The Sustainable SaaS (SusaaS) sample application has been built in a partner collaboration to help interested developers, partners, and customers in developing multitenant Software as a Service applications using CAP and deploying them to the SAP Business Technology Platform (SAP BTP). For this use-case, the Kyma Runtime was chosen. Still, you can also develop similar SaaS applications in other runtimes like Cloud Foundry or the SAP BTP ABAP environment.
The example focuses on using standard frameworks and SAP BTP services for developing, deploying, and monitoring the solution like the Cloud Application Programming Model (CAP), SAP API Management, Alert Notification, and many more.
The sample application has a focus on the topic of sustainability and is therefore called Sustainable SaaS (SuSaaS) app. It allows customers (Consumer Tenants) of the SaaS application to extend their SAP solutions like S/4HANA with additional features developed by the SaaS vendor (Provider).
Due to the technical and theoretical complexity of the topic, the sample application shall not be seen or used in any kind for productive scenarios. It is supposed to present ideas and approaches for putting your scenario into practice. Our goal is to cover as many topics as we can, but not in the greatest depth that might justify productive usability.
Below you can find a solution architecture diagram of the sample application. As you can see, the app contains a lot of services and tools which you will use in this tutorial (click to enlarge).
To get started, we recommend to Discover some basic skills and learnings first. The following parts of the documentation will introduce you to the basics of this scenario, the concepts of multitenancy, and Software as a Service applications.
- Discover the tutorial target
- Basics of SAP BTP, Kyma and CAP
- Partners in SAP BTP ecosystem
- Get an idea of SaaS applications
- Understand SAP BTP multitenancy
- What's New
Continue your journey and deploy the Basic Version of the SaaS sample application to your SAP BTP Kyma environment, after preparing your Provider Subaccount by assigning the required entitlements. Learn about the different components used in the comprehensive SaaS sample app running in your environment now and subscribe a first Consumer Tenant.
- Introduction of the Basic Version
- Understand the repository structure
- Prepare the Provider Subaccount
- Build your Docker images
- Deploy the SaaS application
- Subscribe a Consumer Subaccount
- Push data to the SaaS API
- Test the SaaS application
- Discover Helm and Kyma Resources
- Explore the application components
- Optional - Unsubscribe Consumer Subaccounts
- Optional - Undeploy the SaaS application
Once you successfully deployed the Basic features of the SaaS sample application to your Kyma Cluster, feel free to enhance it with more features in the Advanced Version. This includes for example a SAP API Management integration to monitor and manage your SaaS API endpoints or SAP Identity Authentication to provide a central user management without relying on SAP ID service. Furthermore, you will learn and see a sample of how to integrate a backend system like SAP S/4HANA from a SaaS Consumer perspective.
- Introduction of the Advanced Version
- Understand the repository details
- Prepare the Provider Subaccount
- Central user management with SAP IAS
- Push data from SAP S/4HANA system
- Integrate with SAP API Management
After adding some or all of the advanced features, the following Expert Features contain a variety of different topics, which will make your application and life as a SaaS developer even more convenient. You will learn about management and backup of your Tenant database containers, multi-region deployments of SaaS applications and how to tackle topics like Custom Domain usage.
Important - The Expert Features are Work-in-Progress. The code and documentation are subject to change.
- Introduction of the Expert Features
- SaaS Feature Toggles
- SaaS Consumer Extensibility
- HDI container administration
- How to do local/hybrid development
- Manage Tenant database containers
- Backup database containers
- Update Tenant database containers
- Setup custom domain usage
- Custom domain for SAP IAS
- Integrate a consumer's IdP
- Deploy to multiple regions
- Send email using Microsoft Graph API
- Multiple SAP HANA Cloud instances
If not yet done, for this sample application we recommend to set up a Pay-As-You-Go (PAYG) or CPEA account and use the mentioned Free (Tier) service plans. A tutorial how to setup a PAYG account (allowing you to use all Free Tier service plans) can be found in the Tutorial Navigator.
The Basic Version of the sample application requires the following set of SAP BTP entitlements in the Provider Subaccount and can be done using Free (Tier) service plans of PAYG and CPEA accounts.
Hint - The Basic Version of the SaaS application can also be deployed to Kyma environments in Trial accounts, although we recommend to use one of the account types mentioned above. Please make sure to choose the us10 region to use SAP HANA Cloud in this case.
Service | Free (Tier) Plans |
---|---|
SAP Alert Notification service for SAP BTP | Free / (Trial: Lite) |
SAP Application Logging Service | Lite |
SAP Authorization and Trust Management Service | Broker Application |
SAP BTP, Kyma Runtime | Free / (Trial: Trial) |
SAP BTP, Cloud Foundry Runtime (Required in Trial only!) |
(Trial: Standard) |
SAP Cloud Management Service for SAP BTP | Central |
Destination Service | Lite |
SAP HTML5 Application Repository Service for SAP BTP | App-host App-runtime |
SAP Software-as-a-Service Provisioning service | Application |
SAP HANA Cloud | hana-free (Trial: HANA) tools (Trial: not available!) |
SAP HANA Schemas & HDI Containers | hdi-shared |
SAP Service Manager | Container Subaccount-Admin |
The Advanced Features require some additional services and software components which are listed below. Please note that the SAP Identity Authentication Service is only available in Pay-As-You-Go (PAYG) and CPEA accounts.
Hint - The SAP Identity Authentication service Integration cannot be conducted to Trial accounts!
Service | Free (Tier) Plans |
---|---|
SAP Integration Suite or SAP API Management |
Free (*) |
Cloud Identity Services | Application |
SAP Identity Authentication | (**) |
SAP S/4HANA 2021 (or newer) | (***) |
* SAP Integration Suite - The free service plan is usable for 90 days only. Your tenant will be decommissioned after 90 days and you need to set up a new tenant if you wish to do further validations.
** SAP Identity Authentication
When signing up for a PAYG or CPEA account, you're entitled for a free test and productive SAP Identity Authentication Service tenant. Any further tenant can be licensed as Additional Tenant and will be charged according to your account type. Please also check the official SAP Help documentation (click here) and the following blog post (click here) for further information.
Using the Default (Application) plan of the Cloud Identity Services offering, you can create a new SAP Identity Authentication Service if required. Please check for potentially existing tenants first, to make sure you are sticking to the free service offering limits.
*** SAP S/4HANA - An SAP S/4HANA system is required if you want to test the automated data push feature from an existing SAP On-Premise solution. While we recommend to use at least the SAP S/4HANA 2021 release, with a bit of coding effort you should be able to also integrate older releases. This guide assumes you have access to an 2021 release. Feel free to check out the SAP Cloud Appliance Library (https://cal.sap.com/) to get yourself a free test license.
Open
- Automated Credential Rotation (Workaround available - 2023/06/09)
- Problem: Users are facing a callback authentication error after successful login via SAP IAS as part of the One-Domain concept.
- Issue: Activating the automated credential rotation of the SAP BTP Service Operator renews the X.509 certificate of the respective SAP IAS service bindings. As the Application Router caches the binding details for performance reasons, the cached X.509 certificate is not valid anymore after rotation. This results in an authentication error between Application Router and SAP IAS.
- Workaround: A restart of the Application Router after credential rotation will solve this issue and the latest X.509 certificate is being cached. This restart can be automated in a Kubernetes/Kyma CronJob, starting a new Deployment rollout according to your credential rotation cycle. You can find an example incl. roles and service accounts in the respective Expert Features (click here). Combined with an external Redis cache for Application Router session management, downtimes can be minimized or completely mitigated! Make sure to have a sufficient overlap of both, the old and new X.509 certificate (rotatedBindingTTL: 24h & rotationFrequency: 48h), so the cached credentials are still valid until the restart has happened!
- Solution: Issue has been addressed and a potential notification mechanism might trigger an automated update of the Application Router cache in the future (subject to change).
- Consumer extension API issue (Workaround available - 2022/12/19)
- Problem: Applying a Consumer extension currently results in the Push API not being usable by the extended Tenant anymore.
- Issue: The current implementation has issues to read and process the CSN file of the extended SaaS CAP service. This service serves as a base for the API CAP service.
- Workaround: Extensibility has been temporarily disabled for the CAP API Service.
- Solution: Issues has been addressed with the CAP product management and potential solutions will be worked on.
Create an issue in this repository if you find a bug or have questions about the content.
For additional support, ask a question in SAP Community.
If you wish to contribute code or offer fixes or improvements, please send a pull request. Due to legal reasons, contributors will be asked to accept a DCO when they create the first pull request for this project. This happens in an automated fashion during the submission process. SAP uses the standard DCO text of the Linux Foundation.
Copyright (c) 2023 SAP SE or an SAP affiliate company. All rights reserved. This project is licensed under the Apache Software License, version 2.0 except as noted otherwise in the LICENSE file.