where it is needed.

      Regards,

      Christian

      (0) 
      1. Peter Chezowitch

        Hi Christian,

        Thank you for your explanation!

        Regarding ODATA Service provisioning  on PO – can you give us a hint how the merging will look like between Integration Gateway and the ODATA sender adapter?

        Will they somehow work together or will they offer two alternative ways to provide ODATA services on PO? Let’s assume we want to provide an ODATA service from an ABAP system which is known on PO (we have a RFC receiver channel) – can we leverage the existing channel on Integration gateway to wrap the RFC as ODATA or will we in this case use the ODATA sender adapter on PO for an ODATA to RFC synchronous scenario?

        (0) 
        1. Christian Loos

          Hi Peter,

          the plan is to have an OData sender adapter for exposing integration flows as OData services, but for ABAP-based services this can be bypassed by directly using the built-in Gateway runtime (as available today).

          Regards,

          Christian

          (0) 
  5. Pieter Troost

    Hello Bjoern,

    Nice blog, we used it expose our services to java gateway hub on our PO system. One of the services however is uploading a file (has a stream) and we’re getting a “virus scan exception occured”. In an ABAP HUB there’re possibilities to make setting for this scan profiles for the gateway services.

    For the java HUB we don’t seem to find if there’re specific settings we need to make. Do you know what we’re missing.

    Kr,

    Pieter

    (0) 
      1. Pieter Troost

        Hello Björn,

        thank you for your quick response.

        We already looked at the general setup in the PO system and our global parameter (system property xiadapter.virusscan.active) is set to inactive and we still get the error. We’re looking if there’s a special setup for the integration gateway. If I’m understanding correctly this is not the case?

        Kr,

        Pieter

        (0) 
        1. Pieter Troost

          We think we found the solution. The virusscan is set to inactive, but as long as the profile that is defined as default is not activated, he doesn’t seem to consider this option.

          Kr,

          Pieter

          (0) 
          1. Bjoern Woppmann Post author

            Hi Pieter,

            great that you found the solution. 🙂

            There are no specific settings for the OData Provisioning in Process Orchestration in regards to Virus scanning.

            Kind regards

            Björn

            (0) 
  6. Shabarish Vijayakumar

    Another line item you can add to the not supported feature is the ODATA provisioning itself 🙂

    To be blunt, I feel this feature is nothing but proxying a gateway service via SAP PO

    (0) 
    1. Sandeep Sharma

      Yes but surely we can avoid using a sever as gateway Hub.

      same can be done through SAP PI/PO .

      If the limitations are covered it will be perfect.

      (0) 
  7. Russel Irvine

    Hi Bjoern

    Thanks again for your expertise.

    When calling a registered service via PO a logon screen is returned whereas if I call the service directly a popup appears for the credentials.

    If I call the service directly from SoapUI, the credentials I have entered on the request are used, whereas the registered service on PO returns a logon screen html.

    How should we handle this logon screen when calling registered services?

    Regards

    Russel

    (0) 
    1. Bjoern Woppmann Post author

      Hi Avinash,

      I am not quite sure I understand your question. You need to develop a service using SAP Gateway technology (e.g. transaction SEGW in a NetWeaver backend system. You can then expose this service using the above described technology on SAP Process Orchestration.

      Kind regards

      Björn

      (0) 
      1. Avinash Ayanala

        Hi,

        While trying to register the service in Odata Provisioning administration i am not able to find any HTTP destination in it even though i have created an HTTP destination for Gateway server.

        Please check the above screen shot.

        Regards,

        Avinash.

        (0) 
        1. Bjoern Woppmann Post author

          Were you able to perform steps 1-8 in the section Adding a new destination to your backend system?

          Were you able to successfully perform the ping to the system?

          Regards

          Björn

          (0) 
  8. Dinesh Chandra

    Hi Bjoern,

    I am not able to find the roles GW_ADMIN and GW_USER as mentioned,although version of PO is 7.4 SP08.

    Am I missing some installation of component or configuration?

    Regards,

    Dinesh Chandra

    (0) 
    1. Alexander Bundschuh

      Hi Dinesh,

      actually there should be no further configuration required to see the roles, they should be supported automatically once you upgrade to 7.4 SP08, I checked in my system and there it looks fine, maybe the upgrade haven’t gone properly through, in any case I would propose that you open an incident ticket, it’s hard if not impossible to analyse your very system from within SCN.

      Alex

      (0) 
      1. Rahul Mehta

        Hi Alexander

        We are using JAVA Gateway in one of our projects but facing some issues with dates. There is a gateway service which returns start and end date from ECC. But when it comes via JAVA gateway, its always one day lesser than whats returned from backend. For instance, if ECC returns 7/11/2016 but via Java gateway it becomes 7/10/2016. Both ECC and SAP Process orchestration are in EST timezone.

        Before Java gateway, we were using a proxy servlet and never faced this issue

        Regards

        Rahul

        (0) 
        1. Bjoern Woppmann Post author

          Hi Rahul,

          I would suggest to open a support incident for this behavior. It sounds like it might be a product issue.

          Thanks and regards

          Björn

          (0) 
          1. Rahul Mehta

            Hi Bjoern

            We did open a support ticket but haven’t received any response. Till I get the response from SAP, can you suggest workaround for this issue?

            Regards

            Rahul

            (0) 
  9. Otto Frost

    Hi Bjoern,

    Great blog.

    It looks like you use a service-user in the logon data  in the destination.

    Does this mean that all services will be executed with this user account?

    If a user logs in to PO with role gw_user then that user can execute all services using the destination but with service-user authorizatio in the backend?

    I thought the login method to use is single sign on “login ticket”?

    It would be great if you can shed some light on authentication.

     

     

     

    (0) 
  10. Otto Frost

    Hi Bjoern,

    Great blog still

     

    We use a reverse proxy in front of sap po.

    Is it possible to configure url rewrite so the urls in the odata service document and $metadata points to the reverse proxy instead of sap po? Is there documentation somewhere?

     

     

    (0) 
  11. Raj .

    Hi Bjoern,

     

    Excellent blog to refer.

     

    While doing this, when I opened the link http://<SAPPOServer>:Port>/igwj/Admin, then it is saying “Application Stopped”. Please suggest how can I activate this Gateway application service (igwj) in PO 7.5.

     

    P.S. I have the all necessary authorizations like GW_ADMIN and GW_USER in PO system. 

     

    Br,

    Raj

    (0) 

Leave a Reply