Hi all,
I would like to know, if there is a best practice on this particular use case.
I have a subaccount with ADFS trust and role collection, divided into 3 space A B C (I have no quota/service limits).
On space A, I created:
On Space B - C:
In this case it is possible to use on all the spaces (A, B, C) a single xsuaa instance deployed on the space A? Test: (If I create an xsuaa instance (broker) on A, the space B and C do not see it)
Otherwise I have to create three instances xsuaa, one for each space?
Is there a best practice?
Another test with xsuaa instance on space A and B:
It was deployed "App-A" with an xs-security that gives scope to another "App-B" app deployed on B that accepted the scope of the App-A. If I call the App-B application router on space B and checking the jwt there are also the scopes of the App-A. But when you do routing to the backend HANA service (on space A) it is returned unauthorized, even if the jwt token has the correct scope.
thanks.
sorry my english.