Skip to Content

 

 

UPDATE [13/8/2017]: Calling an external service from a Custom UI Task

In this portion of the blog series, I will show you how to create a custom HTML5 app which is the Start UI for triggering the workflow. I have uploaded the project in github for your reference.

SAP Cloud Platform workflow service provides REST APIs which can be used by applications to interact with the service. In this section, we are going to leverage workflow-instance REST API to create a new instance.

You can navigate to a particular API to read the documentation and also find sample payload. In the below image, I have highlighted two important things – Workflow definition ID and context. This needs to be provided when triggering a workflow.

In the Start UI, I have created a XML view which will display the user registration form. I have put the usual fields like firstname, lastname, email, phone etc.

In the controller definition, I am invoking two REST APIs. The first one is to get X-CSRF-Token and the subsequent call is to make a POST call with the X-CSRF-Token along with the context payload. The context payload would contain the information provided by the user in the registration form

You can find the compete source code here at github.

I have deployed this App to my SAP Cloud Platform cockpit. When I run this app, I get the below screen where I can provide user information and click on submit. Notice that I have provided an email with domain “vendorA”. The business rules within the workflow should find the relevant approver and default IdP group for this vendor organization.

After submitting, this request, a task gets created and I can view the task instance using the REST APIs.  In the below screenshot, the tasks is currently sitting in My Inbox for the recipient to action. Notice that the business rules have already been applied. You can say that by the output node which is populated with the approver and default IdP group.

When I logon to My Inbox, I would be able to see this task waiting for me to action. Notice that the default IdP group has been picked up and is also displayed on the screen.

As an approver, I can decide to approve this task by clicking on “Approve” button. This will invoke the SCIM APIs exposed from SAP Cloud Platform Identity Authentication service. I have defined a method called createSCIUser which prepares the input and makes an ajax call.

When calling an external service from the Custom UI task the URL needs to be proerply formatted as explain in the Help documentation. In the example above, the URL to invoke a SCIM API would be URL: /html5apps/mywfapp/SCI/. I have created a destination in my SAP CP cockpit with the name SCI which refers to my SCI tenant.

If you would like to know more about how to invoke the SCIM APIs, you can check the SAP Help documentation.

After approving the task, when I navigate to the Cloud Identity, I will be able to see the user created.

Secondly, when I navigate to the “User Groups” menu and explore the “AccountsPayable_A” group, I would be able to see the newly created user assigned to this group.

In the next part of the blog, I will show you how to setup trust between SAP Cloud Platform Identity Authentication service and Cloud Portal.

 

To report this post you need to login first.

11 Comments

You must be Logged on to comment or reply to a post.

  1. Gregor Wolf

    Hi Murali,

    thank you for this great Blog series!

    As I’m currently implementing a similar User Registration process I’m wondering if you’ve found a way to influence the “Register” button that shows up in the SAP Identity Authentication Login form. I want to either disable it or link it to my custom registration form. Have you looked into this and found a solution?

    Best regards
    Gregor

    (0) 
    1. Murali Shanmugham Post author

      Thanks Gregor. I am glad its helpful.

      Few people have asked me the same question. I am not sure if there is a way to influence the register button in the SAP Identity Authentication Login form.  Here are my thoughts – The “Register” button shows up only when you have set the “User Application Access”  to “Public” in Identity Authentication service for the respective application. What if we change this to “Internal” and remove the Register button in the login form. You can then provide the link to your custom registration form to your end users and request them to kick start the process of registering and then accessing the applications.I know this is not an elegant way. I will try and request this feature to be added to Identity Authentication service.

      (0) 
      1. Gregor Wolf

        Hi Murali,

        thank you for the quick response. I gave it a try already and that is a good intermediate solution. I would like to support this feature request. Have you posted it already somewhere? https://ideas.sap.com/ct/c_b.bix?a=OD3837 seems not to include an SAP Cloud Identity Authentication Service.

        Best regards
        Gregor

        (0) 
        1. Murali Shanmugham Post author

          Yes, it looks like SAP Cloud Identity Authentication Service is not accepting ideas through Idea Place. I am reaching out internally to check if we can have an Idea place for this service too.

          (0) 
        2. Leigh Mason

          Hey Gregor, I’m working through the same process now 🙂

           

          In the administration cockpit for the Identity Authentication, you can navigate to:

           

          Custom Application->Authentication & Access Tab->User Application Access list item:

           

           

          These options seem to influence the “Registration'” Button on the logon page.  If this is set to “Internal” for example, the Registration Button doesn’t appear.

          I’m actually struggling with this, I need to couple a SCP Workflow into this process rather than just direct self-registration ( i.e. the scenario in Murali’s blog ) but I can’t find anyway to influence the behaviour after clicking “Register” when the user completes the registration form.

          When I work this out I’ll share it 🙂

           

          (0) 
          1. Gregor Wolf

            Hi Leigh,

            our solution was to link a public accessible HTML5 app with an XS Classic backend. The XS Classic backend then calls the SCP Identity Service API. But there you could also call the Workflow.

            Best regards
            Gregor

            (0) 
  2. Raghavendra H K

    Hi Murali,

    thank you for this great Blog series!

    Actually I am doing workflow for vendor data creation, in that multiple level of approvals are there. Can u please explain how to achieve multiple approvals in workflow.

     

    Best regards
    Raghvendra

     

    (0) 
  3. Raghavendra H K

     

    Hi Murali,

    thank you for this great Blog series!

    Actually I am doing workflow for  vendor data creation for this app multiple level of approvals are there. Can u please explain how to achieve multiple levels of approving.

    Best regards
    Ragahvendra

     

    (0) 
  4. Lucas Erni

    Hi Murali,

     

    Thanks for the introduction.

    I got a question about the authientification for the SCIM API, do i access the API via SAP Certificate?

    Is there any tutorial existing? The relation between the application and the API is not quite clear?

     

    Best regards

    Lucas Erni

     

    (0) 

Leave a Reply