Category Archives: Uncategorized

IT and Corporate Governance
The world is on a constant to path to create efficiencies in existing environments and at the same innovate. In order to attempt to retain control and a measure of safeness that, as these new and existing technologies, methods, concepts and effects have on us, there is growing need to have and introduce new frameworks around which the various business sectors of the world need to operate within. Some of these frameworks are very well established and entrenched, for instance, the Banking and Pharmaceutical industries. Others are still being defined.



Irrespective of the framework or its maturity, there is an opportunity for SAP Solution Manager to contribute the governance effort required by a business to confirm to their respective governance frameworks. There is no silver bullet here, however, as these frameworks mature and cross from the policy and procedure area into the IT systems, the task of validating for compliance has become more complex and time consuming.
There are obviously too many of these Frameworks across the multiple industry sectors in the world to give specific examples, however, the opportunity still exits. SAP Solution Manager is capable of providing a wealth of information depending on the capabilities that have been deployed. This information has the potential to either fully validate an aspect of an audit, or maybe provide a part of the audit contribution.

There is a very low probability that a framework auditor has the necessary understanding of what SAP Solution Manager can offer, and there is also a low probability that the consumer of SAP Solution Manager is fully aware of what can be used to satisfy an Audit.

The trick here is to try bring these worlds together outside of the audit exercise and identify from the audit requirements, what information is required to satisfy the audit, then working with the SAP Solution Manager experts identify the key capabilities that are able to make the relevant data available.

A simpler example is the use of SAP Solution Manager’s Change and Release Management (ChaRM) capabilities to create a fully traceable change history for code and system configuration changes. Using ChaRM reporting as part of an audit submission is pretty widespread and probably obvious to a lot of readers.

I want to raise the bar here, and bring executive liabilities into the conversation.Depending on the respective Company’s Acts around the world, more and more emphasis is being placed on the potential liability that is carried by the directors or executives of the businesses. I can’t possibly know all the rules and the legal implications and don’t pretend to be an expert either, however, where these circumstances exist, they are being taken more seriously as each audit cycle is commenced.

Here again, SAP Solution Manager can assist. The technical output might be too far from the audit requirement in terms of content, however, the collective summary of the output, creates an audit message of effective control and governance of the underlying systems and operation thereof, thus bubbling up to satisfy the higher level audit requirements.

Step Inside SAP Vancouver and the Autism at Work Program

Using the power of 360 video, step inside the SAP Vancouver office where we follow three Autism at Work program employees – Brian, Dan and Matthew. As of May, 2017, SAP Canada has hired fifteen employees on the autism spectrum through the Autism at Work program.

To view the video in VR, simply open the YouTube link below on your smartphone and click the VR icon on the lower right hand corner of the video screen. Pop your phone into a VR headset and you’re in!


We created this video because we’re on a mission to inspire other companies to unlock the talent of individuals on the autism spectrum and their ability to contribute to workplaces like yours.

We’ve made a number of accommodations to find this talent, and are doing our very best to create an environment where our teammates can thrive:

  • We work with community partners, like Specialisterne and the Pacific Autism Family Network to identify great candidates
  • We transformed the interview process, favouring assessing behaviours over situational Q&A
  • We offer a tailored orientation and training program for Autism at Work hires
  • We are committed to coaching managers, teams and colleagues on how to create an inclusive environment where all team members can be at their best
  • We provide mentors for our Autism at Work hires – a colleague to help acquaint them to SAP, their team, and their role

On first glance, this might seem like a lot. But when it really comes down to it, whether you’re a small local company, or large multinational like us, this program is scalable. And what’s more, individuals on the autism spectrum will bring real value to your company. Be it incredible attention to detail, pattern recognition, remarkable memory, or a penchant for repetition, Autism at Work is transforming our workplace, and it can transform yours, too.

Want to learn more? Our door is always open. Give us a shout.

About Autism at Work

Autism at Work is SAP’s public commitment to hire 650 individuals on the autism spectrum, globally. Learn more about Autism at Work here.

Over 30 ABAP developers stepped away from their usual desks last Tuesday, April 25th, and set sail to the Flexso HQ in Kontich to take part in the latest edition of the ground-breaking “SAP CodeJam” event series. The topic of this edition was: “ABAP for SAP HANA with Fiori”.

SAP sent off two of its absolute ABAP rock stars to guide us through the event, Jens Weiler and Thomas Gauweiler. No wonder the available slots were sold out immediately after the registrations were opened.

David Pierre started the event by presenting Flexso, and pointing out why this CodeJam is so important. Terms like HANA and Fiori are no longer buzz words, but have evolved into technologies which have proven their value and are here to stay.

Time to get started now! Jens and Thomas pointed out the relevance of the ABAP platform, ABAP is definitely not dead, and guided us through some of the ABAP for HANA fundamentals like CDS, Code-2-data and AMDP.

After that, they explained the goal of the exercise: create an end-to-end Fiori application with data coming from the HANA database. All participants quickly opened the ABAP Development tools in Eclipse on their laptops, and started coding.

The first exercise was an introduction to ADT, for those who haven’t had the chance to write ABAP code in the Eclipse IDE. We learned to use code completion, code formatting, the inspector tool, where-used lists and some basic keyboard shortcuts.

In the next steps, we created CDS views and AMDP methods to select data from the HANA database and push programming logic into the HANA database (code-to-data paradigm). For most developers, it was the first time writing SQLscript code.

To be able to use this data in a Fiori application, it first needed to be exposed as an ODATA web service. The next step was to create a gateway project which consumed the CDS view and AMDP method.

Code jamming makes you tired and thirsty, so refuelling on coffee and soda was necessary from time to time.

The last step was to create a SAP Cloud Platform trial account, and to use the Web IDE service to create a basic Fiori application, consuming data from the previously created ODATA service.

The result:

Extensive exercise material was provided, and everyone could complete the exercise at their own pace. Plenty of additional information was given by Jens and Thomas, so everybody could get the most of the event.

Those who have already attended a CodeJam know that the food is equally important as the jamming itself. After the session food and drinks were available, and the jammers had a chance to exchange ideas and network.

Flexso was happy to host this event and we would like to thank Thomas and Jens for their contribution, and of course all participants for attending the event. We hope everyone enjoyed the CodeJam as much as we did!


In my perception the BOPF Framework has benefited from quite a popularity boost with the release of the S/4HANA Programming Model, in which it plays a central role. When it comes to “pure” BOPF-based development SCN already provides valuable in-depth information through @oliverjaegle‘s posts. With the new programming model however Gateway/SADL becomes the standard way of consuming BOPF objects. This implies a slight shift in the developer mindset (due to the stateless nature of the the services and other specifics of the OData protocol).

Wouldn’t it be great if we had some updated guidelines for BOPF-based development, which consider the specifics of the S/4 Programming Model? With this in mind and browsing through Oliver’s posts once again, I have written down a few notes on some of the topics which could be part of such an updated BOPF guideline.

The list is by far not complete, however it’s a starting point for anyone transitioning from “classical” BOPF-based development to the S/4 Programming Model. Here it is:

Part 1: general structural aspects & Part 1 Addendum: Other associations

Transient fields are not available for consumption via Gateway, as SADL pushes the query directly to the database. In some cases these could be replaced by a calculated column of a CDS consumption view.

Human readable alternative keys for your BOPF nodes are a must, as they can then be used for addressing Gateway Entities (otherwise you will be stuck with the generated GUIDs)

Associations are essential when consuming BOPF through SADL, as these are mapped to navigation properties on the Gateway Entities. Only declarative (not implemented) associations are supported, as the SADL runtime needs to be able to generate the dynamic SQL queries out of them.

Part 2: Consumption of a BO using CRUD services

Consumption of BOPF data via SADL occurs very differently depending on the access-type:

  • Write access: uses the BOPF Service Manager API
  • Read access: SELECT statements are dynamically generated by the SADL runtime and pushed to the database, bypassing the BOPF buffer.

Due to the implicit query pushdown, there is less utility for BOPF queries to a developer in the new programming model (although technically the framework still needs them).

One other place where they are still needed is for the querying of data within the BOPF test transaction (BOBT). However, instead of using BOBT you might be better of testing using an OData client (see also part 8)

Part 3: Locking and authorization management

Declarative definition of authority checks is supported out of the box for both read & write access, and this will be sufficient for most use cases. However, things can get somewhat more complicated if you need some custom authority checks, as these need to be implemented twice:

  • Write access: overwriting of the BOPF authority check library class
  • Read access: redefining the SADL query condition provider, to generate the required WHERE-clauses dynamically at runtime (DCL expressions are not yet powerful enough to support complex scenarios)

Part 5: Properties

Properties defined on the BOPF model are not exposed to Gateway (and the Fiori frontend). Instead, with the S4 programming model the driving force when it comes to field properties are annotations defined on the CDS model (see field control). These are both exposed to the Fiori UI and implicitly set as static properties on the generated BOPF BOs.

This leaves open the question of handling dynamic properties(e.g. setting a field read-only based on user input). Afaik there is no out-of-the-box support for this yet. However for this purpose one could expect the BOPF property determinations to be integrated into the programming model.

Part 6: Validations

While validations are perhaps the most commonly used BOPF artifact, I believe the new consumption model (via SADL) combined with the changes in the BOPF design-time (Eclipse-based editor) can be the cause of some confusion around choosing the correct validation type for the job.

I would like to tackle this in a separate blog post and answer questions like: What is the correspondence between validation configuration in Eclipse vs. BOBX? When exactly is a certain validation type triggered? When does a validation cancel a transaction?

Part 8: A modification roundtrip

Transitioning to the S/4 model requires every backend developer to become comfortable with OData and start thinking stateless. The application backend should rather be tested using an OData client than BOBT in order to assure consistent results. Mastering some details of the OData protocol ($expands, deep inserts, $batch requests) and getting to know the limitations of your Gateway/SADL/BOPF stack (e.g. content-ID-referencing not supported) is a must.


SAP is happy to announce its annual summer orientation session for high school upperclassmen interested in math and computer science. Created by SAP’s Center of Expertise (CoE) in North America in collaboration with Drexel University, the Professional Orientation is an annual, weeklong summer program that provides students with the chance to visit SAP at its headquarters in Newtown Square, learn about its many technologies, and receive educational and career guidance from seasoned professionals in the IT industry.  Students who are chosen for the program will attend daily, interactive sessions on a variety of topics, including coding, data analytics, and SAP approaches to problem solving.  These sessions, which are taught by SAP employees, give students the opportunity to ask questions and engage with successful individuals in the field of computer science.


“Visiting SAP was an amazing experience. I learned so much about the company by observing the given presentations, and I really enjoyed the tour of the facility.  We were grouped into teams to complete a short-term project – create a simple graph displaying current temperature. I was introduced to HeidiSQL (a MySQL client I wasn’t previously familiar with) and learned how to update data in real time.  The staff was knowledgeable, friendly, and amazingly helpful. I gained a lot from their vast workplace experience and could apply it to our project.  I enjoyed my brief time with SAP.  Although I am only going into my sophomore year of high school, I hope that there may be a position waiting for me at SAP in the future.”

-Braiden Psiuk, Technical College High School


The 2015 SAP Professional Orientation Cohort with Intern/Mentors Matt Powers, Yash Palkhiwala, and Matt Olack.


SAP understands that for all students, the end of high school is a crossroads, a time when they must choose a direction for their education and career.  SAP’s involvement at this important juncture will ensure that students who are passionate about computer science will receive the guidance necessary to make informed decisions about their future.


Interested candidates should send a cover letter, resume, and high school transcript to Megan Rech.  Reference letters are also welcome, but not required.  Ideal candidates will have a strong interest in STEM and a desire to pursue further study and/or a career in a STEM-related field.

Our team architect has asked us this question which is said to be an interview question from Microsoft long time ago:

Please implement one function which accepts two integers as input and generate the following result accordingly:
If a > b, return 1,
if a = b, return 0,
if a < b, return -1
For simplification reason here we can just consider unsigned int ( that is, all importing parameter of integers are greater than or equal to 0 ).
Inside the implementation, you are NOT allowed to use +, -, *, /, > and < for comparison.
There must be multiple ways to achieve it, here below is just one among them. Even we are not allowed to use four arithmetic operations and > or <, we can still leverage the bit operation supported on Integer.
The basic idea is, say we have 6 and 5 for comparison.
Binary format of 6: 0110
Binary format of 5: 0101
If we can generate the biggest-sub-bits-series which differentiate the two integers, in the example above it is 0010( since the third bit of both integer are equal ), then we can simply know which is bigger by making bit AND operation:
0110 & 0010  = 10 which <> 0.
0101 & 0010 = 0
So we can know 0110 > 0101.
Another example – compare 4 and 3
Binary format of 4: 0100
Binary format of 3: 0011
The biggest-sub-bits-series: 0100
0100 & 0100 = 0100 which <> 0
0011 & 0100 = 0
So 0100 > 0011.

Solution in JavaScript

function compare(a,b){
	var diff = a ^ b;
	if( diff == 0)
		return 0;
	diff = diff | ( diff >> 1 );
	diff |= diff >> 2;
	diff |= diff >> 4;
	diff |= diff >> 8;
	diff |= diff >> 16;
	diff ^= diff >> 1;
	return  ( a & diff )? 1:-1;


Solution in Java

public static int compare(int a, int b){
		int diff = a ^ b;
		if( diff == 0)
			return 0;
		diff = diff | ( diff >> 1 );
		  diff |= diff >> 2;
		  diff |= diff >> 4;
		  diff |= diff >> 8;
		  diff |= diff >> 16;
		  diff ^= diff >> 1;
		  return  ( (a & diff) == 0 )  ? -1 : 1;

Solution in ABAP

Since it is not possible to directly perform bit operation on integer in ABAP, in my blog Bitwise operation ( OR, AND, XOR ) on ABAP Integer I simulate these three operations with the help of ABAP internal table. Still it is not enough, the bit shift operation like >> and << are also required to finish this exercise, so I make further enhancement, adding two new methods SHIFT_RIGHT and SHIFT_LEFT in ZCL_INTEGER, which could be found from my github.
Now all prerequisite to finish it using ABAP are fulfilled.
Here it is:
Source code:
METHOD compare.

    DEFINE shift_right.
      lv_diff = a->get_raw_value( ).
      a->shift_right( &1 ).
      lo_diff = zcl_integer=>value_of( lv_diff ).
      a = lo_diff->or( a ).

    DATA(a) = zcl_integer=>value_of( iv_a ).
    DATA(b) = zcl_integer=>value_of( iv_b ).
    DATA: lv_diff TYPE int4,
          lo_diff TYPE REF TO zcl_integer.
    a = a->xor( b ).
    IF a->get_raw_value( ) IS INITIAL.
      rv_result = 0.

    shift_right 1.
    shift_right 2.
    shift_right 4.
    shift_right 8.
    shift_right 16.

    lv_diff = a->get_raw_value( ).
    a->shift_right( 1 ).
    lo_diff = zcl_integer=>value_of( lv_diff ).
    a = lo_diff->xor( a ).

    DATA(lo_origin_a) = zcl_integer=>value_of( iv_a ).
    rv_result = zcl_integer=>value_of( lo_origin_a->and( a )->get_raw_value( ) )->get_raw_value( ).

    rv_result = COND #( WHEN rv_result IS INITIAL THEN -1 ELSE 1 ).
Test code:
WRITE:/ zcl_comparator=>compare( iv_a = 1 iv_B = 2 ).

WRITE:/ zcl_comparator=>compare( iv_a = 3 iv_B = 2 ).

WRITE:/ zcl_comparator=>compare( iv_a = 300 iv_B = 2 ).

WRITE:/ zcl_comparator=>compare( iv_a = 3000 iv_B = 2 ).

WRITE:/ zcl_comparator=>compare( iv_a = 3000 iv_B = 3000 ).

WRITE:/ zcl_comparator=>compare( iv_a = 3000 iv_B = 3001 ).
Test output:


Most Significant Bit introduced in Wikipedia

Further reading

I have written a series of blogs which compare the language feature among ABAP, JavaScript and Java. You can find a list of them below:

It took several years, but by now most organizations feel like they finally understand Millennial employees – for the most part. When this demographic first burst onto the professional landscape, older Gen X and Baby Boomer employees were somewhat baffled. This was a generation that used social media for everything, including managing their finances and dating, and they also didn’t seem to care much about carving out stability for themselves. Unlike older generations, Millennials entered the workforce searching for meaning and fulfillment out of their careers, and if they didn’t find it, they simply moved on. They yearned for more flexible working arrangements as a means of pursuing their passions outside of the office. They quickly and, arguably, unfairly earned the labels of “social-media obsessed narcissists.” But as they’ve matured, and older generations have learned how to work with, rather than against them, the rhetoric around Millennial employees has calmed. Now, however, organizations have a new generation to consider: Gen Z. Gen Z-ers were born between 1996 and 2010, which means the oldest members of this age groups are graduating and entering the working the world. Employers were somewhat blindsided by the arrival of Millennials and it took many companies a few years to adapt. In an effort to learn from those lessons of the past, here are a few ways to prepare your workplace for the integration of Gen Z-ers.


They want on and offline connection


Even more so than Millennials, Gen Z-ers are digital natives. They’ve been using smartphones for most of their lives and rely on social media to share and communicate on a daily basis. As a generation they are typically social media trendsetters; they experiment with new platforms and features before older consumers and operate all things digital with a sense of comfort and openness. But just because they are proficient at using mobile devices, it does not mean that they are only seeking virtual, screen-to-screen workplace experiences. Perhaps because they came of age with social media, this generation also values face-to-face connection. They crave one-on-one time with mentors and bosses and want to work for managers who are open to comments and questions.


To help prepare Gen Z-ers for success in the workplace, it’s important for managers and HR departments to create on and offline employee support experiences. The SAP Success Factors platform enables team leaders to implement goal-setting benchmarks and ongoing performance reviews in one, centralized location. Because of their comfortability with digital platforms, Gen Z-ers will have no problem maintaining digital records of goals and achievements. But to really connect with these young employees, team leader must also supplement online programs with regular in-person check-ins and engaging onboarding content that resonate with Gen Zers.


They want to make an impact


Gen Z is an age group deeply in tune with the social issues plaguing the world today. Although liberal activism is a quality often associated with college students, even more so than their predecessors, Gen Z-ers want to make a difference. They care about how the brands they engage with and buy from drive positive social change; if they sense that a company is not transparent or lacks social awareness, they’ll turn their backs. The deep-seeded desire to want to build a community extends into what this generation is looking for in a workplace culture. Just as they are rallying on their campuses for social justice and equality, they want their employers to stand for something and to consider programs that will benefit more than just the bottom line.


They’re ready to work hard


While Millennials often received the label of “lazy” early on in their professional tenures, Gen Z is shaping up to be anything but. Having watched their parents struggle through a recession and sluggish economy during their childhoods, Gen Z-ers are eager and willing to work for their success. They don’t want to be given opportunities or promotions, they want to earn them. Similarly, they are less enticed by superfluous workplace perks like ping-pong tables and open bars. They’d rather their employers offer them comprehensive health and retirement benefits to set them on a clear path to independence and financial stability.


With acute digital skills, global insights, and already impressive work ethics, Gen Z-ers are poised to initiate progress across every office they enter. But for them to truly experience success employers have to meet them halfway. Creating open communication policies, offering comprehensive benefits, and creating social responsibility programs, will help both employers and young employees thrive in the coming years.

Today’s working culture is drastically different than it was ten years ago. The rise of mobile devices and social platforms have altered every facet of daily life; from communicating with friends and family to banking and mobile dating, our lives are screen-centric. Thanks to laptops, mobile devices, and a wave of digital communications platforms, it’s easier than ever for employers to create flexible work arrangements for their employees. Both employees and employers enjoy a wave of benefits from this flexibility. On the employer side, managing a remote workforce eliminates significant overhead costs – which is an especially enticing attribute for growing, bootstrapped startups. Additionally, remote working is also said to amplify employee productivity; fewer time-consuming meetings and in-office distractions allow remote works to easily make it through their daily to-do lists. For employees, not having to deal with stressful morning traffic or crowded subway rides is a major selling point. Plus, remote working is said to boost employee morale and lower stress, both of which lead to happier and more productive employees.


Although the lists of benefits stemming from remote and flexible work options are long, there are a few negative consequences in operating virtually – namely, team communications. Too often, messages get lost in translation when they are not given and received face-to-face. And if employees are working from home independently, they may mistakenly feel they are working in a silo and don’t have the support of teammates and managers. There are a few things employers should do to ensure their remote workforce is as productive and happy as possible.


Establish Communications Programs and Protocols


Just because team members are not working in the same room, it doesn’t mean that they aren’t still expected to collaborate. Remote employees want to feel as though they have constant access to their teams. Creating a communications strategy around a messaging platform, like Slack, can ensure that every employee stays on the same page and feels constantly supported. While it’s true that one of the benefits of remote work is fewer distractions, employees still want to feel connected to their company and comfortable asking questions at a moment’s notice. Multi-functional communications platforms that allow employees to chat, share files, and share screens, ensures that quality is not sacrificed as a result of location. In many ways, over communication across remote teams are essential to mitigate misunderstandings. When team leads stress over, or at least, constant communication, it helps employees feel more comfortable stepping up and asking for questions. Because remote teams are not interacting face-to-face, it can be difficult to gauge mood and transparency, so it’s imperative that leaders set the tone that is open to questions and constant commentary.


Create an Employee Success Program


Because virtual teams do not interact face-to-face, often some of the standard practices of typical office structures are overlooked, including performance reviews and employee support. Implementing a product like SAP Success Factors helps virtual teams stay in tune with individual employee’s goals and performance benchmarks. The platform enables teams to centralize all HR initiatives and communications within one place, making it easy for both employee and employer to access. But simply logging goals and inputting performance feedback within a virtual platform is not enough to maintain employee motivation and morale. Managers of remote workforces should supplement an online HR database with consistent check-in calls or video conferences. Making the time each month or quarter to talk through challenges and opportunities with each individual on a team can help employees feel connected and valued. Cracks begin to surface when professional growth goals are ignored. Although they work remotely, virtual employees still want to feel connected to the overall mission of the company, which can be very difficult if they never receive the opportunity to collect feedback or ask questions.
Remote and flexible job opportunities are expected to continue to rise. Employers have seen the value in offering their teams the chance to work when they want, where they want, and how they want. And although the proliferation of remote employment is a positive trend, it must be supplemented by strong working protocols and supportive, virtual environments. Employees, whether they are in an office or not, are still human, and crave connection, communication, and feedback. It’s imperative that remote team leaders consider remote employee success and happiness with the same consideration of an in-office team.

SAP HANA provides users the ability to authenticate using a valid, trusted SAML assertion token. Recently, I was asked to demonstrate this ability to authenticate with a trusted SAML token from a Spring Security web application. So, I laid out a scenario as shown in the figure below.

As you can see in the figure, the Spring web application is the Service Provider (SP) while SSO Circle is the Identity Provider (IdP). The user connects to the web application and, on first login, is redirected to the Identity Provider to be authenticated. Upon successful authentication, the Spring web application receives a valid SAML assertion token.

The web application can then use the valid token to login to the SAP HANA database. An added benefit is that the database will also know the name of the external user for authorization purposes. In this blog post, I will describe the configuration steps that were needed to make this scenario work.

Step 0: Pre-requirements

In my scenario, I used the following software components:

0.1 SAP HANA v2 SP00 database. This worked with HANA v1 SP12 as well.

0.2 A valid SSO Circle user account available at https://idp.ssocircle.com/sso

Please go to SSO Circle and create a new user. Take note of your user name and email address.

0.3 Spring Security SAML sample web application. I downloaded the sample web application from the following link. Before you deploy this web application to your Tomcat container, please see the step that requires you to make a few edits first.


Step 1: Configure SAML provider in SAP HANA

In order for SAP HANA to trust the SAML assertion sent by the identity provider, you will need to first set up the SAML Identity Provider using the XS Admin utility.

1.1 Login to the XS Admin utility at http://host:8000/sap/xs/admin. Click on the XS Administration Tools icon next to the SAP logo and then click on SAML Identity Provider. Then, click on the plus sign to add a new identity provider.

1.2 Download the Identity Provider metadata for SSO Circle from the URL https://idp.ssocircle.com/idp-meta.xml. Copy and paste the contents of this file into the Metadata text box and press the TAB key. The required fields will be automatically filled out. I simply changed the provider name to SSOCIRCLE_COM.

1.3 Create a database user with an external identity tied to your SSO Circle user id. You can accomplish this by running the following SQL statements:



By default, SSO Circle specifies an email address in the Subject field of the SAML assertion token, therefore it is important for you to associate an email address with the user as shown above.

Step 2: Configure the Spring Security SAML web application

Although the Spring Security SAML sample web application comes with out of the box support for SSO Circle, it needs to be modified to connect to the HANA database. The sample was not meant to connect to a database, so we will need to modify a few things in order for it to serve our purpose.

Download the sample code and set it up in your favorite IDE and favorite build tool.

2.1 Add the SAP HANA JDBC driver to your war file. You will need to include the SAP HANA jdbc driver (ngdbc.jar) since you are going to connect to the HANA database. I just added the jar file directly to the src/main/webapp/WEB-INF/lib folder. When you build the war file, it should include the driver.

$ jar tvf spring-security-saml2-sample.war WEB-INF/lib/ngdbc.jar
921231 Tue Oct 25 14:07:16 MDT 2016 WEB-INF/lib/ngdbc.jar

2.2 Fix the webSSOprofileConsumer bean. There is a nasty issue where the SAML assertion token gets stripped down if you don’t set this property. In order to instruct Spring SAML to keep the assertion in the original form (keep its DOM) set property releaseDOM to false on bean WebSSOProfileConsumerImpl.

Update the bean configuration file src/main/webapp/WEB-INF/securityContext.xml file as shown here:

    <!-- SAML 2.0 WebSSO Assertion Consumer -->
    <bean id="webSSOprofileConsumer" class="org.springframework.security.saml.websso.WebSSOProfileConsumerImpl">
    	<property name="releaseDOM" value="false" />

2.3 Create a Java class to connect to the database and run get current user query:

package com.sap.startupfocus.demo;

import java.sql.*;
import org.opensaml.xml.util.XMLHelper;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml.SAMLCredential;
import org.springframework.security.saml.util.SAMLUtil;

public class DatabaseConnector {
    public static void getUserInfo() throws Exception {
    	/* Get assertion string */
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        SAMLCredential credential = (SAMLCredential) authentication.getCredentials();
    	String assertionString = XMLHelper.nodeToString(SAMLUtil.marshallMessage(credential.getAuthenticationAssertion()));

    	/* Connect to database with blank user name and assertion string as password */
		Connection c = DriverManager.getConnection(dbUrl, "", assertionString);
		System.out.println("Connected to " + dbUrl);

		/* Get current user query */
        Statement stmt = c.createStatement();
        ResultSet rs = stmt.executeQuery("select CURRENT_USER from DUMMY");
        if (rs.next()) {
            String currentUser = rs.getString(1);
            System.out.println("Current User = " + currentUser);

    private static String dbUrl = "jdbc:sap://dbhost:30015/";

2.4 Create a hook in the index.jsp web page to call the getUserInfo() static method. Edit the file src/main/webapp/index.jsp and add the call at the location shown below:

<%@ page import="com.sap.startupfocus.demo.DatabaseConnector" %>

          Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
          SAMLCredential credential = (SAMLCredential) authentication.getCredentials();
          pageContext.setAttribute("authentication", authentication);
          pageContext.setAttribute("credential", credential);
          pageContext.setAttribute("assertion", XMLHelper.nodeToString(SAMLUtil.marshallMessage(credential.getAuthenticationAssertion())));
========> DatabaseConnector.getUserInfo();

Step 3: Deploy and test!

So, that should be it. Deploy the war file to your favorite Java container, and open up the web page for your sample application. It should redirect you to SSO Circle to log in and then you should receive the following page:

Also, if you look at the log files you should see the message that the connection was successful and the current user should be SUNIL_WADHWA!

Connected to jdbc:sap://dbhost:30015/
Current User = SUNIL_WADHWA


Generate LOIPRO IDOCs at the time of creating a Production order.

We have a Standard Transaction code POIM to transfer the information of a production order.

But we need to send the Order information at the time of creation of the Order in COR1 transaction.

Hence we are going for an enhancement option where the standard program to trigger the IDOC is called.

We are using the following BADI implementation to trigger the IDOC.



In this method, we get all the process order details which is enough to run the Standard program “RCCLORD” which triggers the IDOCs.

But the program will be executed unsuccessfully because the Production order details will not be updated in the database when we execute the Program in the Enhancement BADI, but this is the IDEAL place to trigger the IDOCs.

Hence we need to write a RFC function module which should be executed in back ground task as separate unit destination “NONE”.



Pass the required values from the method to the Function module.

This RFC FM will trigger in a background task once the Production order is created successfully in S4 system. Hence the data will be available in the database and the program to trigger IDOCs will execute successfully.

Create an Order in COR1 transaction,

Release the order and save it.

GO TO COR2 transaction and check the latest order, the order ends with XXX02981.

Once the Order is saved GO TO WE02 and the outbound IDOC for LOIPRO has triggered, pick the latest IDOC.

In the data records we can find the IDOC details of latest Order number.


Hence IDOC is automatically triggered when an Order is created in COR1 transaction.