To address the target end point of the deployment process of MTA Deployment on Cloud Foundry, you can create a destination to SAP Cloud Deployment service with OAuth2Password authentication.
-
In SAP BTP Cockpit of your subaccount, choose Connectivity > Destinations.
-
In the Destinations editor, choose Create > From Scratch > Create.
-
Enter or select the following values:
Destination Settings for MTA Deployment on Cloud Foundry with OAuth2Password Authentication
Field
Description
More Information
Name
Name of the destination
SAP BTP, Cloud Foundry: Using the Destinations Editor in the Cockpit
Type
HTTP
Description
The description of the destination is optional.
Proxy Type
Internet
URL
Specify the URL to the SAP Cloud Deployment service as the deploy end point of the destination. To address the SAP Cloud Deployment service, you have the following options:
-
Using the names of your org and space
https://deploy-service.cf.<domain>/slprot/<myorg>/<myspace>/slp-
<domain>: Domain of your target subaccountThe domain is derived from the Cloud Foundry API endpoint that you can find in the SAP BTP Cockpit in the Overview of your subaccount.
-
<myorg>/<myspace>: Names of your org and spaceYou must escape special characters in your org and space name (<myorg>/<myspace>) with a proper URL encoding. For example, replace space characters with
%20, and commas with%2C.
-
Sample URL for the Cloud Foundry API endpoint:
api.cf.eu10-004.hana.ondemand.com,<myorg>:TestOrg, and<myspace>:TestSpace:https://deploy-service.cf.eu10-004.hana.ondemand.com/slprot/TestOrg/TestSpace/slp -
Sample URL with URL encoding for
<myorg>:Example Company Test Organd<myspace>:Example Company Test Space:https://deploy-service.cf.eu10-004.hana.ondemand.com/slprot/Example%20Company%20Test%20Org/Example%20Company%20Test%20Space/slp
-
-
Using the GUID of your space
https://deploy-service.cf.<domain>/slprot/<my-space-guid>/slp-
<domain>: Domain of your subaccountThe domain is derived from the Cloud Foundry API endpoint that you can find in the SAP BTP Cockpit in the Overview of your subaccount.
-
<my-space-guid>: GUID of your spaceTo retrieve the GUID of your space, use the Cloud Foundry Command Line Interface (cf CLI). Log on to your org, and execute the following command:
cf space <my-space-name> --guid.
Sample URL for the Cloud Foundry API endpoint:
api.cf.eu10-004.hana.ondemand.comand<my-space-guid>:977a24d6-2eaf-432d-a3e1-5294451551a3:https://deploy-service.cf.eu10-004.hana.ondemand.com/slprot/977a24d6-2eaf-432d-a3e1-5294451551a3/slp -
More information about regions and API endpoints:
More information about cf CLI:
Authentication
Select OAuth2Password.
This authentication is based on a user credential flow. At first, the Cloud Foundry User Account and Authentication (UAA) service is called with the name and the password of this user. The authentication service then returns a JSON Web Token (JWT) which is used to call the API of the SAP Cloud Deployment service.
This authentication type requires a Client ID with the value
cf, and a Token Service URL defined, pointing to the Cloud Foundry User Account and Authentication service.Using a Custom Identity Provider
You can use your corporate (custom) identity provider for the transport destination. To do this, the following prerequisites must be fulfilled:
-
You've registered your custom identity provider with SAP as described under Establish Trust and Federation of Custom Identity Providers for Platform Users.
-
You've enabled automated logon with your custom identity provider as described under Log On as a Technical User with a Custom Identity Provider.
To use your custom identity provider for the transport destination, under Additional Properties, add the
originproperty. As the value of the property, enter the value of origin of your custom identity provider.User
Specify the user name (usually, an email address) of the user that is used for the deployment.
-
The user used for the destination must be a valid user on Cloud Foundry environment and it must have the role
SpaceDeveloperin the target space. -
The user must be a platform user so that the deployment works for all content types. For more information, see Platform Users.
-
The user used for the destination isn’t subject to any Data Protection and Privacy requirements.
-
We recommend that you use a technical user to avoid constraints typically associated with personal users, such as password rotation.
Password
Specify the password of the user.
Client ID
Enter
cfas the value.Client Secret
Client Secret isn’t required. This value can be left empty.
Token Service URL
Enter the URL to the Cloud Foundry UAA (CF UAA) authentication service in the following format:
https://login.cf.<domain>The domain is derived from the Cloud Foundry API endpoint that you can find in the SAP BTP Cockpit in the Overview of your target subaccount. For the Token Service URL, replace
apibylogin.For the Cloud Foundry API endpoint:
api.cf.eu10-004.hana.ondemand.com, the Token Service URL is:https://login.cf.eu10-004.hana.ondemand.com.Regions and API Endpoints Available for the Cloud Foundry Environment.
Use default client truststore
This checkbox is selected by default.
If you leave the checkbox selected, the default client truststore with certificates provided by SAP are used.
If you want to change this, see Use Destination Certificates (Cockpit).
-
-
Choose Create to create the destination.
-
Optional: After creating the destination, click anywhere in the row to display its details.
-
Optional: Choose Check Connection to check your destination.
The result should display HTTP request (without authentication) to <Name of the destination> destination succeeded.
This result means that the URL specified in the destination can be reached. However, such a successful check doesn’t guarantee successful deployment. We recommend that you test the deployment using a test transport after completing all configuration steps required for your transport scenario.
For more information about connection checks, see Check the Availability of a Destination.