SAP System Prerequisites
SMICM – Activate the HTTPS service
This step must be performed on the TM server.
Make sure that the HTTPS service is active (Transaction SMICM -> Services).
SAP Documentation: Configuring the HTTPS Service
To enable successfull SSL handshake with the Jira Cloud instance set the following profile parameters:
ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH
icm/HTTPS/client_sni_enabled = TRUE
ssl/client_sni_enabled = TRUE
Please check if HTTPonly coocie is deactivated for ICF logon cookie:
icf/set_httponly_flag_on_cookies = 1 or 3.
STRUST – Install Jira SSL Certificate
This step must be performed on the TM server.
In order to use the HTTPS protocol for the Web Service calls, install the security certificate from Jira Software into the SAP system, transaction code STRUST, usually under the node ‘SSL client SLL Client Standard’.
Jira Software Cloud
You need to install the correct certificates for:
Your Jira instance: <instance>.atlassian.net
Jira Automation: automation.atlassian.com
Jira Software Datacenter/Server
Please ask your internal server certificate authority.
SAP Documentation: Configuring Client Certificates
SM59 - Create RFC connection
This step must be performed on the TM server.
Communication with Jira always takes place via the RFC connection, where the information about the authentication and the service URI for the REST service is stored. Logon data, etc. is stored by transaction SM59 already in a secure manner and the REST client implementation can rely on this.
Create RFC destination with type ‘HTTP Connection to External Server’ in the SAP system for the communication between SmartChange and Jira Software:
RFC destination to Jira Software Cloud or Server/Datacenter
needed to perform defined standard actions in Jira, such as fetching issues, as well as synchronising issues with TMRFC destination to Jira automation (optional)
needed if Jira Automation is configured in TM Integration Framework to use the Automation in Jira
In the Logon & Security tab under Security Options activate SSL and select the certificate list you added the Jira certificates to.
In the Special Options tab under HTTP Settings the HTTP Version “HTTP 1.1” needs to be activated.
Run the RFC connection test in order to make sure everything is prepared to start configuring the integration framework.
Authorization
This step must be performed on the TM server.
S_TCODE authorizations are needed for running the TM Integration Framework Transactions.
Relevant Transaction codes for the TM Integration:
· /RTC/TM_IF_CONFIG –TM IF Configuration cockpit
the user needs authorization for transaction codes:/RTC/TM_IF_CONFIG - TM Integration Framework: Config.
/RTC/TM_IF_ITSM - TM Integration Framework: ITSM Conf.
/RTC/TM_IF_MONITOR – TM IF Monitor and Recall
/RTC/TM_IF_LOG – TM IF Log
Creation of SAP attributes for Transport Requests (optional)
This step can be performed on the Development Systems (optional)
Two SAP attributes are delivered with the SmartChange Repository:
ZRTC_TM_ITSM_ID
ZRTC_TM_TICKET_ID
More attributes can be created manually created if needed:
Transaction code: SE03>Administration>Display/Change Request Attributes.
SAP Transport Requests attributes must exist in the Development system(s). They will be used to store the issue information assigned to the Transport Request during the creation/release process.
At least two SAP attributes are mandatory for the integration (must be the same in all DEV systems):
One for storing the ITSM id
One for storing the Ticket id
At the insertion of the Transport Request into the TM workflow, the assigned SAP attributes will be mapped to the corresponding TM attribute, which will be used in the TM workflow.
The names of the created SAP attributes will be mapped during the TM Integration Framework configuration in the next step.
Restriction: SAP attributes must have the same name as the TM attributes for the mapping.
Limitation: Technical restriction for the length of the value of an SAP attribute is 32 characters. This means that information stored from Service Now into SAP will be truncated to 32 characters, if longer.
SAP User Mapping
The mapping between SAP Users and Jira Users is currently done based on the premise that both have the same email address.
If the workflow requires a filter of type: ‘display all Jira issues assigned to the current SAP user (developer/consultant), during the creation of the Transport Request on SAP side’, the SAP user must have the email address configured in the master data.
Bi-directional connectivity
SICF - Activate web service
Service WEBGUI
Activate SAP standard service /default_host/sap/bc/gui/sap/its/webgui
In the Handler List, add /RTC/CL_HTTP_HANDLE to the last position
Service LOGOFF
Activate SAP standard service /default_host/sap/public/bc/icf/logoff
You can find a detailed description of SAP Gateway configuration here. > Step 2 - 3
Registration and activation of the OData service
The OData service /RTC/TM_GW_SRV must be registrated and activated.
You can find a detailed description of registration and activation here. > Step 4 - 5
Maintenance of the HTTP-Whitelist
The connection entries has to be added to the whiteliste in the SmartChange controller.
Managing HTTP Whitelist
If you use an HTTP whitelist, only HTTP calls from URLs in this list are accepted by the system. You can call this function from the UCON Cockpit (transactionUCONCOCKPIT
).Before SAP NW Release 7.51 SP00, it was only possible to edit the HTTP whitelist using the database table
HTTP_WHITELIST
.Create your HTTP entry
Example using the HTTP whitlist database tableJira Software Cloud
Jira Software Data Center
Firewall
Following services will be called from SAP Transport Integration App
<default_host>/sap/bc/gui/sap/its/webgui
<default_host>/sap/public/bc/icf/logoff
<default_host>/sap/opu/odata/RTC/TM_GW_SRV
<default_host>/sap/opu/odata/RTC/TM_GW_NOTIFY_SRV
If you require the IP address for SAP Transport Integration outgoing calls, kindly raise a support ticket.