Skip to Content
Technical Articles
Author's profile photo Veneta Koleva

Connect SAP Workflow Sevice in the NEO environment to My Inbox on-premise

Introduction

Do you use My Inbox on-premise with SAP Business Suite or SAP S/4HANA? Do you at the same time use My Inbox on the SAP Business Technology Plaform (BTP) to process your SAP Workflow Service tasks?

In case the above is valid, you might as well have probably wished for one single My Inbox to manage all your tasks.

In this post I am going to demonstrate how to technically connect My Inbox on-premise to SAP Workflow Service in the NEO environment,  in order to have your on-premise My Inbox as the single entry point for managing all your tasks from your on-premise task provider systems and also those from the SAP Workflow Service.

As a result, you will no longer need a separate My Inbox for the local SAP Workflow Service case but instead you can use My Inbox on-premise to process all your tasks.

Benefits

  • One My Inbox to manage all tasks you are responsible for
  • Higher user productivity through a harmonized user experience
  • Seamless integration between SAPvWorkflow Service on the NEO environment and My Inbox on-premise( including custom actions and custom task Fiori UIs)

Status quo

Prior to this integration being explored, business users who work with workflow tasks generated both by SAP S/4HANA and non-SAP S/4HANA systems, as well as the SAP Workflow Service engine, have to use two separate My Inbox apps – one on the on-premise SAP Fiori Launchpad, and the second on the SAP Launchpad homepage for the local SAP Workfow Service case. Refer to the screenshots below.

Screenshot 1 below visualizes My Inbox on the on-premise Gateway Hub system, which harmonizes workflow tasks from the connected company-specific backend task provider systems.

Screenshot 1:

 

Screenshot 2 represents My Inbox on the SAP Launchpad for the local SAP Workflow case in the NEO environment of SAP BTP.

Screenshot 2:

 

The goal of this post is to demonstrate how to bring the SAP Workflow tasks to My Inbox on-premise running on the Gateway Hub system (Screenshot 1).

 

General Approach

Hereinbelow I have added a diagram to visualize the general principal of approaching the integration:

As can be observed, the approach is to use SAP Web Dispatcher as a proxy server. In the setup above, SAP Web Dispatcher handles all browser requests from My Inbox on-premise. Based on predefined rules, it routes synchronous requests to the SAP BTP  NEO environment in order to load the relevant task UI resources, custom or standard actions, and task properties for the SAPWorkflow tasks.

Prerequisites

Note: The SAP Web Dispatcher can be installed on a dedicated on-premise system as well without any restrictions to end-to-end functionality.

Implementation Guide

Hereby, I will guide you through the necessary configuration which enables My Inbox on-premise to seamlessly consume tasks from SAP  Workflow Sevice in the NEO environment.

  • Configure SAP Web Dispatcher

SAP Web Dispatcher comes with a .pfl file. This file provides the options to configure hosts, ports, rules, etc., so that you, as an Administrator, can define how the SAP Web Dispatcher handles each request it intercepts.

  1. Configure .pfl file of SAP Web Dispatcher

Open the .pfl file of SAP Web Dispatcher. To enable our end-to-end scenario, change the default values of the properties as I have indicated below:

  • Configure the port  SAP Web Dispatcher listens to
icm/server_port_<xx> = PROT=HTTPS,PORT=<port_number>​

Note: The <port_number> can be any open port. <xx> stands for a number. The numbers must start from 0 and must be used in ascending order.

Example:

icm/server_port_2 = PROT=HTTPS,PORT=2080
  • Configure path to the SAP BTP NEO environment system

wdisp/system_0 = SID=<BTP NEO SID>, EXTSRV=<absolute URL path to BTP NEO Fiori Launchpad>, SRCSRV=*:<port_number>, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=<SID of Gateway Hub system>, SAML_SP_ENTITY_ID=<absolute URL path to BTP NEO account>

Example:

wdisp/system_0 = SID=CAN, EXTSRV=https://flpsandbox-abcsampleaccount.dispatcher.int.sap.eu2.hana.ondemand.com, SRCSRV=*:2080, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=XYZ, SAML_SP_ENTITY_ID=https://int.sap.eu2.hana.ondemand.com/abcsampleaccount
  • Configure on-premise Gateway Hub system properties
wdisp/system_1 = SID=<SID of Gateway Hub system>, MSHOST=<Message Server host of Gateway Hub system>, MSPORT=<Message Server port of Gateway Hub system>, SRCSRV=*:<port_number>, SRCURL=/, CLIENT=<SID of Gateway Hub system>, SSL_ENCRYPT=2 

Example:

wdisp/system_1 = SID=XYZ, MSHOST=ldcsxyz.mo.sap.corp, MSPORT=8101, SRCSRV=*:2080, SRCURL=/, CLIENT=000, SSL_ENCRYPT=2 
  • Configure “first match” semantics. If a matching conflict occurs, then the request is routed to the first system, which is configured, i.e. wdisp/system_0. In our case, this would be the SAP  Workflow Service in NEO environment.
  • See the wdisp/system_0 descriptor in the final .pfl file provided as an example in Result section below.
wdisp/system_conflict_resolution = 1
  • Specify the location of rules file
icm/HTTP/mod_0 = PREFIX=/,FILE=<file path to rules.txt>

Example:

icm/HTTP/mod_0 = PREFIX=/,FILE=C:\webdispatcher_7.73\rules.txt

Result: After the above configurations, the .pfl file should look similar to this example:

# Profile generated by sapwebdisp bootstrap

# unique instance identifier
SAPSYSTEMNAME = WDP

# unique instance number
SAPSYSTEM = 00

# add default directory settings
DIR_INSTANCE = C:\webdispatcher_7.73
DIR_EXECUTABLE = $(DIR_INSTANCE)
DIR_PROFILE = $(DIR_INSTANCE)
DIR_HOME = $(DIR_INSTANCE)
DIR_GLOBAL = $(DIR_HOME)
DIR_LOGGING = $(DIR_HOME)
Autostart = 1
Restart_Program_00 = local $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE) pf=$(DIR_PROFILE)\sapwebdisp.pfl

# SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=1080
icm/server_port_1 = PROT=HTTPS,PORT=4300
icm/server_port_2 = PROT=HTTPS,PORT=2080

wdisp/system_conflict_resolution = 1
is/HTTP/show_detailed_errors = TRUE
icm/HTTP/trace_info=TRUE

wdisp/system_0 = SID=CAN, EXTSRV=https://flpsandbox-abcsampleaccount.dispatcher.int.sap.eu2.hana.ondemand.com, SRCSRV=*:2080, SRCURL=/html5apps/;/sap/fiori/, SAML_IDP_SYSTEM=XYZ, SAML_SP_ENTITY_ID=https://int.sap.eu2.hana.ondemand.com/abcsampleaccount
wdisp/system_1 = SID=XYZ, MSHOST=ldcsxyz.mo.sap.corp, MSPORT=8101, SRCSRV=*:2080, SRCURL=/, CLIENT=000, SSL_ENCRYPT=2

# number of parallel connections
icm/max_conn = 2000

# SAP Web Dispatcher Web Administration
icm/authfile = $(DIR_PROFILE)/icmauth.txt
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=$(icm/authfile)

icm/HTTP/mod_0 = PREFIX=/,FILE=C:\webdispatcher_7.73\rules.txt

 

2. Configure the rules.txt file of SAP Web Dispatcher

 

The function of this file is to inform SAP Web Dispatcher which requests should be redirected and how.

For our scenario, we should add a prefix for the requests which contain /html5apps or /bpmworkflowruntime. My Inbox delivers these routes and appends them to the URL for SAP Workflow Service tasks. This way, the relevant requests will be properly redirected to the SAP BTP.

This will make it possible to load task resources available on the SAP BTP, such as task custom UI, custom defined actions via API, standard actions or task properties.

  •  Copy and paste the following rules “as is” in the rules.txt file:
if %{PATH} RegIMatch ^/html5apps(.*)
RegIRedirectUrl ^/html5apps(.*) /sap/fiori/bpmmyinbox/html5apps$1

if %{PATH} RegIMatch ^/bpmworkflowruntime(.*)
RegIRedirectUrl ^/bpmworkflowruntime(.*) /sap/fiori/bpmmyinbox/bpmworkflowruntime$1

 

  • Assign Alias for SAP BTP in the NEO environment to the Gateway Hub

In order to show SAP Workflow tasks in My Inbox on-premise, a system alias has to be added to the Task Gateway. This configuration is done on the Gateway Hub system.

This is needed to ensure that the requests from My Inbox on-premise are properly redirected to the SAP BTP.

Warning: The value of SAP System Alias must be “NA”, as shown in the Example below

Example:

Note: In a Gateway Hub deployment options, here you probably already have configured aliases. In this case, just add a new alias as described above. It is important to make sure the name of the system alias is “NA”, as indicated above.

 

  • Configure trust between the on-premise Gateway Hub and the SAP BTP

Configure SAML2 authentication between both systems. Follow the instructions documented in Configure Authentication. You need to implement the configurations in all sub-topics of the document structure.

Note: Disregard the references to SAP CoPilot in the above documentation topic. The configuration is valid generically, and is not restricted to SAP CoPilot.

 

  • Register the SAP Web Dispatcher as a Proxy

Follow the instructions documented in Register the SAP Web Dispatcher as a Proxy

Example:

neo map-proxy-host --account abcsampleaccount --app-host flpsandbox-abcsampleaccount.dispatcher.int.sap.eu2.hana.ondemand.com --proxy <WD host>:2080 -h int.sap.eu2.hana.ondemand.com -u <username>

 

Result

As a result of the above configuration, you can already address My Inbox running on the SAP Gateway Hub on-premise system (XYZ) via the SAP Web Dispatcher.  In addition, the workflow tasks generated by the SAP Workflow Service are provisioned seamlessly to My Inbox running on the SAP Gateway Hub System – along with all related resources, such as custom task UIs, custom actions defined using My Inbox API. Refer to the screenshot below:

 

 

Known Constraints

  • Only one SAP BTP account can be added as a task provider for SAP Workflow Service in the NEO environment to My Inbox on-premise.
  • The integration described in this blog is currently available for SAP BTP Neo environment only. It is not supported for SAP BTP Cloud Foundry environment currently and cannot be applied.

Assigned Tags

      18 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Antonio García
      Antonio García

      Hi Veneta,

      Thank you for your blog, it has been very interesting.

      Right now, I am investigating something similar... it would be possible to connect to My Inbox in the portal of SCP the tasks from Workflows from S/4 HANA for example? I read something about TCM Compliant OData provider but I can not find detailed information.

       

      Thank you in advance!

       

      Antonio García

      Author's profile photo Veneta Koleva
      Veneta Koleva
      Blog Post Author

      Dear Mr. García,

      Integration of SAP Business Workflow tasks into My Inbox as part of SAP Fiori Cloud subscription is possible using the SAP Cloud Platform OData Provisioning Service. The advantage of this approach is that you do not need a Gateway Hub System on-premise for task federation in case of multi-origin scenario.

      Please consider the following documentation topic: https://help.sap.com/viewer/750bb2d7c1b846f8a20a10fa6fd8e877/2.0%202018-06/en-US/3413ac7285f44347affebdb613dc1b47.html

       

       

      Best regards,

      Veneta

       

       

      Author's profile photo Luiz Sagretti
      Luiz Sagretti

      does work for the S/4HANA Environment?
      Customer can connect the Abap Workflow with our My Inbox on SCP? Thanks!!

      Author's profile photo Vijaya Simha Chintarlapalli Reddy
      Vijaya Simha Chintarlapalli Reddy

      Hallo Veneta Koleva ,

      Great blog we are currently analysing similar kind of scenario.

      But what is the best practice by SAP going forward for  Embedded FES in  S/4 System SCP workflows or Business workflows  ?

      Thanks,

      Vijay

      Author's profile photo Veneta Koleva
      Veneta Koleva
      Blog Post Author

      Hello Vijay,

      Thank you for your feedback. SAP's  strategy going forward is to have single unified Inbox enabling business users to manage all their workflow tasks at one place by integrating tasks from multiple SAP applications (both cloud and on premises). For more information, please see https://assets.cdn.sap.com/sapcom/docs/2020/02/520ea921-847d-0010-87a3-c30de2ffd8ff.pdf.

      Best Regards,

      Veneta

      Author's profile photo Jason Chan
      Jason Chan

      Dear Veneta,

      During the SAML2.0 configuration between Gateway (ECC ABAP) system to Sap Cloud Platform (SCP) we are facing below issue while trying to upload Gateway system metadat to SCP platform.

      We are following the blog, we face issue at "Configure trust between the on-premise Gateway Hub and the SAP Cloud Platform" phase.

      is ECC Abap not supportable IDP for SCP could you please help us with any alternative or solution for this issue.

      your response and solution much appreciated. thanks

      Regards

      Ramasamy

       

      Author's profile photo Veneta Koleva
      Veneta Koleva
      Blog Post Author

      Dear Ramasamy,

       

      To my knowledge the SAML 2.0 Token Provider (IDP) is not available for ECC systems. The lowest supported release is NW AS ABAP 7.51 (SP06).

      Please refer to SAP Note 2542053 - Enable minimal SAML 2.0 IdP features in AS ABAP

       

      Best Regards,

      Veneta

      Author's profile photo Guilherme Lahr
      Guilherme Lahr

      Dear Veneta,

      Did you create a new catalog and tile for my inbox application and set the prefix /html5apps or /bpmworkflowruntime there?

      It's not clear to me how the my inbox application calls these prefixes that you created.

      Thank you in advance!

      Best regards

       

       

      Author's profile photo Giulia Felappi
      Giulia Felappi

      Hello Veneta,

      is this scenario valid also for SCP Workflow on Cloud Foundry environment?

      I managed to find documentation only for Neo environment.

      Thank you

      Regards

      Author's profile photo Veneta Koleva
      Veneta Koleva
      Blog Post Author

      Hello Giulia,

      the scenario is valid currently for SAP Cloud Platform NEO environment only.

      Best Regards,

      Veneta

      Author's profile photo Giulia Felappi
      Giulia Felappi

      Hello Veneta,

      thank you for your answer.

      Is there a roadmap for delta features between Neo and Cloud Foundry?

      Thank you

      Regards

      Author's profile photo Mahesh Kumar Palavalli
      Mahesh Kumar Palavalli

      Hello Giulia Felappi

      Did you manage to find a solution for this? Did sap provide any update for CF Workflows?

      Thanks,

      Mahesh

      Author's profile photo Mahesh Kumar Palavalli
      Mahesh Kumar Palavalli

      Is it not supported yet for CF Workflow?

      Author's profile photo Basis SAP
      Basis SAP

      Hello Veneta koleva,

       

      We tried the same scenario for unified inbox,our requirement is to integrate SAP Cloud platform  My Inbox to On-premise My inbox.

      Here all workflow tasks in SAP Cloud My Inbox will sync and reflect in On-premise My Inbox when ever user approve or reject the task, then task will be closed in On-premise My inbox and same will reflect in Sap Cloud My Inbox.

      As we followed the above procedure we are facing issues during trust configuration,we are trying to configure trust between embedded S/4 system to SCP Platform.

      We are getting below error,could you please help us on this.

      Regards,

      Avinash

      Author's profile photo Veneta Koleva
      Veneta Koleva
      Blog Post Author

      Hi Avinash,

      embedded deployment of the SAP S/4HANA system is not suitable for multi-origin composition scenario. Federation is done by the SAP Gateway Hub system, as documented in the prerequisites section of this blog. Regarding the authentication issues, this requires detailed RCA, so let’s take it internally.

       

      Best Regards,

      Veneta

      Author's profile photo Joana Sampaio
      Joana Sampaio

      Hi Veneta.

      From your previous comments I understand that this scenario is only valid for NEO environment, but I would like to know if there is any possibility to connect SCP Workflow on Cloud Foundry environment to My Inbox on-premise.

       

      Kind regards,

      Joana 

      Author's profile photo Georgi Mladenov
      Georgi Mladenov

      Hi Joana,

       

      I am substituting Veneta during her leave.

      The scenario is currently valid for SCP Workflow on NEO only.

       

      Kind regards,

      Georgi

      Author's profile photo Panagiotis Prodromidis
      Panagiotis Prodromidis

      Hi Georgi,

       

      Thank you for the value information.

      Do we know if this functionality will be available on CF? And if so do we have an estimation when?

       

      Kind Regards,

      Panagiotis