Skip to Content

As mentioned in my last blog about the release 2.10. of the Cloud Connector, I would like to take more time to explain in details how to configure the SAP Cloud Platform Connectivity and the Cloud Connector so that you can consume data coming from an on-premise system in a Cloud Foundry based application.


As I want to focus more on the connectivity part, I will keep the application very simple. So the Fiori-based web application will just show a table with products and prices coming from an on-premise backend service. Here a visual overview of what I want to achieve:


This blog will be structured as follow:

Part 1: Initial setup of SAP Cloud Platform Account and Cloud Connector.

Part 2: Configuration of SAP Cloud Platform Connectivity and deployment of the web application.

Part 3: Update of the configuration to enable principal propagation instead of basic authentication.


To demonstrate it, I will use the following setup:

  • SAP Backend system with Fiori Reference applications installed. Odata services have been prepared and configured so that I can add them as resource in the Cloud Connector.
  • Cloud Connector v. – portable version (of course, it could be a productive version).
  • SAP Cloud Platform Trial account (Cloud Foundry environment).

Initial setup of SAP Cloud Platform subaccount

Before configuring anything, we need a SAP Cloud Platform Trial subaccount for the Cloud Foundry environment.

Note: If you created already a Cloud Foundry Trial account in the past, please verify that the global account is not a standalone (account created before Mai 2017) as we have at the moment a small bug with standalone accounts. We are working on it and I will update the blog as soon as this is perfectly working. In the meantime, I would suggest you to create a new Trial Account if you want to test it now.


So let’s go to and register for a trial account.

After the registration a P-user has been created for me: P1942746397. Now I can login and start the Cloud Foundry Trial by clicking in  the breadcrumb on “Home” and then on the button “Start Cloud Foundry Trial.

Select your region and initialize your trial subaccount. An organization and a space will be also automatically created.

In order to establish later on the trust between the SAP Cloud Platform Trial subaccount and the Cloud Connector, we will need the ID of the subaccount. You can find it by clicking on the global account in the breadcrumb and then on the “show more” icon of the subaccount tile.


Initial setup of Cloud Connector

Now let’s go to the Cloud Connector and configure it. You can use the same Cloud Connector for the NEO and the Cloud Foundry environments. So if you have already one installed, just make sure that you have at least the version and you are good to go. You can verify the version in the top right corner under Administrator / About.

More information about upgrade can be found here.

If you prefer to test with another Cloud Connector or if you don’t have one in place, you can download it from here and install it as described in the official documentation. Once it’s done, go the the admin UI of the Cloud Connector (https://localhost:8443/), change your password and add your new created Cloud Foundry Trial. Click in the button “Add Subaccount” and insert the details as described below.

Let me emphasize 2 small Cloud Foundry specifications compared to the usual configuration:

  1. the region is not “” like expected but it should be “” or “” based on the region you have selected during the creation of your Trial account.
  2. in the “Subaccount User” field you should use here your email address instead of your P-user.

We are working on optimizing those steps. So I will update the blog as soon as it has been changed 😉

One more thing… note that I didn’t add any location ID. This is an optional field as I’m connecting only this Cloud Connector to this account. Be aware that the location ID is mandatory as soon as you are using multiple Cloud Connectors. See this blog for more information about it.

Once you clicked on “save”, you should see your Subaccount listed to the “Subaccount Dashboard”. Navigate to the detail page to verify that the connection has been activated.

If every works fine, you should see on the top the following notification in green:

The notification mentions that “no active resources available”. Let’s do it and add our odata service of the on-premise backend system (Fiori Reference applications). Click on the tab “Cloud To On-Premise and create an “Access Control” by clicking on the “Add” icon.

Check the official documentation for more details on access control.

Here is my configuration for example:

Important for us are the Virtual Host and the Virtual Port which will be needed later on in the SAP Cloud Platform.

I have also added the needed resources to consume the odata service. Here an overview about the final configuration of the access control:

That’s all! Now we have everything in place to continue in the cloud. In the following part of the blog, I will explain how to setup the SAP Cloud Platform Connectivity and consume the data provided by the Cloud Connector in the Fiori application.

I will publish the second part of the blog very soon. In meantime, just try to create your Cloud Foundry Trial Account, upgrade/install your Cloud Connector and connect both together.



The second part is now live!



Feedbacks are of course welcome!


To report this post you need to login first.


You must be Logged on to comment or reply to a post.

    1. Matthieu Pelatan Post author

      Hi Nick,

      not sure to really understand the question…

      Getting access to on-premise system like S/4HANA is done via the Cloud Connector. See the blog details for more info. Let me know if you have a more concrete question.



      1. Nick Scherer

        hello Matthieu

        I mean, in HCP, destination. Don’t i need there a s4h system destination that i can create fiori with access to a s4h system?

        So the relevant parameter in HCP –> destination for a latest s4h system is not clear also user and pw then to login.

        many thanks. Nick


        1. Matthieu Pelatan Post author

          Hi Nick,

          Indeed, there is no destination runtime right now in the Cloud Foundry environment as you may know it from the Neo environment. We are working hard to deliver it as soon as possible. In the meanwhile, you can implement it like proposed in the second part of the blog. For Principal propagation, we will add a new blog to explain in details how to configure it.

          BR, Matthieu

  1. Nick Scherer

    hello Matthieu

    is it not possible, that you could check my HCP and Connector please? Have implemented Connector 2.10 but have doubts i have done all well and it will work.

    What i want to achieve is: properly working in WEB IDE for Fiori and IoT.
    For sapui5 i need to be connected to the latest s4h system.

    I have Team Viewer 12 if you would be so kind and help me. please give me your email Adresse for further communication.
    Many thanks for your help.


  2. Manjunath Gudisi

    HI Matthieu

    Im running CloudConnector (CC) on my location machine and trying to create a new subaccount. have a look at the screenshot.

    Getting this error while doing initial setup. (Attachemnts: 1 & 2)

    417 An authorization problem occurred when downloading the configuration. Check the spelling of the subaccount name, user, and password — see ”Logs” for details

    Seems, I have all the prerequisites on the org and space in CF.

    My subaccount is created just 2 days back.

    What is that Im missing here.


      1. Andre Borrmann

        Hi Matthieu,


        I do have the exact same issue. I’ve tried with and without Proxy-Settings within “SAP Cloud Connector Settings –> Cloud”. When using no proxy I did get 500 error.


        Where are the log files this error message talks about located?

        Thanks in advance for any hint.


        BR André

        1. Andre Borrmann

          Finally we found the solution on our own.

          The user used to create the subaccount in SAP Cloud Connector need to be assigned with Administrator role to the CF account. The assignment to the subaccount only is not sufficient.

          1. Ming Zhang

            Hi, Man

            You mean to assign the user at subaccount level with “manager” role?

            I can only find “manager”, “auditor”, “billing manger”, etc roles there.

            1. Andre Borrmann

              Hi Ming Zhang,


              assigning the user to the subaccount level is not enough and is not needed.

              The user need to be assigned on account level with “Administrator” role.

    1. Ming Zhang

      Hi, bro

      I also encounter the same issue as you when creating subaccount.

      “417 An authorization problem occurred when downloading the configuration. Check the spelling of the subaccount name, user, and password: 401 — Unauthorized”

      Have you found any solution?

      1. Andre Borrmann

        Hi Ming Zhang,

        as replied to your other post: Your user need to be assigned on Account level not subaccount level. On account level you can assign “Administrator” role.

          1. Andre Borrmann


            I might have explained it very poor. Sorry for this.

            When you open the SAP Cloud Platform Cockpit you need to navigate to the Global Account your subaccount belongs to. Once opened you should see on the left hand navigation area the “Members” entry. Open this and add yourself using the “Add Members” button. I guess the only available role is “Administrator” here as I’ve not seen any other.

            Hope this helps, sorting you issue.


      2. Andre Borrmann


        another possible reason for failing could be firewall restrictions.
        Please ensure your SAP CloudConnector is able to access this URL:<your-sub-account-id>

        When accessing this URL for example from your browser given your SAP CloudPlatform credentials you should receive a certificate string.


Leave a Reply