From 47a24b3dedb457d2278c89448a2b60f944001be5 Mon Sep 17 00:00:00 2001 From: ditaccms-bot Date: Wed, 29 May 2024 13:51:46 +0000 Subject: [PATCH] Update from SAP DITA CMS (squashed): commit c474b4386da1d1df2971188a6a80785c9ead156f Author: REDACTED Date: Wed May 29 12:39:58 2024 +0000 Update from SAP DITA CMS 2024-05-29 12:39:58 Project: dita-all/jjq1673438782153 Project map: c2f780f61c744155b0bd42b6f38fb70c.ditamap Output: loiob2927cc326be495da9f4fea0b6bda2b3 Language: en-US Builddable map: c590d25af285407ba12a69179a940c19.ditamap commit 635c891be264eed858544f4a12ce3bb713204e37 Author: REDACTED Date: Wed May 29 12:21:26 2024 +0000 Update from SAP DITA CMS 2024-05-29 12:21:26 Project: dita-all/jjq1673438782153 Project map: c2f780f61c744155b0bd42b6f38fb70c.ditamap Output: loiob2927cc326be495da9f4fea0b6bda2b3 Language: en-US Builddable map: c590d25af285407ba12a69179a940c19.ditamap commit dc4a655cbbcfe52b627a8e4c5789fdc91dc90ff6 Author: REDACTED Date: Tue May 28 15:07:00 2024 +0000 Update from SAP DITA CMS 2024-05-28 15:07:00 Project: dita-all/jjq1673438782153 Project map: c2f780f61c744155b0bd42b6f38fb70c.ditamap Output: loiob2927cc326be495da9f4fea0b6bda2b3 Language: en-US Builddable map: c590d25af285407ba12a69179a940c19.ditamap ################################################## [Remaining squash message was removed before commit...] --- .../initial-configuration-db9170a.md | 11 ++- .../lifecycle-management-1c18e0c.md | 4 +- .../prerequisites-e23f776.md | 82 +++++++++---------- .../target-system-configuration-ab6eac9.md | 47 ++++++++++- .../user-logon-properties-8b1e1c3.md | 64 ++++++++++++++- 5 files changed, 158 insertions(+), 50 deletions(-) diff --git a/docs/1-connectivity-documentation/initial-configuration-db9170a.md b/docs/1-connectivity-documentation/initial-configuration-db9170a.md index 943e739..ca5661a 100644 --- a/docs/1-connectivity-documentation/initial-configuration-db9170a.md +++ b/docs/1-connectivity-documentation/initial-configuration-db9170a.md @@ -280,11 +280,18 @@ Press *Add Subaccount* to define a subaccount. This will open a dialog or wizard 7. Choose *Finish*. -4. \(Skip if you have selected *manual* configuration\) For the *file-based* approach, the following dialog is shown: +4. \(Skip if you have selected *manual* configuration\) For the *file-based* approach using authentication data, the following dialog is shown: ![](images/SCC_InitialConfig_-_FileBasedConfig_ab635bc.png) - Choose the file containing the desired authentication data and press *Next*. You can then review the data extracted from the file, as well as optionally enter a location ID and a description \(see step 3d and 3e for details on the latter two properties\). + You can download the authentication data file from your subaccount in the SAP BTP cockpit. To do so, + + 1. Log on to the SAP BTP cockpit and choose the subaccount you'd like connect to. + 2. Go to section *Connectivity* \> *Cloud Connectors* and press *Download Authentication Data*. + 3. Choose the file containing the authentication data and press *Next*. + + You can then review the data extracted from the file, as well as optionally enter a location ID and a description \(see step 3d and 3e for details on the latter two properties\). + ![](images/SCC_InitialConfig_-_FileBasedConfig_Summary_92c40f6.png) diff --git a/docs/1-connectivity-documentation/lifecycle-management-1c18e0c.md b/docs/1-connectivity-documentation/lifecycle-management-1c18e0c.md index 0ceb184..b753551 100644 --- a/docs/1-connectivity-documentation/lifecycle-management-1c18e0c.md +++ b/docs/1-connectivity-documentation/lifecycle-management-1c18e0c.md @@ -14,7 +14,7 @@ The transparent proxy Helm chart is available via the RBSC \(*repository-based s ## Latest Helm Chart Version -The latest helm chart version is 1.5.0 for both RBSC and DockerHub. +The latest helm chart version is f for both RBSC and DockerHub. @@ -24,7 +24,7 @@ The latest helm chart version is 1.5.0 for both RBSC and DockerHub. **Registry:** 73554900100900006891.helmsrv.cdn.repositories.cloud.sap -**Tag:** 1.5.0 +**Tag:** 1.5.2 **Authorization**: See [RBSC documentation](https://help.sap.com/viewer/0a64be17478d4f5ba45d14ab62b0d74c/Cloud/en-US/7e83dfc309834942b441fc2106c5b7f5.html). diff --git a/docs/1-connectivity-documentation/prerequisites-e23f776.md b/docs/1-connectivity-documentation/prerequisites-e23f776.md index 107cf5e..80ff8b2 100644 --- a/docs/1-connectivity-documentation/prerequisites-e23f776.md +++ b/docs/1-connectivity-documentation/prerequisites-e23f776.md @@ -766,7 +766,7 @@ Europe \(Frankfurt\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -780,7 +780,7 @@ connectivitynotification.cf.eu10.hana.ondemand.com `3.124.222.77`, `3.122.209.241`, `3.124.208.223` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.159.31.22, 3.69.186.98, 3.77.195.119** @@ -796,7 +796,7 @@ connectivitycertsigning.cf.eu10.hana.ondemand.com `3.124.222.77`, `3.122.209.241`, `3.124.208.223` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.159.31.22, 3.69.186.98, 3.77.195.119** @@ -812,7 +812,7 @@ connectivitytunnel.cf.eu10.hana.ondemand.com `3.124.222.77`, `3.122.209.241`, `3.124.208.223` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.159.31.22, 3.69.186.98, 3.77.195.119** @@ -828,7 +828,7 @@ connectivitytunnel.cf.eu10-002.hana.ondemand.com `3.64.227.236`, `3.126.229.22`, `18.193.180.19` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.153.123.11, 3.121.37.195, 3.73.215.90** @@ -844,7 +844,7 @@ connectivitytunnel.cf.eu10-003.hana.ondemand.com `3.127.77.3`, `3.64.196.58`, `18.156.151.247` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.197.252.154, 3.79.137.29, 52.58.93.50** @@ -860,7 +860,7 @@ connectivitytunnel.cf.eu10-004.hana.ondemand.com `3.65.185.47`, `3.70.38.218`, `18.196.206.8` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **3.73.109.100, 3.73.8.210, 52.59.18.183** @@ -878,7 +878,7 @@ Europe \(Frankfurt\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -892,7 +892,7 @@ connectivitynotification.cf.eu11.hana.ondemand.com `3.124.207.41`, `18.157.105.117`, `18.156.209.198` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **3.66.26.249, 3.72.216.204, 3.74.99.245** @@ -908,7 +908,7 @@ connectivitycertsigning.cf.eu11.hana.ondemand.com `3.124.207.41`, `18.157.105.117`, `18.156.209.198` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **3.66.26.249, 3.72.216.204, 3.74.99.245** @@ -924,7 +924,7 @@ connectivitytunnel.cf.eu11.hana.ondemand.com `3.124.207.41`, `18.157.105.117`, `18.156.209.198` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **3.66.26.249, 3.72.216.204, 3.74.99.245** @@ -1042,7 +1042,7 @@ US East \(VA\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -1056,7 +1056,7 @@ connectivitynotification.cf.us10.hana.ondemand.com `52.23.189.23`, `52.4.101.240`, `52.23.1.211` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.213.242.208, 3.214.110.153, 34.205.56.51** @@ -1072,7 +1072,7 @@ connectivitycertsigning.cf.us10.hana.ondemand.com `52.23.189.23`, `52.4.101.240`, `52.23.1.211` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.213.242.208, 3.214.110.153, 34.205.56.51** @@ -1088,7 +1088,7 @@ connectivitytunnel.cf.us10.hana.ondemand.com `52.23.189.23`, `52.4.101.240`, `52.23.1.211` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.213.242.208, 3.214.110.153, 34.205.56.51** @@ -1104,7 +1104,7 @@ connectivitytunnel.cf.us10-001.hana.ondemand.com `3.220.114.17`, `3.227.182.44`, `52.86.131.53` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **44.218.82.203, 44.219.57.163, 50.16.106.103** @@ -1120,7 +1120,7 @@ connectivitytunnel.cf.us10-002.hana.ondemand.com `34.202.68.0`, `54.234.152.59`, `107.20.66.86` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **3.214.116.95, 54.144.230.36, 54.226.37.104** @@ -1267,7 +1267,7 @@ Brazil \(São Paulo\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -1281,7 +1281,7 @@ connectivitynotification.cf.br10.hana.ondemand.com `18.229.91.150`, `52.67.135.4`, `54.232.179.204` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.228.53.198, 52.67.149.240, 54.94.179.209** @@ -1297,7 +1297,7 @@ connectivitycertsigning.cf.br10.hana.ondemand.com `18.229.91.150`, `52.67.135.4`, `54.232.179.204` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.228.53.198, 52.67.149.240, 54.94.179.209** @@ -1313,7 +1313,7 @@ connectivitytunnel.cf.br10.hana.ondemand.com `18.229.91.150`, `52.67.135.4`, `54.232.179.204` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.228.53.198, 52.67.149.240, 54.94.179.209** @@ -1331,7 +1331,7 @@ Japan \(Tokyo\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -1345,7 +1345,7 @@ connectivitynotification.cf.jp10.hana.ondemand.com `13.114.117.83`, `3.114.248.68`, `3.113.252.15` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.178.155.134, 57.180.140.5, 57.180.145.179** @@ -1361,7 +1361,7 @@ connectivitycertsigning.cf.jp10.hana.ondemand.com `13.114.117.83`, `3.114.248.68`, `3.113.252.15` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.178.155.134, 57.180.140.5, 57.180.145.179** @@ -1377,7 +1377,7 @@ connectivitytunnel.cf.jp10.hana.ondemand.com `13.114.117.83`, `3.114.248.68`, `3.113.252.15` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **18.178.155.134, 57.180.140.5, 57.180.145.179** @@ -1438,7 +1438,7 @@ Australia \(Sydney\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -1452,7 +1452,7 @@ connectivitynotification.cf.ap10.hana.ondemand.com `13.236.220.84`, `13.211.73.244`, `3.105.95.184` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.55.188.95, 3.105.212.249, 3.106.45.106** @@ -1468,7 +1468,7 @@ connectivitycertsigning.cf.ap10.hana.ondemand.com `13.236.220.84`, `13.211.73.244`, `3.105.95.184` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.55.188.95, 3.105.212.249, 3.106.45.106** @@ -1484,7 +1484,7 @@ connectivitytunnel.cf.ap10.hana.ondemand.com `13.236.220.84`, `13.211.73.244`, `3.105.95.184` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.55.188.95, 3.105.212.249, 3.106.45.106** @@ -1502,7 +1502,7 @@ Asia Pacific \(Singapore\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -1516,7 +1516,7 @@ connectivitynotification.cf.ap11.hana.ondemand.com `3.0.9.102`,`18.140.39.70`, `18.139.147.53` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.229.158.122, 18.140.228.217, 52.74.215.89** @@ -1532,7 +1532,7 @@ connectivitycertsigning.cf.ap11.hana.ondemand.com `3.0.9.102`, `18.140.39.70`, `18.139.147.53` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.229.158.122, 18.140.228.217, 52.74.215.89** @@ -1548,7 +1548,7 @@ connectivitytunnel.cf.ap11.hana.ondemand.com `3.0.9.102`, `18.140.39.70`, `18.139.147.53` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.229.158.122, 18.140.228.217, 52.74.215.89** @@ -1566,7 +1566,7 @@ Asia Pacific \(Seoul\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -1580,7 +1580,7 @@ connectivitynotification.cf.ap12.hana.ondemand.com `3.35.255.45`, `3.35.106.215`, `3.35.215.12` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.209.236.215, 43.201.194.105, 43.202.204.5** @@ -1596,7 +1596,7 @@ connectivitycertsigning.cf.ap12.hana.ondemand.com `3.35.255.45`, `3.35.106.215`, `3.35.215.12` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.209.236.215, 43.201.194.105, 43.202.204.5** @@ -1612,7 +1612,7 @@ connectivitytunnel.cf.ap12.hana.ondemand.com `3.35.255.45`, `3.35.106.215`, `3.35.215.12` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **13.209.236.215, 43.201.194.105, 43.202.204.5** @@ -1718,7 +1718,7 @@ Canada \(Montreal\) - AWS > > **Action:** > -> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. The additional IP addresses will be used after March 31, 2024. +> If you restrict system access by *allowlisting IPs* in firewall rules, make sure you update your configuration as soon as possible. @@ -1732,7 +1732,7 @@ connectivitynotification.cf.ca10.hana.ondemand.com `3.98.102.153`, `35.182.75.101`, `35.183.74.34` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **15.157.88.166, 3.98.202.222, 52.60.210.33** @@ -1748,7 +1748,7 @@ connectivitycertsigning.cf.ca10.hana.ondemand.com `3.98.102.153`, `35.182.75.101`, `35.183.74.34` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **15.157.88.166, 3.98.202.222, 52.60.210.33** @@ -1764,7 +1764,7 @@ connectivitytunnel.cf.ca10.hana.ondemand.com `3.98.102.153`, `35.182.75.101`, `35.183.74.34` -**Additonal IP addresses \(valid after March 31, 2024\):** +**Additonal IP addresses:** **15.157.88.166, 3.98.202.222, 52.60.210.33** diff --git a/docs/1-connectivity-documentation/target-system-configuration-ab6eac9.md b/docs/1-connectivity-documentation/target-system-configuration-ab6eac9.md index 95a316b..e2bf991 100644 --- a/docs/1-connectivity-documentation/target-system-configuration-ab6eac9.md +++ b/docs/1-connectivity-documentation/target-system-configuration-ab6eac9.md @@ -223,8 +223,11 @@ To use a direct connection over WebSocket, you must set the value for * @@ -330,6 +333,46 @@ If you don't want to use the default JDK trust store \(option *Use default JDK t Password for the JKS trust store file. This field is mandatory if ** is used. + + + + + +`jco.destination.ws_ping_period` + + + + +Optional property. + +Time period of a WebSocket client connection in seconds after which a keep alive WebSocket ping packet is sent while waiting for response data during a call. + +- Switching keep alive pinging from off \[0\] to on \[greater than 10\] and vice versa will only affect new RFC connections opened afterwards. +- Default is the value of JCo property `jco.ws.ping_period`, which is 300 seconds, if not set to a different value. +- Valid values are 0 \[off\] and a range from 10 \[ten seconds\] to 86400 \[one day\]. + + + + + + + + +`jco.destination.ws_pong_timeout` + + + + +Optional property. + +Timeout for a WebSocket keep alive ping reply packet in seconds. If no such so-called pong packet is received from the communication partner as a reply to a previously sent WebSocket keep alive ping packet within this timeout period, the client connection is considered as broken and will be closed. + +- Switching a pong timeout from off \[0\] to on \[greater than 10\] and vice versa will only affect new RFC connections opened afterwards. +- Default is the value of JCo property `jco.ws.pong_timeout`, which is 60 seconds, if not set to a different value. +- Valid values are 0 \[off\] and a range from 10 \[ten seconds\] to 3600 \[one hour\]. + + + diff --git a/docs/1-connectivity-documentation/user-logon-properties-8b1e1c3.md b/docs/1-connectivity-documentation/user-logon-properties-8b1e1c3.md index faee621..f54dbf0 100644 --- a/docs/1-connectivity-documentation/user-logon-properties-8b1e1c3.md +++ b/docs/1-connectivity-documentation/user-logon-properties-8b1e1c3.md @@ -129,11 +129,69 @@ For more information on WebSocket RFC, see also: Optional property. -- If the property is not provided, its default value `CONFIGURED_USER` is used, which means that user, password, or other credentials are specified directly. -- To enable single sign-on via principal propagation \(which means that the identity logged on in the cloud application is forwarded to the on-premise system\), set the value to `PrincipalPropagation`. In this case, you do not need to provide `jco.client.user` and `jco.client.passwd` in the configuration. +> ### Note: +> SAP BTP supports the propagation of business users \(principal propagation\) and technical users from the cloud application towards on-premise systems. +> +> In both cases, a specific access token representing the business user or technical user is retrieved in the RFC runtime \(for example, in JCo or SAP BTP ABAP environment\), which can then be sent to the Connectivity service. +> +> For more information, see [Authenticating Users against On-Premise Systems](authenticating-users-against-on-premise-systems-b643fbe.md). + +- If the property is not provided, its default value `CONFIGURED_USER` is used. In this case, user, password, or other credentials are specified directly. +- To enable single sign-on via principal propagation \(an access token representing the business user logged on in the cloud application is forwarded to the on-premise system\), set the value to `PrincipalPropagation`. In this case, you do not need to provide `jco.client.user` and `jco.client.passwd` in the configuration. +- To enable technical user propagation \(an access token representing the technical user is forwarded to the on-premise system\), set the value to `TechnicalUserPropagation`. In this case, you do not need to provide `jco.client.user` and `jco.client.passwd` in the configuration. > ### Note: -> For `PrincipalPropagation`, you should configure the properties `jco.destination.repository.user` and `jco.destination.repository.passwd` instead, since there are special permissions needed \(for metadata lookup in the back end\) that not all business application users might have. +> For `PrincipalPropagation`/`TechnicalUserPropagation`, you should configure the properties `jco.destination.repository.user` and `jco.destination.repository.passwd` instead, since there are special permissions needed \(for metadata lookup in the back end\) that not all business/technical users might have. + + + + + + + + +`jco.client.tech_user_id` + + + + +> ### Note: +> Only needed for `jco.destination.auth_type`=`TechnicalUserPropagation`. + +Client ID of the application. + + + + + + +`jco.client.tech_user_secret` + + + + +> ### Note: +> Only needed for `jco.destination.auth_type`=`TechnicalUserPropagation`. + +Client secret for the Client ID. + + + + + + +`jco.client.tech_user_service_url` + + + + +> ### Note: +> Only needed for `jco.destination.auth_type`=`TechnicalUserPropagation`. + +URL of the token service, against which the token exchange is performed. + +> ### Remember: +> The token service is not accessed through the Cloud Connector, but through the Internet.