Skip to Content
2
May 17, 2020 at 09:05 PM

SCP Cloud Foundry - xsuaa multi-space

38511 Views

Hi all,

I would like to know, if there is a best practice on this particular use case.

I have a subaccount with ADFS trust and role collection, divided into 3 space A B C (I have no quota/service limits).

On space A, I created:

  1. HANA service database
  2. microservices node.js for ODATA v4 display for reading and writing to db
  3. A portal service on which to expose the front end apps made on other spaces
  4. Connectivity istance
  5. destination instance
  6. app-router

On Space B - C:

  1. Front-end applications that read and write from db hana on space A
  2. Connectivity istance
  3. destination instance
  4. html5-repo
  5. app-router

In this case it is possible to use on all the spaces (A, B, C) a single xsuaa instance deployed on the space A? Test: (If I create an xsuaa instance (broker) on A, the space B and C do not see it)

Otherwise I have to create three instances xsuaa, one for each space?

Is there a best practice?

Another test with xsuaa instance on space A and B:

It was deployed "App-A" with an xs-security that gives scope to another "App-B" app deployed on B that accepted the scope of the App-A. If I call the App-B application router on space B and checking the jwt there are also the scopes of the App-A. But when you do routing to the backend HANA service (on space A) it is returned unauthorized, even if the jwt token has the correct scope.

thanks.

sorry my english.