Skip to Content
Author's profile photo Fabian Lehmann

Deploy your SAP Cloud Platform IoT Application Enablement App to the Cloud Foundry Environment


In the las blog we´ve build up an little app on top of SAP Cloud Platform Application now we continue:

Scenario Architecture

In this blog we want now cover step 4 where we deploy now our app from the previous blog to the “SAP Cloud Platform Cloud Foundry Environment”:


SAP Web IDE IoT App – Install the Builder

The first thing before we can build our application:

Is now to define the following properties in the “Project Settings” of our IoT app.:

  1. The API Endpoint
  2. The Organization of your CF Account (pls check this link for more details about the SAP CP CF Environment)
  3. The Space where your app will be deployed
  4. Install the Builder
  5. Save


Install the Builder

SAP Cloud Platform (CF) space right before the installation of the builder:

And after the successfully installation:

Adjust the MTA deployment descriptor

To run our application successfully on the SAP CP “Cloud Foundry” Environment we need to adapt the “mta.yaml” of our app.

Prerequisite pls verify that the “Cloud Foundry Command Line Interface” is installed on your device, if not you can found it here:

We need now to create an “User Administration and Authentification” (UAA) service instance and a file called “xs-security.json” which defines/match the local scope to the foreign scope from SAP Cloud Platform Application Enablement!

On your console/cmd we need now to login to the API endpoint of the “SAP CP CF environment”, the organization and the space:

>cf api
Setting api endpoint to

api endpoint:
api version:    2.99.0
Not logged in. Use 'cf login' to log in.

>cf login
API endpoint:



Select an org (or press enter to skip):
1. S0009xxxxtrial_trial

Org> 2
Targeted org SAP_CP_CF_SYC

Targeted space iot_spc

API endpoint: (API version: 2.99.0)
Org:            SAP_CP_CF_SYC
Space:          iot_spc

Create an new service instance:

>cf create-service xsuaa application syc-approuter-uaa -c xs-security.json

An example for the uses xs-security.json can be still found here:

if we now check if the service is successfully created u can execute the following command:

>cf services
Getting services in org SAP_CP_CF_SYC / space iot_spc as

name            service   plan          bound apps   last operation
syc-approuter-uaa   xsuaa     application                update succeeded

Now we need to adapt the deployment descriptor of our mta.yaml file in the following way:


Adding the follwing new “Resource”:

Ressource Type
syc-approuter-uaa org.cloudfoundry.existing-service


Switch back to the Modules Tab:

Tip: close first the mta.yaml file and reopen it, sometimes in my case the (graphical) editor do not notice the change.


In the “Require” section, create the reference to the formerly create resoure.

Name Group


Important: To get access to SAP CP IoT Application Enablement foreign scopesyou need to raise an OSS Ticket. For details pls check the offical documentation

The following informations must be provide:

Component: LOD-IOT-OPS

Title: Please enable the trust for foreign Scopes from IoT AE to <appname>

Provide the <clientid> and <identityzonid> values from the UAA service instance. You can find this information by going to the Cloud Foundry command line and running the following command:

cf env <appname>

Build an Deploy to Cloud Foundry

Noow after w´ve done all chages we can now first build your project:

After the build is successfully finished you can deploy the created “mtar” file to the SAP CP CF Environment:

As result we can now (hopefully) see a running app:

Some investigations (optional)

As we have seen before we´ve created an service instance. If we now execute the follwing command to list all service instances:

>cf services
Getting services in org SAP_CP_CF_SYC / space iot_spc as

name                service   plan          bound apps                last operation
syc-approuter-uaa   xsuaa     application   syc.blogs.iot.notebooks   update succeeded

The “application” is now bound based on our chaneges in the deployment descriptor to our service instance.

It´s also possible to check this via SAP CP CF cockpit:

Execute the app

The last step is now to enter the SAP CP CF cockpit and running the app by entering the “Application Routes URL”


Whoooot !

It works as aspected……



Hopefully this blog shows how u can deploy the IoT app on top of SAP Application Enablement via SAP Web IDE Full Stack to the “SAP Cloud Foundry Environment”. And which steps are requiered to get the app successfully running on your SAP CP CF environment.

I think only step which should be optimzed is the handling with the foreign scope and the manual action to create first an OSS ticket to get access.


If u have further question, pls feel free to ask or write a comment.





Helpful Links

SAP Cloud Platform Application Enablement

Deploying the Application

Getting started with the Cloud Foundry Environment

Defining MTA Deployment Descriptors for Cloud Foundry

Multi-Target Applications for the Cloud Foundry Environment

Download and Install the Cloud Foundry Command Line Interface

Cloud Founry Developer Guide

Setting up your Account Model

User Account and Authentication (UAA) Services in XS Advanced


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Thorsten Klingspor
      Thorsten Klingspor

      Great blog series, just the information I was looking for! Thanks a lot for compiling this guide!

      Author's profile photo Fabian Lehmann
      Fabian Lehmann
      Blog Post Author



      glad to help u with these blogs.

      I think this is one reason why it´s important to share stuff like this.




      Author's profile photo Marcus Schiffer
      Marcus Schiffer

      I tried to follow the instructions, but in the deployed app the service calls to  e.g.$metadata?sap-language=DE

      respond with a not authorized.

      I missed one step however, the registration of the scope with OSS. Would that be the reason ? If yes, is ther eany way to omit waiting for the  OSS messge here ?