SAP S/4HANA connector
Connectors continue to be released outside the IDM release. For the latest documentation, refer to the ICF documentation. |
The SAP S/4HANA connector lets you manage and synchronize accounts between SAP S/4HANA and IDM managed user objects. An SAP S/4HANA administrator account is required for this connector to work.
The SAP S/4HANA connector only supports SAP HANA Cloud. It does not support HANA DB. |
Before you start
Before you configure the connector, log in to your AWS administrator account and note the following:
- Username
-
Inbound Communication user of SAP S/4HANA.
- Password
-
Inbound Communication user password of SAP S/4HANA.
- Tenant ID
-
Which tenant the SAP S/4HANA instance is hosted on.
Install the SAP S/4HANA connector
Download the connector .jar file from the ForgeRock BackStage download site.
-
If you are running the connector locally, place it in the
/path/to/openidm/connectors
directory, for example:mv ~/Downloads/saphana-connector-1.5.20.15.jar /path/to/openidm/connectors/
-
If you are using a remote connector server (RCS), place it in the
/path/to/openicf/connectors
directory on the RCS.
Configure the SAP S/4HANA connector
Create a connector configuration using the admin UI:
-
Select Configure > Connectors and click New Connector.
-
Enter a Connector Name.
-
Select SAP HANA Connector - 1.5.20.15 as the Connector Type.
-
Provide the Base Connector Details.
-
Click Save.
When your connector is configured correctly, the connector displays as Active in the admin UI.
Alternatively, test that the configuration is correct by running the following command:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system/saphana?_action=test" { "name": "saphana", "enabled": true, "config": "config/provisioner.openicf/saphana", "connectorRef": { "bundleVersion": "[1.5.0.0,1.6.0.0)", "bundleName": "org.forgerock.openicf.connectors.saphana-connector", "connectorName": "org.forgerock.openicf.connectors.saphana.SapHanaConnector" }, "displayName": "SAP HANA Connector", "objectTypes": [ "__ACCOUNT__", "__ALL__" ], "ok": true }
If the command returns "ok": true
, your connector has been configured correctly, and can authenticate to the SAP S/4HANA system.
Use the SAP S/4HANA connector
The following SAP S/4HANA account attributes are supported by the SAP S/4HANA connector:
Attribute | Description |
---|---|
|
Unique identifier for a user. |
|
The external ID of the user. This can only include uppercase letters, numbers, |
|
Auto-generated user id. |
|
Auto-generated user id. |
|
Login username for the user. This can only include uppercase letters, numbers, |
|
First name of the user. Required. |
|
Last name of the user. Required. |
|
Middle name of the user. |
|
Status of the user. Either |
|
Gender of the user. Permitted values are |
|
Salutation of the user. Permitted values are |
|
Start date for the created user, in YYYY-MM-DD format. Required. |
|
End date for the created user, in YYYY-MM-DD format. |
|
Full name of the user. |
|
Academic title of the user. Permitted values are |
|
The correspondence language for the user. For example, |
|
Additional last name of the user. |
|
Birth name of the user. |
|
Nickname of the user. |
|
Initials of the user. |
|
Academic secondary title of the user. Permitted values are |
|
Supplemental titles of the user. Permitted values are |
|
Object with the following sub-attributes:
|
|
Email address of the user. |
|
Predefined code of the company of the user. Required. |
|
Status of the work agreement for the user. Permitted values are |
|
Language code for the user. |
|
What format dates should be displayed in. For example,
|
|
What format times should be displayed in. For example,
|
|
Time zone code of the user. |
|
What decimal notation numbers should be displayed in. Available codes:
|
|
Role assignment of the user. |
|
Unique ID of the work agreement associated with the user. |
|
External ID of the work agreement associated with the user. |
|
Role of the work agreement associated with the user. Permitted values are |
The following attributes are mapped in the connector automatically:
|
You can use the SAP S/4HANA connector to perform the following actions on an SAP S/4HANA account:
Create an SAP S/4HANA user
The following example creates a user with the minimum required attributes:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --request POST \ --data '{ "__NAME__": "BJENSEN", "FirstName": "Barbara", "LastName": "Jensen", "StartDate": "2022-06-02", "PersonExternalID": "BJENSEN", "CompanyCode": 1010, "GenderCode": 2 }' \ "http://localhost:8080/openidm/system/saphana/__ACCOUNT__?_action=create" { "_id": "9980004320", "TimeFormatCode": "0", "PersonFullName": "Barbara Jensen", "__UID__": "9980004320", "FirstName": "Barbara", "UserID": "CB9980004320", "__NAME__": "BJENSEN", "DecimalFormatCode": "X", "StartDate": "2022-06-02", "LogonLanguageCode": "EN", "LastName": "Jensen", "PersonExternalID": "BJENSEN", "PersonUUID": "FA163EA9-3617-1EEC-B8DA-AD865EF3B625", "__ENABLE__": true, "TimeZoneCode": "CET", "EndDate": "9999-12-31", "DateFormatCode": "1" }
When you create a new user, you must specify at least:
See the list of available attributes for more information. |
Update an SAP S/4HANA user
You can modify an existing user with a PUT request, including all attributes of the account in the request. The following attributes can be modified on a user:
-
__USER__
-
PersonExternalID
-
FirstName
-
LastName
-
GenderCode
-
EmailAddress
-
PhoneInformation
-
PersonFullName
-
AcademicTitle
-
CorrespondenceLanguage
-
MiddleName
-
AdditionalLastName
-
BirthName
-
NickName
-
Initials
-
AcademicSecondTitle
-
NameSupplement
-
WorkAgreementStatus
-
CompanyCode
-
StartDate
-
EndDate
-
LockedIndicator
-
DateFormatCode
-
DecimalFormatCode
-
TimeFormatCode
-
TimeZoneCode
-
LogonLanguageCode
-
Role
When updating the validity period for a user, both |
For example, to add an email address to a user:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --header "If-Match:*" \ --request PUT \ --data '{ "__NAME__": "BJENSEN", "FirstName": "Barbara", "LastName": "Jensen", "StartDate": "2022-06-02", "PersonExternalID": "BJENSEN", "CompanyCode": 1010, "GenderCode": 2, "EmailAddress": "bjensen@example.com" }' \ "http://localhost:8080/openidm/system/saphana/__ACCOUNT__/9980004320" { "_id": "9980004320", "TimeFormatCode": "0", "PersonFullName": "Barbara Jensen", "__UID__": "9980004320", "EmailAddress": "bjensen@example.com", "FirstName": "Barbara", "UserID": "CB9980004320", "__NAME__": "BJENSEN", "DecimalFormatCode": "X", "StartDate": "2022-06-02", "LogonLanguageCode": "EN", "LastName": "Jensen", "PersonExternalID": "BJENSEN", "PersonUUID": "FA163EA9-3617-1EEC-B8DA-AD865EF3B625", "__ENABLE__": true, "TimeZoneCode": "CET", "EndDate": "9999-12-31", "DateFormatCode": "1" }
Query SAP S/4HANA users
The following example queries all SAP S/4HANA users:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --request GET \ "http://localhost:8080/openidm/system/saphana/__ACCOUNT__?_queryId=query-all-ids" { "result": [ { "_id": "9980000000" }, { "_id": "9980000002" }, { "_id": "9980000004" }, { "_id": "9980000006" }, [ ... ] { "_id": "9980004314" }, { "_id": "9980004316" }, { "_id": "9980004318" }, { "_id": "9980004320" } ], "resultCount": 2139, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 }
The following command queries a specific user by their ID:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --request GET \ "http://localhost:8080/openidm/system/saphana/__ACCOUNT__/9980004320" { "_id": "9980004320", "TimeFormatCode": "0", "PersonFullName": "Barbara Jensen", "__UID__": "9980004320", "EmailAddress": "bjensen@example.com", "FirstName": "Barbara", "UserID": "CB9980004320", "__NAME__": "BJENSEN", "DecimalFormatCode": "X", "StartDate": "2022-06-02", "LogonLanguageCode": "EN", "LastName": "Jensen", "PersonExternalID": "BJENSEN", "PersonUUID": "FA163EA9-3617-1EEC-B8DA-AD865EF3B625", "__ENABLE__": true, "TimeZoneCode": "CET", "EndDate": "9999-12-31", "DateFormatCode": "1" }
Enable an SAP S/4HANA user
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --header "If-Match:*" \ --request PUT \ --data '{ "__NAME__": "BJENSEN", "__ENABLE__": true }' \ "http://localhost:8080/openidm/system/saphana/__ACCOUNT__/9980004320" { "_id": "9980004320", "TimeFormatCode": "0", "PersonFullName": "Barbara Jensen", "__UID__": "9980004320", "EmailAddress": "bjensen@example.com", "FirstName": "Barbara", "UserID": "CB9980004320", "__NAME__": "BJENSEN", "DecimalFormatCode": "X", "StartDate": "2022-06-02", "LogonLanguageCode": "EN", "LastName": "Jensen", "PersonExternalID": "BJENSEN", "PersonUUID": "FA163EA9-3617-1EEC-B8DA-AD865EF3B625", "__ENABLE__": true, "TimeZoneCode": "CET", "EndDate": "9999-12-31", "DateFormatCode": "1" }
Disable an SAP S/4HANA user
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --header "If-Match:*" \ --request PUT \ --data '{ "__NAME__": "BJENSEN", "__ENABLE__": false }' \ "http://localhost:8080/openidm/system/saphana/__ACCOUNT__/9980004320" { "_id": "9980004320", "TimeFormatCode": "0", "PersonFullName": "Barbara Jensen", "__UID__": "9980004320", "EmailAddress": "bjensen@example.com", "FirstName": "Barbara", "UserID": "CB9980004320", "__NAME__": "BJENSEN", "DecimalFormatCode": "X", "StartDate": "2022-06-02", "LogonLanguageCode": "EN", "LastName": "Jensen", "PersonExternalID": "BJENSEN", "PersonUUID": "FA163EA9-3617-1EEC-B8DA-AD865EF3B625", "__ENABLE__": false, "TimeZoneCode": "CET", "EndDate": "9999-12-31", "DateFormatCode": "1" }
OpenICF Interfaces Implemented by the SAP HANA Connector
The SAP HANA Connector implements the following OpenICF interfaces. For additional details, see ICF interfaces:
- Create
-
Creates an object and its
uid
. - Schema
-
Describes the object types, operations, and options that the connector supports.
- Script on Connector
-
Enables an application to run a script in the context of the connector.
Any script that runs on the connector has the following characteristics:
-
The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access.
-
The script has access to a
connector
variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration. -
The script has access to any script arguments passed in by the application.
-
- Search
-
Searches the target resource for all objects that match the specified object class and filter.
- Test
-
Tests the connector configuration.
Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid.
This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out).
You can invoke the test operation before a connector configuration has been validated.
- Update
-
Updates (modifies or replaces) objects on a target resource.
SAP HANA Connector Configuration
The SAP HANA Connector has the following configurable properties:
Basic configuration properties
Property | Type | Default | Encrypted(1) | Required(2) |
---|---|---|---|---|
|
|
|
|
Yes |
Provide the Username to authorize the SAP HANA APIs |
||||
|
|
|
Yes |
Yes |
Provide the Password to authorize the SAP HANA APIs |
||||
|
|
|
|
Yes |
Provide the Tenant ID to identify your custom SAP HANA APIs |
||||
|
|
|
|
No |
Page Size for search operation |
||||
|
|
|
|
No |
Provide the HTTP Proxy Host |
||||
|
|
|
|
No |
Provide the HTTP Proxy Port |
||||
|
|
|
|
No |
Provide the HTTP Proxy Username |
||||
|
|
|
Yes |
No |
Provide the HTTP Proxy Password |
(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.
(2) A list of operations in this column indicates that the property is required for those operations.