Merge pull request #27 from SAP-samples/updates-november-2023

Updates november 2023

code/easyfranchise/source/business-partner-mock-server/server.js

@@ -17,7 +17,7 @@ app.get('/sap/opu/odata/sap/API_BUSINESS_PARTNER/A_BusinessPartner', function (r
     });
  })
 
-var server = app.listen(8081, '127.0.0.1', function () {
+var server = app.listen(8081, '0.0.0.0', function () {
    var host = server.address().address;
    if (host === '::') {
         host = 'localhost';

code/easyfranchise/source/ui/public/index.html

@@ -4,7 +4,7 @@
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width,initial-scale=1.0">
-    <link rel="icon" href="<%= BASE_URL %>favicon.ico">
+    <link rel="icon" href="<%= BASE_URL %>ui/favicon.ico">
     <link href="https://unpkg.com/fiori-fundamentals@latest/dist/fiori-fundamentals.min.css" rel="stylesheet">
     <title><%= htmlWebpackPlugin.options.title %></title>
     <link href="header.css" rel="stylesheet">

documentation/configure-ias/get-ias/README.md

@@ -10,39 +10,39 @@ As an SAP partner or customer using SAP BTP, you always have an Identity Authori
 
 1. Choose **Entitlements** >  **Configure Entitlements**.
 
-    ![](images/configure-entitlements.png) 
+    ![](images/2023-configure-entitlements.png) 
 
 1. Then choose **Add Service Plans**.
 
-    ![](images/add-service-plans.png) 
+    ![](images/2023-add-service-plans.png) 
 
-1. Find and select **Cloud Identity Services** in the pop-up dialog. Select the **default plan** checkbox and add it as service plan.
+1. Find and select **Cloud Identity Services** in the pop-up dialog. Select the **standard plan** checkbox and add it as service plan.
 
-    ![](images/add-default-plan.png)
+    ![](images/2023-add-default-plan.png)
 
 1. Save the changes on the **Entitlements** page.
 
-    ![](images/save-entitlement.png) 
+    ![](images/2023-save-entitlement.png) 
 
 1. Choose **Services** > **Service Marketplace** and select the **Cloud Identity Services** tile.
 
-    ![](images/select-ias.png) 
+    ![](images/2023-select-ias.png) 
 
 1. Under **Application Plans** you should see the **default** plan.
 
-    ![](images/default-plan.png) 
+    ![](images/2023-default-plan.png) 
 
 1. Choose the **Actions (...)** button for the default plan and then choose **Create**.
 
-    ![](images/create-instance.png) 
+    ![](images/2023-create-instance.png) 
 
 1. Verify that **default** is selected as plan and choose **Create** to start creating the instance.
 
-    ![](images/create-instance-02.png) 
+    ![](images/2023-create-instance-02.png) 
 
 1. In the upcoming dialog select **View Subscription**.
 
-    ![](images/create-instance-03.png)
+    ![](images/2023-create-instance-03.png)
 
 1. Verify under **Instances and Subscriptions** that the status of **Cloud Identity Services** has been updated to **Subscribed**.
 

documentation/configure-ias/set-trust-between-ias-and-btp/README.md

@@ -2,66 +2,69 @@
 For more details, please refer to [Manually Establish Trust and Federation Between UAA and Identity Authentication](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/7c6aa87459764b179aeccadccd4f91f3.html#loio7c6aa87459764b179aeccadccd4f91f3) in the SAP official documentation.
 
 ## Import Identity Authentication Service Metadata in SAP BTP Subaccount
-1. Open your Identity Authentication tenant and navigate to **Applications & Ressources** > **Tenant Settings**. Then select **SAML 2.0 Configuration**.
-![](images/tenant-settings.png) 
+1. Open your Identity Authentication tenant and navigate to **Applications & Ressources** > **Tenant Settings**. 
+![](images/2023-tenant-settings.png) 
+
+1. Then select **SAML 2.0 Configuration**.
+![](images/2023-go-to-saml2.png) 
 
 1. Press **Download Metadata File**.
-![](images/download-metadata.png) 
+![](images/2023-download-metadata.png) 
 
-1. Open the customer SAP BTP Subaccount (e.g. city-scooter) and navigate to **Security** > **Trust Configuration** and click the button **New Trust Configuration**.
-![](images/new-trust-config.png)
+1. Open the customer SAP BTP Subaccount (e.g. city-scooter) and navigate to **Security** > **Trust Configuration** and click the button **New SAML Trust Configuration**.
+![](images/2023-new-trust-config.png)
 
 1. Then upload the metadata file previously downloaded.
-![](images/upload-metadata.png)  
+![](images/2023-upload-metadata.png)  
 
 1. Fill out fields **Name**, **Description** and **Link Text for User Logon**. Then **Parse** the details and **Save** the details.
-![](images/add-metadata-details.png)
+![](images/2023-add-metadata-details.png)
 
 1. By saving the new trust configuration, a new category named **Custom** should be added. Verify that the new configuration for the Identity Authentication service tenant is now visible in this category and that it's active.
-![](images/check-new-active-trust-config.png)
+![](images/2023-check-new-active-trust-config.png)
 
 ## Import SAP BTP Subaccount Metadata in Identity Authentication Service
 1. In your SAP BTP subaccount, download the SAML metadata data of your subaccount by clicking **SAML Metadata** under **Security** > **Trust Configuration**. 
-![](images/download-btp-metadata.png) 
+![](images/2023-download-btp-metadata.png) 
+
+1. Open your Identity Authentication tenant and navigate to **Applications & Ressources** > **Applications**.
+![](images/2023-create-ias-app-01.png) 
 
-1. Open your Identity Authentication tenant and navigate to **Applications & Ressources** > **Applications** and press the button **Create**. 
-![](images/create-ias-app.png) 
+1. Press the button **Create**. 
+![](images/2023-create-ias-app-02.png) 
 
 1. Then fill the fields **Application Display Name** and **Application Type**. Click save.
-![](images/add-ias-app-details.png)
+![](images/2023-add-ias-app-details.png)
 
 1. In the newly created application, click **SAML 2.0 Configuration**.
-![](images/ias-app-saml.png)
+![](images/2023-ias-app-saml.png)
 
 1. Then upload metadata file downloaded in SAP BTP subaccount previously.
-![](images/import-btp-metadata.png)
+![](images/2023-import-btp-metadata.png)
 
 1. Navigate to **Default Name ID Format**.
-![](images/configure-default-name-id-format.png)
+![](images/2023-configure-default-name-id-format.png)
 
 1.  Select **E-Mail** as unique attribute and click **Save**. 
-![](images/select-email-format.png)
+![](images/2023-select-email-format.png)
 
-1. Navigate to **Assertion Attributes**.
-![](images/select-assertion-attributes.png)
+1. Navigate to **Attributes**.
+![](images/2023-select-assertion-attributes.png)
 
 1. Add the new attribute **Groups** from the dropdown-list. Note that the attribute **Groups** is case sensitive but automatically filled as **groups** (first letter is in lower case). Please change it to **Groups** then click **Save** button.
-![](images/add-attribute-group.png)
+![](images/2023-add-attribute-group.png)
 
 1. Navigate to **Subject Name Identifier**.
-![](images/select-subject-name-identifier.png)
+![](images/2023-select-subject-name-identifier.png)
 
 1. Select **Login Name** in the dropdown box and click **Save**. This means that the the Identity Authentication sends the **Login Name** as `name ID` in the SAML 2.0 assertions, by which the applicaiton can identity the user. Depending on your Identity Authentication Service configuration, you might need a different mapping. For more details please refer to [Configure the Subject Name Identifier Sent to the Application](https://help.sap.com/docs/IDENTITY_AUTHENTICATION/6d6d63354d1242d185ab4830fc04feb1/1d020e3a3ba34c43a71fde70bfa6419a.html)
-![](images/select-login-name.png)
+![](images/2023-select-login-name.png)
 
 
 > **NOTE:** You can select from the below attributes list the subject name identifier in Identity Authentication tenant. For [Principal Propagation](../../propagate-identity/README.md) to work, the choice of the attribute depends on the user settings of the S/4 HANA Cloud system. 
-> ![](images/list-subject-name-identifier.png)
 >
 > To check the value of each attribute in your Identity Authentication tenant, please navigate to **User & Authorization** > **User Management** > and select single user to view the details.
 >
-> ![](images/show-subject-name-identifier-value.png)
-
 > In our example the **Login Name** of the S/4 HANA system is used as unique identifier. Therefore, the choice of attribute in Identity Authentication tenant has to match the one in S/4 HANA system. The configuration in your landscape may differ.
 >
 > ![](images/s4hana-maintain-business-user.png)

documentation/discover/easy-franchise/README.md

@@ -14,7 +14,7 @@ Here is a high-level overview of the multitenant approach:
 
 The SAP partner develops a Kyma-based multitenant application on SAP BTP.
 
-All multitenant microservices of the application will run in the SAP BTP, Kyma runtime. In addition to that, the SAP partner uses an SAP HANA database to persist the data of the application. As SAP HANA is not yet available in Kyma today, the database will be running in the SAP BTP, Cloud Foundry environment.
+All multitenant microservices of the application will run in the SAP BTP, Kyma runtime. In addition to that, the SAP partner uses an SAP HANA database to persist the data of the application. 
 
 To manage customer-specific configuration, the partner creates a dedicated subaccount for each customer. Later on, the system admin of the customer gets access to the subaccount and can maintain the access details to the SAP S/4HANA Cloud tenant and manages the users of the application.
 

documentation/federate-idp/establish-trust-between-aad-and-ias/README.md

@@ -6,12 +6,16 @@ In this chapter we show case the steps to configure the enterprise application i
 
 ## Download SAML 2.0 Metadata from Identity Authentication Service 
 
-1. Open the **Identity Authentication Service** and expand **Applications & Resources** to select the **Tenant Settings**. On the right side select **SAML 2.0 Configuration**.
+1. Open the **Identity Authentication Service** and choose **Tenant Settings** under **Applications & Resources**.
 
-   ![](images/ias-open-samlconfig.png)
+   ![](images/2023-ias-open-samlconfig-01.png)
+
+1. Then choose **SAML 2.0 Configuration** under **Single Sign-On**.
+
+   ![](images/2023-ias-open-samlconfig-02.png)
 1. Download the metadata file.
 
-   ![](images/ias-download-metadata.png)
+   ![](images/2023-ias-download-metadata.png)
 
 ## Upload SAML 2.0 Metadata to Microsoft AAD Enterprise Application
 
@@ -32,39 +36,33 @@ In this chapter we show case the steps to configure the enterprise application i
 
 ## Enable your Corporate Identity Provider in the Identity Authentication Service
 
-1. Open the Identity Authentication service, expand the **Identity Providers** menu and click **Corporate Identity Providers** . Then click **create**.
+1. Open the Identity Authentication service, expand the **Identity Providers** menu and click **Corporate Identity Providers** .
 
-   ![](images/IAS-create-CIP.png)
-2. In the dialog provide a meaningful name e.g. **City Scooter Microsoft Azure Active Directory** and click **Save**. 
+   ![](images/2023-IAS-create-CIP.png)
+1. Click **create** provide a meaningful name e.g. **City Scooter Microsoft Azure Active Directory** in the dialog. Then click **Save**. 
 
-   ![](images/IAS-save-CIP.png)
+   ![](images/2023-IAS-save-CIP.png)
 
 ## Upload federation Metadata file in the Corporate Identity Provider Configuration of the Identity Authentication Service
 1. Select the new created corporate identity provider and click on **SAML 2.0 Configuration**.
 
-   ![](images/IAS-MAAD-select-saml20.png)
-1. Upload the federation metadata file.
+   ![](images/2023-IAS-MAAD-select-saml20.png)
+1. Upload the federation metadata file  and click **Save**. 
 
-   ![](images/IAS-upload-MAAD-metadata.png)
-1. Check the imported data and click **Save**. 
-
-   ![](images/IAS-save-MAAD-metadata.png)
+   ![](images/2023-IAS-save-MAAD-metadata.png)
 
 ## Update the Provider Type to Microsoft ADFS / Azure AD (SAML 2.0) in the Cooperate Identity Provider Configuration of Identity Authentication Service
-1. Select the **Identity Provider Type**.
-
-   ![](images/IAS-MAAD-select-provider-type.png)  
-2. Select the identity provider type **Microsoft ADFS / Azure AD (SAML 2.0)** and click **Save**.
+1. Select the **Identity Provider Type** and choose the identity provider type **Microsoft ADFS / Azure AD (SAML 2.0)** and click **Save**.
 
-   ![](images/IAS-MAAD-save-provider-type.png)
+   ![](images/2023-IAS-MAAD-save-provider-type.png)
 
 ## Configure Default Identity Provider in the Application of Identity Authentication Service
 
 1. In the Identity Authentication service select your application. Open **Conditional Authentication**.
 
-   ![](images/IAS-open-conditional-authentication.png)   
+   ![](images/2023-IAS-open-conditional-authentication.png)   
 1. Select the correct **Microsoft Azure Active Directory** as default identity provider for your application and click **Save**.
-  ![](images/IAS-update-conditional-authentication.png)   
+  ![](images/2023-IAS-update-conditional-authentication.png)   
 
 ## Update Attributes & Claims Settings in the Enterprise Application of Microsoft Azure
 

documentation/federate-idp/manage-end-users/README.md

@@ -34,21 +34,21 @@ In Microsoft Azure Active Directory we will first create a new group and assign
 
 ## Disable User Store in Identity Authentication Tenant
 
-1. Open the Identity Authentication service and navigate to **Identity Provider** > **Corporate Identity Providers**. Then select the corporate identity.
+1. Open the Identity Authentication service and navigate to **Identity Provider** > **Corporate Identity Providers**. Then select the corporate identity and choose **Identity Federation** under **Single Sign-On**.
 
-   ![](images/MA-navigate-to-corporateidentity.png)
+   ![](images/2023-MA-navigate-to-corporateidentity.png)
 
 1. Make sure the **Use Identity Authentication user store** is **off**.
 
-   ![](images/MA-user-identity-authentication-user-store.png)
+   ![](images/2023-MA-user-identity-authentication-user-store.png)
 
 ## Define the Easy Franchise User Group in SAP BTP
 
 1. Open the SAP BTP Cockpit and log on to the customer SAP BTP subaccount (eg. City Scooter).
 1. Open **Security > Role Collections** on the left side menu and choose the **Easyfranchise Backend** role collection and click on the **Edit** button. 
 1. In the **User Groups** section on the left side, add a new line with your Identity Provider and the group **object id** from the Microsoft Azure group. The already existing **easyfranchise-users** group, which was needed when you did not use Microsoft Azure, can be deleted or remain. 
 
-   ![](images/BTP-define-role-collection.png)
+   ![](images/2023-BTP-define-role-collection.png)
 
 ## Run the Easy Franchise Application
 
@@ -66,8 +66,6 @@ Now that everything is configured, we can launch the application.  Make sure tha
    ![](../../propagate-identity/manage-end-users/images/franchises-overview.jpg)
 1. Once successfully logged in, please take a look at the user in your subaccount in SAP BTP. A shadow user should have been created latest after the first login.
 
-   ![](images/shaddow-user.png)
-
 ## Disable the Default Identity Provider
 
 By starting the application, you always have to to select first the right identity provider now. As we we don't need the default identiy provider anymore, we will swich it off.  
@@ -76,8 +74,8 @@ By starting the application, you always have to to select first the right identi
 
 1. Press **Edit** in the **default identity provider** row.
 
-   ![](images/BTP-edit-idp.png)
+   ![](images/2023-BTP-edit-idp.png)
 2. Disable this identity provider by removing the check on **Available for User Logon** and **Save**.
 
-   ![](images/disable-userlogin.png)
+   ![](images/2023-disable-userlogin.png)
 3. Clear your browser cache and run the application again. The step to select the right identity provider should no longer be requested.

documentation/propagate-identity/configure-destination/README.md

@@ -28,7 +28,7 @@ Once OAuth communication settings are configured in S/4HANA Cloud system, we nee
     | nameIdFormat | On the right click **New Property**, and set the value to **urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified**|
     | Use default JDK truststore | selected it|
 
-    ![](images/destination-settings.png)
+    ![](images/2023-destination-settings.png)
 
 > **NOTE:**  Token Service URL. Open your communication arrangement, click **OAuth2.0 Details** and check your **Token Service URL**.
 ![](images/get-token-service-url.jpg)

documentation/propagate-identity/configure-oauth-communication/README.md

@@ -2,15 +2,11 @@
 
 1. Open the customer subaccount in SAP BTP cockpit and log on with Administrator permission. To verify that you have the **Subaccount Administrator** role, choose **Security** > **Users** and check the role for your user.
 
-   ![](images/admin-role.png) 
+   ![](images/2023-admin-role.png) 
 
-1. Choose **Connectivity** > **Destinations**.
+1. Under **Connectivity** > **Destinations**, choose **Download Trust** and save the identifying X.509 certificate that identifies this subaccount in your local file system.
 
-   ![](images/cockpit-destinations.png) 
-
-1. Choose **Download Trust** and save the identifying X.509 certificate that identifies this subaccount in your local file system. 
-
-   ![](images/download-trust.png)
+   ![](images/2023-download-trust.png)
 
    The downloaded X.509 certificate will be added in the next step to the target system to which you want to propagate the user.