Monday, July 24, 2017

Getting Started with SAP Identity Service and HCP Cloud

So I recently started working on Hana Cloud Platform and one of the first challenges which await me is to figure out how to achieve SSO in a set of simple applications my team is writing on Hana Cloud Platform. 
Since we are working on Hana Cloud Platform, choosing ID Service is easy, it has got to be SAP Cloud Identity Service. Here are the steps you need to follow, to get you started on HANA Cloud Platform with SCI Service. 

Objective : At the end of this blog you should be able to 
  • Run a simple greeting service which would greet the logged in user using SAP Cloud SDK on your local machine
  • Deploy the greeting service on cloud and configure the application and SCI tenant to greet the end user. 
Pre requisites : In order to make the scenario work, you need a HCP account and access to a tenant of SCI service. You may want to work with your SAP contact to get a handle to both of them. You can also request for the trials online.  Once you have access to both, please ensure that you have setup your eclipse with SAP Cloud SDKs. You can follow the instructions on this link to setup your development environments. 


Let's get started. 
  1. Fire up your eclipse and create a new Dynamic Web Project. Here are a few things to set while you create it 
    • Name : sayHello
    • Target Runtime : SAP -> Java Web Tomcat 8 . It may ask you to set path to a Neo SDK. I set it to the folder where I have unzipped neo-java-web-sdk-3.30.16 SDK. I chose the default workbench JRE which is a SAP JVM in my case. 
    • Dynamic Web Module Version -> 3.1 
    • I set my sources folder on build path to /src/main and Default output folder to build/target
    • I do check the Generate web.xml deployment descriptor to true in the wizard. 
  2. Now let's create a new Servlet. Here's what I fill in my wizard
    • Java Package : com.sample.helloworld
    • Class name : Greeting
    • URL mapping : /greeting
  3. Add the following code to the doGet and fix the imports
  4. Right click the project -> Run As -> Run on Server. 
  5. You now need to define a local tomcat server. Choose SAP-> Java Web Tomcat 8 Server and finish the wizard. 
  6. Now try opening http://localhost:8080/sayHello/greeting and it should throw up a login screen. We can't login yet since we haven't defined a user in the container yet. Let's do that in the next step. 
  7. Double click the newly defined server in the Servers window of your eclipse. Open Users tab and add a new User. I choose my user name as test. 
  8. Hit the service http://localhost:8080/sayHello/greeting again and login with the newly defined username and password. You should now see an output "Hello, test" in your browser. 
Now that we have a locally authenticated service working in our eclipse, let's publish the application to HCP and outsource our authentication to SCI. Here are the steps to do that 
  1. Right click on Servers window of your eclipse and choose New Server. 
  2. In the dialog box which shows up choose SAP-> SAP Cloud Platform. Enter the correct region code for your HCP account. You can find the available regions and hosts here. Mine happens to be int.sap.hana.ondemand.com. (If host for your region is not available on the page, check the post here , as it may help you figure out your host. SAP uses some conventions so you may crack it yourself. )
  3. Enter the application name as sayhello, You can leave the runtime to be chosen Automatically. 
  4. The subaccount name is available in your Hana Cloud Cockpit. Enter the subaccount and your credentials. 
  5. Add the sayHello application to the configured resources for the server, and press Finish.
  6. It will take some time, but finally the application should be deployed successfully, Copy your application URL from the Server window and hit the greeting service using a browser. The URL for my service was https://sayhelloi031884sapdev.int.sap.hana.ondemand.com/sayHello/greeting and the error I got was "Identity Provider could not process the authentication request received. Delete your browser cache and stored cookies, and restart your browser. If you still experience issues after doing this, please contact your administrator." The error is unintuitive and should have been something different like "There is no IDP configured for this application so I can't allow you to login" 
The application is now deployed successfully on HCP so let's proceed to configure the SCI for this application, 
  1. Open your HCP cockpit and navigate to the subaccount in which you deployed the sayHello application.
  2. On the left hand side navigation choose Security->Trust and click 
  3. Change the Local Service Provider from default to Custom, Click Generate Key Pair to generate a new key pair. Let Principal propogation and force authentication be Disabled. and save. 
  4. Select the next tab i.e. Application Identity Provider and click Add Trusted Identity Provider. 
  5. Before you proceed any further you need to open the SCI tenant in a new browser tab which you have. I have mine hosted on https://i031884.accounts400.ondemand.com/admin/ . Logon to this tenant as administrator and go to Tenant Settings -> SAML 2.0 Configuration and select to download metadata file. 
  6. Go back to HCP console ( i.e. the browser tab you were using in step 4 to add trusted identity provider) . Browse and select the metadata file we downloaded in step 5. Choose Save.  i031884.accounts400.ondemand.com should now be your default identity provider. 
  7. Go to tab Local Service Provider and click Get Metadata again.  Save the file in downloads folder 
  8. Go back to SCI tenant (Browser tab which we opened in step 5) and navigate to Applications and Resources -> Applications. 
  9. Click Add Application and give a name sayhello and click save
  10. select sayhello application and click on SAML 2.0 configuration. Browse to the file you saved in step 7 and click save. You have now configured the application and IDP to trust and know each other. 
  11. Try hitting the application again (https://sayhelloi031884sapdev.int.sap.hana.ondemand.com/sayHello/greeting in my case) and it should prompt you to enter id, password and you are good to go :).

Happy coding!!!!

Host name for Europe (Rot) - Canary region in Hana Cloud Platform

While working with Hana Cloud Platform for SAP, one needs to enter the Host  name to publish an application to the cloud. Now most of the Host name are documented by SAP on over here and more often then not it works for the region where you are working. 
However if you have an account on Europe (Rot) - Canary region like I do, the document doesn't specify the host and you would keep scratching your head on what to enter in eclipse. 
My first intuition was to do the brute force and I tried a few combinations from the page as host for my account and it kept giving me an error which told me that my password is incorrect. 
Now I was sure that my password is not incorrect as I was copying it into the eclipse dialog to be sure. So much for exception handling in eclipse. 
Finally asked for help from an ops colleague, who again had no information on this. However while looking into this situation, we noticed a pattern emerging when we click various regions on the HCP cockpit. If you keep selecting various regions in your cockpit and compare them with the host names in the documentation, you can notice that pattern too. And voila we discovered our host name for Europe (Rot) - Canary region. It is "int.sap.hana.ondemand.com" 

Happy coding!!!!

Wednesday, January 4, 2017

Making a vagrant box for RHEL

One of the assignments at work is getting me into creating a vagrant box for RHEL, as I would want to create and destroy RHEL VMs multiple times in a day. 
This blog summarizes the steps to create a vagrant box for RHEL. The software I have are 

1) Oracle VM Virtual Box
2) An ISO file with RHEL 7 setup rhel-server-7.0-x86_64-dvd.iso

Let's begin by creating a baseline VM 

1) New Machine -> Give a Name, Type is Linux, Version is Red Hat 64 bit
2) Memory is fine at 1024 MB
3) Create a Virtual Hard Disk. I chose VDI as my hard disk type, Dynamically allocated size is better for me, and the size for HDD is set to 100 GB. 
4) Go ahead and mount the iso file to the VM. This can be done by selecting the machine settings -> Storage -> and mount the iso on the optical drive. 
5) Start the machine and select to install the RHEL O/S. Walkthrough the wizard and install the RHEL on the VM.  While installing the OS I also chose to create an additional user 'abhishek' on it.
6) Register with the subscription manager by using subscription-manager register
7) sudo visudo and comment the line "Defaults .requiretty"
8) Create a user called vagrant and set the password as vagrant. Commands to use are useradd vagrant. And passwd vagrant. 

Once done let's package this VM as a vagrant box 
1) vagrant package --base BaseRHEL 
2) vagrant box add test package.box 

and now you have a vagrant box for the machine. Enjoy creating as many VMs as you want :). 

Monday, February 22, 2016

Configuring X11 Forwarding on CentOS to Mac

I have a linux machine on Azure which I am able to SSH into, however many applications needs to throw a UI on my mac and it is important to configure X11 Forwarding on the CentOS machine to make sure I can see that UI. 
I managed to make it work after googling stuff for around 2 hours. Here's a quick guide if you are in a similar situation. 
You need to do things on both your mac and your CentOS machine to make sure that the forwarding works. 

1) On your mac you need to install XQuartz. This is the daemon which would listen for the forwarded requests from your CentOS and render a UI on your mac. 
2) On your CentOS you need to edit /etc/ssh/sshd_config and add the following entries to it

  • AddressFamily inet #this entry ensures that SSH is not messed up over IPV6. My forwarding was not working till I made this entry. 
  • X11Forwarding  yes #this entry will ensure that the forwarding happens from CentOS. 
3) Next install a package called xauth on your CentOS machine. you can use yum to install it. 
  • yum install xauth 

4) restart the ssh daemon 
  • sudo service sshd restart
5) Install an app like xeyes to test if the X11 forwarding is working or not. 
  • yum install xeyes
6) logoff from the CentOS and login again using -X flag this time 
  • ssh -X user@host
7) Run xeyes and you should be able to see the eyes coming up on your mac screen :). 

Happy coding!!!

Abhishek 


Tuesday, January 5, 2016

Pitfalls of Object Oriented Programming

As I try to understand Javascript as a language one of the things which I need to unlearn is Object Oriented Programming. With Ecmascript 6 and tools like TypeScript from Microsoft, so far I have managed to write a lot of object oriented programs in Javascript which essentially is a functional language. 
So first thing which I need to do is unlearn OOPS. Here are a few pitfalls of OOPS : 

1) A Class is a collection of Data and Methods which operate on this data. As a programmer trying to learn OOPS this was very unintuitive, but once you start practicing OOPS, it becomes the obvious choice and all the apprehensions like why exactly should I keep my data definitions and  Functions together goes away. Going back to my learning days, I once again find it unintuitive. 

2) The way a function behaves in a class can be totally dependent on the state of the object which can be hidden from the consumer of the class. e.g. I can easily write a class which like 
public class Calci{
    private var toggle = false;
    public int Add(a,b){
        toggle = ! toggle;
        if(toggle) return a + b;
        return a - b;
    }
}
The behavior of method Add totally depends on a the state of the Calci object which is hidden from the consumer. So understanding what a method does in object oriented program can be tricky sometimes. Although this is an advantage when compared to Procedural language where the behavior of the function can be dictated by a global variable which is declared somewhere in a different file. But then I have visibility in the scope and if I try it hard I can figure it out. 

3) No Class Hierarchy is correct : No matter how much thought one gives into create a right class hierarchy. One does end up in a situation where the hierarchy is not correct. This is one of the major reasons for refactoring the code while developing projects. As the code size grows it becomes rather difficult to refactor as the change impacts all the ecosystem. 

4) You get a lot of rings and bells attached with any class which you choose to reuse. e.g. If I derive from a Car class I get the method Drive for free even though I may not want to drive an auto-drive car. 

As one learns javascript one should ensure that we don't fall back on the knowledge we acquired while learning OOPS and try to apply them in this new paradigm. Next up is to figure out what kind of inheritance is possible in javascript, how we can use it, and how it differs from classical inheritance of OOPS.

Wednesday, May 13, 2015

Why Database is not suitable for a Queue

There are many applications which use database as a queue in order to orchestrate a long running business process. While it is enticing and easy to do so here are a few reasons about why the developer should avoid doing it...

1) Work distribution : As the number of messages flowing through the system increases the work distribution has to be managed by using locks or by using a Z axis scaling i.e. partition the message table and let different processes handle it. It becomes difficult to manage the failure cases e.g. if the process responsible to manage a particular partition goes down how do I bring up another process to pick up that partition. This is a problem which can be easily solved by event driven queues with horizontal scaling. 
2) Database loads : As the messages passing through the system increase the load on the database starts increasing. This means that the database needs a scaling which is much more costly then scaling a queue bases solution. 
3) Deleting and archiving the queue related tables is expensive as they are indexed. 
4) Database has to be polled to see the pending work items while an event driven queue can simply call the worker process when a new message pops into the queue. 

So while it may be enticing and easy to use database to orchestrate queue related workflows one should refrain from taking this technical debt as it would be really hard to pay it back in the future...

Abhishek

Tuesday, November 19, 2013

My struggles with a Mac

For the first time in my life I am away from a PC. I recently got a Mac and I have my struggles going on now... To begin with there were a few usability issues like the trackpad tap not working as a click which were simple preferences tweak. Then came the big one 
1) The Eclipse installation on Mac was not picking the proxy from the Safari settings so I had to set them myself. That can be done by downloading the Pac file from the automatic configuration script URL and then setting the right proxy in the Eclipse Network Connection Preferences section.
2) My Lync for Mac is not working for some reason. This still needs to be figured out. I will update this section once I am able to sort that out. 
3) There is no Propose New Time functionality in the Outlook Calendar. (Sad :()
4) The Outlook Calendar in Mac shows 1 hour slot as big as 2 hours in my Outlook Calendar in Windows which I am used to. This can be changed by going to Organize Menu and playing with the Scale. 

There will be more and I will keep updating this blog post for the small tweaks :). 

nJoi!!!
Abhishek