IDM 3.0 Install / Deploy
SAP environment prerequisites
These service instances are essential when deploying IDM applications to SAP BTP to ensure proper functionality, security, and connectivity.
| Service Name | Mandatory / Optional | Required For | Purpose / Plan Details |
|---|---|---|---|
| SAP HANA Cloud | Mandatory | Backend | Primary database service |
| SAP XSUAA | Mandatory | Both Backend & Frontend | Provides authentication, authorization, role management, OAuth tokens, and trust configuration for secure access management |
| SAP Destination Service | Mandatory | Both Backend & Frontend | Used for managing external system destinations, endpoint configurations, and secure connectivity between applications and services |
| SAP Connectivity Service | Optional | Backend | Enables secure connectivity to on-premises systems via Cloud Connector and proxy tunneling |
| SAP Document Management Service | Optional | Both Backend & Frontend | Used for storing, managing, uploading, and retrieving documents or files within the application |
| SAP Application Logging Service | Optional | Backend | Provides centralized application logging, monitoring, troubleshooting, and operational observability |
| SAP Application Autoscaler | Optional | Backend | Automatically scales application instances based on CPU, memory, throughput, or custom metrics |
Consuming IDM backend application
Deploy application
The IDM backend application is a Java-based service deployed on SAP BTP. It supports rule modeling, authoring, rule simulation, rule execution, and integration with CAF components such as the global field catalog, text translation, and the user profile module.
The deployment can be performed using multiple approaches based on application complexity and architecture.
Manifest-based deployment
Manifest-based deployment is a simple and lightweight approach to deploy Java applications.
- Uses a
manifest.ymlfile - Suitable for standalone applications
- Defines:
- Memory allocation
- Instances
- Routes
- Environment variables
- Service bindings
manifest.yml
applications:
- name: cw-caf-idm-services
memory: 1GB
docker:
image: "wblnd.azurecr.io/workrules-java-dev:idm_10810"
username: wblnd
env:
DOCKER_IMAGE: "wblnd.azurecr.io/workrules-java-dev:idm_10810"
SPRING_APPLICATION_JSON: >-
{"spring.application.name":"cw-workrules-services-dev","spring.profiles.active":"idm-database,idm-security,idm-swagger,idm-scheduler,wr-platform-bean,auth-source-sap,local-aws,local-api-gateway,common_schedular","islocal":"false","app.platform":"SAP","decision-table-prefix":"DEV_DT_","textrule-prefix":"DEV_TR_","database-read-from":"vcap","defaultRole":"Z:CW_WR_AUTHORER"}
random-route: false
services:
- cw-caf-xsuaa
- cw-idm-db-container
- cw-caf-destination
- cw-caf-connectivity
- cw-caf-dms
MTA (Multi-Target Application)-based deployment
MTA-based deployment is used for structured and scalable applications with multiple modules and dependencies. MTA applications can be easily transported and deployed across different SAP environments using the CTMS system.
- Defined using
mta.yaml - Packaged as
.mtar - Deployed as a single unit
MTA with Docker
The Java application is packaged and deployed as a Docker container within the MTA.
mta.yaml
ID: idm-backend
version: 0.0.1-SNAPSHOT
description: cw-caf-idm-services
modules:
- name: idm-backend
type: application
path: .
requires:
- name: IDM-XSUAA
- name: IDM-DESTINATION
- name: IDM-CONNECTIVITY
parameters:
memory: 2G
random-route: false
docker:
image: "wblnd.azurecr.io/workrules-java-dev:idm_10832"
username: wblnd
password: <registry-password>
properties:
SPRING_APPLICATION_JSON: >-
{"spring.application.name":"cw-caf-idm-services","spring.profiles.active":"idm-database,idm-security,idm-swagger,idm-scheduler,wr-platform-bean,auth-source-sap,local-aws,api-gateway","islocal":"false","app.platform":"SAP","decision-table-prefix":"DEV_DT_","textrule-prefix":"DEV_TR_","defaultRole":"Z:CW_WR_AUTHORER","database-read-from":"vcap"}
build-parameters:
no-source: true
resources:
- name: IDM-XSUAA
type: org.cloudfoundry.existing-service
parameters:
service: xsuaa
service-plan: application
- name: IDM-DESTINATION
type: org.cloudfoundry.existing-service
parameters:
service: destination
service-plan: lite
- name: IDM-CONNECTIVITY
type: org.cloudfoundry.existing-service
MTA with JAR
In this approach, the Java application is deployed directly as a JAR.
mta.yaml
ID: idm-services
_schema-version: "3.3"
version: 0.0.3-IDM-SNAPSHOT
modules:
- name: idm-services
type: java
path: idm
build-parameters:
builder: custom
commands:
- mvn clean package -DskipTests=true
build-result: target/workrules-modelling-0.0.3-IDM-SNAPSHOT.jar
parameters:
memory: 2G
disk-quota: 1G
instances: 1
buildpack: sap_java_buildpack_jakarta
properties:
JBP_CONFIG_COMPONENTS: 'jres: ["com.sap.xs.java.buildpack.jdk.SAPMachineJDK"]'
JBP_CONFIG_SAP_MACHINE_JDK: "{ version: 21.+ }"
SPRING_APPLICATION_JSON: >
{"spring.application.name":"cw-caf-idm-services",
"spring.profiles.active":"wr-database,wr-security,wr-swagger,wr-scheduler,wr-platform-bean,auth-source-sap,local-aws,api-gateway",
"islocal":"false",
"app.platform":"SAP",
"decision-table-prefix":"DEV_DT_",
"textrule-prefix":"DEV_TR_",
"database-read-from":"vcap",
"defaultRole":"Z:CW_WR_AUTHORER"}
requires:
- name: idm-db
- name: idm-destination
- name: idm-xsuaa
resources:
- name: idm-db
type: org.cloudfoundry.existing-service
- name: idm-destination
type: org.cloudfoundry.existing-service
- name: idm-xsuaa
type: org.cloudfoundry.existing-service
Artifact / dependency
IDM can be packaged as a reusable artifact.
- Published to an Azure repository
- Consumed as a dependency in a parent application
- Added in
pom.xml
Benefits:
- Promotes modular architecture
- Enables reuse across applications
- Simplifies integration
pom.xml dependency
<dependency>
<groupId>com.cherrywork.idm</groupId>
<artifactId>main</artifactId>
<version>1.0.6-SNAPSHOT</version>
</dependency>
Consuming IDM UI application
UI application deployment (MTA-based)
The IDM UI application is an HTML5-based frontend deployed on SAP BTP Cloud Foundry using the HTML5 Application Repository.
This approach is used for modular UI applications that require:
- Centralized hosting via HTML5 repo
- Secure access via XSUAA
- Backend integration via the destination service
- Routing via AppRouter
The deployment is defined using an mta.yaml file and deployed as an .mtar archive.
MTA-based deployment (HTML5 repo)
The UI application is deployed using three main modules:
- AppRouter: Handles authentication and routing
- HTML5 Application: UI source code
- Deployer Module: Pushes UI to HTML5 repo
mta.yaml
ID: idm-v3
_schema-version: "2.1"
version: 0.0.1
parameters:
deploy_mode: html5-repo
modules:
- name: cw-caf-idm-ui-v3
type: approuter.nodejs
path: workrules-approuter
properties:
SEND_XFRAMEOPTIONS: false
parameters:
disk-quota: 512M
memory: 512M
requires:
- name: cw-caf-sbx-idm-v3-html5-repo-runtime
- name: cw-caf-sbx-xsuaa
- name: cw-caf-sbx-destination
- name: cw-caf-idm-ui-deployer-v3
type: com.sap.html5.application-content
path: workrules_ui_deployer
requires:
- name: cw-caf-sbx-idm-v3-html5-repo-host
build-parameters:
requires:
- name: workrules-webapp
artifacts:
- ./*
target-path: resources/workrules-webapp
- name: workrules-webapp
type: html5
path: workrules-webapp
build-parameters:
builder: custom
commands:
- npm install -f
supported-platforms: []
build-result: dist
resources:
- name: cw-caf-sbx-idm-v3-html5-repo-runtime
type: org.cloudfoundry.managed-service
parameters:
service: html5-apps-repo
service-plan: app-runtime
- name: cw-caf-sbx-idm-v3-html5-repo-host
type: org.cloudfoundry.managed-service
parameters:
service: html5-apps-repo
service-plan: app-host
config:
sizeLimit: 100
- name: cw-caf-sbx-xsuaa
type: org.cloudfoundry.managed-service
parameters:
service: xsuaa
service-plan: application
path: ./xs-security.json
- name: cw-caf-sbx-destination
type: org.cloudfoundry.managed-service
parameters:
service: destination
service-plan: lite
Security configuration (xs-security.json)
Defines authentication, authorization scopes, and role templates for the UI application.
{
"xsappname": "cw-caf-sbx-xsuaa",
"tenant-mode": "dedicated",
"description": "Security profile of UI application",
"scopes": [
{
"name": "uaa.user",
"description": "UAA"
},
{
"name": "$XSAPPNAME.Read",
"description": "read"
},
{
"name": "$XSAPPNAME.Write",
"description": "write"
}
],
"role-templates": [
{
"name": "UI_USER",
"description": "Access to UI",
"scope-references": [
"$XSAPPNAME.Read"
]
},
{
"name": "UI_ADMIN",
"description": "Admin access",
"scope-references": [
"$XSAPPNAME.Read",
"$XSAPPNAME.Write"
]
}
]
}
AppRouter configuration (xs-app.json)
Defines routing rules between UI and backend services.
{
"welcomeFile": "/index.html",
"authenticationMethod": "route",
"logout": {
"logoutEndpoint": "/do/logout",
"logoutPage": "index.html"
},
"routes": [
{
"source": "^/IDMServices/",
"target": "/idm/",
"destination": "cw-caf-sbx-idm-services",
"authenticationType": "xsuaa",
"csrfProtection": false
},
{
"source": "^/idm/",
"target": "/idm/",
"destination": "cw-caf-sbx-idm-services",
"authenticationType": "xsuaa",
"csrfProtection": false
},
{
"source": "^(.*)",
"target": "WorkRulesApplication/$1",
"service": "html5-apps-repo-rt",
"authenticationType": "xsuaa"
}
]
}
Deployment flow
The UI application is built and deployed to SAP BTP Cloud Foundry using the MTA build and deploy process.
Install dependencies for the UI application:
npm install
Build the MTA archive:
mbt build
Log in to the Cloud Foundry environment:
cf8 login
Deploy the generated MTA archive:
cf8 deploy mta_archives/<your-mta-file>.mtar
Integrating IDM UI artifact
The IDM UI is provided as a reusable React module that can be integrated into any UI application.
- IDM UI is consumed as an npm package
@cw/idm - Requires peer dependencies to be installed separately
- Components can be directly imported and used in React applications
Install IDM artifact
Install the IDM package in your UI project:
npm install @cw/idm
Peer dependencies
Ensure the following peer dependencies are available in your project:
npm install @cw/global-field-catalog @cw/rds react react-dom
These dependencies are required for the IDM components to function correctly and must be compatible with your application.
Usage
Import required modules from the IDM package and use them within your application.
Example:
import { ManageDecision } from "@cw/idm";
<ManageDecision
token={token}
destinations={destinations}
userDetails={userDetails}
applicationDetails={applicationDetails}
/>;
You can similarly import other modules as needed:
import { ACpackage, Modeling, DecisionTable, Textrule } from "@cw/idm";