SAP Fiori 2.0 integration with SAP NetWeaver Identity Management 8.0
From my experience, you can integrate SAP NetWeaver Identity Management 8.0 with SAP Fiori 2.0 version to expose REST API for user access management and approval following below steps creating custom Fiori UI5 Application.
If you want learn more about SAP NetWeaver Identity Management 8.0 access provisioning for SAP follow this document.
1. IDM Fiori Integration.
SAP Fiori and IDM integration requires for “My role request” & “My role approval” app’s which are customized tiles for these two app’s fetching Roles and approval detail from the backend IDM system using Rest API V2 version.
SAPUI5 Application can be created using Eclipse or WebIde, to learn more about SAPUI5 application creation using WebIde follow this document.
2. Enable RESTAPI Logon Ticket.
Logon to NWA -> Configuration -> security -> Authentication & SSO Enable Edit Mode in authentication tab & filter IDM.
3. Creation of template.
Search for ticket template –> Click on add template option
3.1 Create template ticket1 & save
3.2 Edit Tickate1 template and copy it from ticket and save it.
3.3 Add Fiori System as trusted
Under ticket1 template –> evaluate login Module add system –> Fiori as trusted
3.4 Adjust clientcertloginmodule & save the ticket1 template
Add entries Rule1 as follows:
3.5 Change the Template of restapi to ticket1
Search for rest template & Change the Template of restapi to ticket1 and save
3.6 Restart “rest api” application for the change to get activated
Go to -> Operation -> Systems-> Start&Stop -> Java applications
Select these application -> Stop and Start
4. Exchange Ticket Keystore Certificate Between Fiori and IDM.
follow below steps to export and import certificate to establish trust between Fiori and IDM.
4.1 Logon to NWA –> Configuration à security –> Certificate & Keys
4.2 Export SAPLogonTicketKeyPay from IDM
Navigate to TicketKeystore tab. Verify SAPLogonTicketKeyPair & export the same.
4.3 Import above IDM certificate in Fiori system.
In STRUSTSSO2, import IDM Ticketkeystore Certificate inside PSE and add to ACL as shown
4.4 Import Fiori certificate in IDM system
Login to Fiori STRUSTSSO2 and export system PSE certificate.
In IDM System import the Fiori certificate inside “Ticketkeystore”
5. Add Modifications Rules in Fiori Web dispatcher.
Also follow SAP web-dispatcher configuration document for multiple back-end system.
5.1 Logon to Fiori web dispatcher and add these modification rules
5.2 Add IDM system detail to web dispatcher profile as shown
5.3 Restart web- dispatcher and validate IDM System
5.4 Activate below SICF node in Fiori for My role app’s tile
5.5 Now test Rest API call from Fiori system.
User should have required authorization in IDM system
Url: https://<FQDN hostname>.com:44310/idmrestapi/v2/service
5.6 Now test below two app’s from Fiori launchpad.
5.7 Try to fetch few roles for test purpose to validate configuration.
To understand more in detail for SAP NetWeaver Identity Management 8.0 Rest API follow this document