Skip to Content
Jul 23, 2020 at 02:00 PM

Preventing Authorization pop-up in app/ui layer (CAP development)


Hi Team,

While implementing Authorization in a 3-tiered CAP application (app, srv, db), I am facing certain issues in seamlessly integrating the UI layer with Service layer. The steps are as follows:

  1. Created a security profile (xs-security.json) :
  "xsappname": "MYAPP",
  "tenant-mode": "dedicated",
  "scopes": [
      "name": "$XSAPPNAME.admin",
      "description": "admin"
  "attributes": [],
  "role-templates": [
      "name": "admin",
      "description": "generated",
      "scope-references": [
      "attribute-references": []

2. Created a UAA instance and provided the above security profile as parameters

3. Bound the UAA to both the service and app layer in MTA

4. Created the Roles and Role Collection in the sub-account and assigned it to my user

5. In the xs-app.json file of the app/ui layer, provided the following route and made the authenticationMethod as Route:

 "source": "^/(.*)$",
 "target": "$1",
 "destination": "srv_api",
 "scope": {
 "GET":[ "$XSAPPNAME.admin" ]
 "authenticationType": "xsuaa",
 "csrfProtection": false

6. In my service layer, provided a cds service which requires the admin authorization specified in the previous steps:
service AdminService @(requires:'admin'){ .... }

7. When I access my application, though it successfully authenticates you when you first log in, the service call prompts the below pop-up:

Moreover, in the service layer, it shows the user as "anonymous" despite the fact that I logged in with my SAP ID.

My questions are:

1. How to prevent the above pop-up and allow the logged in roles and scopes to automatically call the service

2. Why is the user showing as "anonymous" in my srv layer. Should I specify some connection other than UAA to integrate my app and srv layer

Requesting your inputs,

Thanks & Regards,



uaa-popup.png (55.0 kB)