Skip to Content

 

Part 1 – Overall Solution

Part 2 – Setting up Business Rules in SAP Cloud Platform

Part 3 – Modeling workflows in SAP Cloud Platform

Part 4 – Testing you workflow using monitoring tools

Part 5 – Triggering the workflow using a Start UI

Part 6 – Configuring trust between SAP Cloud Platform account and Identity Provider

Part 7 – Mapping user groups and roles in SAP Cloud Platform Portal

 

UPDATE [13/8/2017]: Calling an external service from a Custom UI Task

In this portion of the blog series, I will show you how to create a custom HTML5 app which is the Start UI for triggering the workflow. I have uploaded the project in github for your reference.

SAP Cloud Platform workflow service provides REST APIs which can be used by applications to interact with the service. In this section, we are going to leverage workflow-instance REST API to create a new instance.

You can navigate to a particular API to read the documentation and also find sample payload. In the below image, I have highlighted two important things – Workflow definition ID and context. This needs to be provided when triggering a workflow.

In the Start UI, I have created a XML view which will display the user registration form. I have put the usual fields like firstname, lastname, email, phone etc.

In the controller definition, I am invoking two REST APIs. The first one is to get X-CSRF-Token and the subsequent call is to make a POST call with the X-CSRF-Token along with the context payload. The context payload would contain the information provided by the user in the registration form

You can find the compete source code here at github.

I have deployed this App to my SAP Cloud Platform cockpit. When I run this app, I get the below screen where I can provide user information and click on submit. Notice that I have provided an email with domain “vendorA”. The business rules within the workflow should find the relevant approver and default IdP group for this vendor organization.

After submitting, this request, a task gets created and I can view the task instance using the REST APIs.  In the below screenshot, the tasks is currently sitting in My Inbox for the recipient to action. Notice that the business rules have already been applied. You can say that by the output node which is populated with the approver and default IdP group.

When I logon to My Inbox, I would be able to see this task waiting for me to action. Notice that the default IdP group has been picked up and is also displayed on the screen.

As an approver, I can decide to approve this task by clicking on “Approve” button. This will invoke the SCIM APIs exposed from SAP Cloud Platform Identity Authentication service. I have defined a method called createSCIUser which prepares the input and makes an ajax call.

When calling an external service from the Custom UI task the URL needs to be proerply formatted as explain in the Help documentation. In the example above, the URL to invoke a SCIM API would be URL: /html5apps/mywfapp/SCI/. I have created a destination in my SAP CP cockpit with the name SCI which refers to my SCI tenant.

If you would like to know more about how to invoke the SCIM APIs, you can check the SAP Help documentation.

After approving the task, when I navigate to the Cloud Identity, I will be able to see the user created.

Secondly, when I navigate to the “User Groups” menu and explore the “AccountsPayable_A” group, I would be able to see the newly created user assigned to this group.

In the next part of the blog, I will show you how to setup trust between SAP Cloud Platform Identity Authentication service and Cloud Portal.

 

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

  1. Gregor Wolf

    Hi Murali,

    thank you for this great Blog series!

    As I’m currently implementing a similar User Registration process I’m wondering if you’ve found a way to influence the “Register” button that shows up in the SAP Identity Authentication Login form. I want to either disable it or link it to my custom registration form. Have you looked into this and found a solution?

    Best regards
    Gregor

    (0) 
    1. Murali Shanmugham Post author

      Thanks Gregor. I am glad its helpful.

      Few people have asked me the same question. I am not sure if there is a way to influence the register button in the SAP Identity Authentication Login form.  Here are my thoughts – The “Register” button shows up only when you have set the “User Application Access”  to “Public” in Identity Authentication service for the respective application. What if we change this to “Internal” and remove the Register button in the login form. You can then provide the link to your custom registration form to your end users and request them to kick start the process of registering and then accessing the applications.I know this is not an elegant way. I will try and request this feature to be added to Identity Authentication service.

      (0) 
      1. Gregor Wolf

        Hi Murali,

        thank you for the quick response. I gave it a try already and that is a good intermediate solution. I would like to support this feature request. Have you posted it already somewhere? https://ideas.sap.com/ct/c_b.bix?a=OD3837 seems not to include an SAP Cloud Identity Authentication Service.

        Best regards
        Gregor

        (0) 
        1. Murali Shanmugham Post author

          Yes, it looks like SAP Cloud Identity Authentication Service is not accepting ideas through Idea Place. I am reaching out internally to check if we can have an Idea place for this service too.

          (0) 

Leave a Reply