Hello guys,
I’m really stuck on how to consume destination from inside my SAPUI5 frontEnd. using the OAuth2SAMLBearerAssertion type of authentication, technically I want to make a SSO connection with SAP ByD, So I configured the SSO inside ByD
and I’ve tested the connection between the SSO and the identity Provider and it was successful that means my SSO config is Ok,
Now I’ve set up my destination on the subaccount level like this and when I click on check connection I get the redirect message, that means my subaccount is trusted in the Idp and recognized by SAP ByD :I have no problem consuming the destination when I use BasicAuthentication type of connection, the issue only happens when switching to OAuth2SAMLBearerAssertion
Now here when I’m really stuck In my xs-app.json of my SAPUI5 module I’ve tried both
In my xs-app.json of my SAPUI5 module I’ve tried both
{
"welcomeFile": "/appadmin/index.html",
"authenticationMethod": "route",
"logout": {
"logoutEndpoint": "/do/logout"
},
"routes": [{
"source": "^/ByD",
"target": "/sap/byd/odata/cust/v1/odata_project/",
"authenticationType": "xsuaa",
"destination": "ByD",
"csrfProtection": false
}
]
}and
{
"source": "^/ByD/(.*)$",
"target": "$1",
"authenticationType": "none",
"destination": "ByD",
"csrfProtection": false
}and
{
"source": "^/ByD/(.*)$",
"target": "$1",
"authenticationType": "xsuaa",
"destination": "ByD",
"csrfProtection": false
}my mta.yml looks like this
ID: MPRSMTA
_schema-version: '2.1'
version: 0.0.1
modules:
- name: appadmin
type: html5
path: appadmin
parameters:
memory: 256M
disk-quota: 250M
build-parameters:
builder: grunt
properties:
TENANT_HOST_PATTERN: '^projexia--inc--(.*)-spaceprojexia-appadmin.cfapps.(.*).hana.ondemand.com'
SAP_JWT_TRUST_ACL: '[{"clientid":"*", "identityzone": "*"}]'
requires:
- name: uaa_MPRSMTA
- name: destination-MPRS-lite
description: MPRS MTA
provider: Projexia
resources:
- name: uaa_MPRSMTA
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
type: org.cloudfoundry.managed-service
- name: destination-MPRS-lite
parameters:
service-plan: lite
service: destination
type: org.cloudfoundry.managed-service{
"xsappname": "MPRSMTA",
"tenant-mode": "shared",
"description": "Security profile of called application",
"scopes": [{
"name": "$XSAPPNAME.USER",
"description": "MPRS User"
}, {
"name": "$XSAPPNAME.Callback",
"description": "With this scope set, the callbacks for subscribe, unsubscribe and getDependencies can be called.",
"grant-as-authority-to-apps": [
"$XSAPPNAME(application,sap-provisioning,tenant-onboarding)"
]
}, {
"name": "uaa.user",
"description": "UAA"
}, {
"name": "openid",
"description": "openid"
}, {
"name": "scim.read",
"description": "scim.read"
}, {
"name": "scim.read",
"description": "scim.read"
}],
"role-templates": [{
"name": "MPRS_User",
"scope-references": ["$XSAPPNAME.USER"]
}, {
"name": "Token_Exchange",
"description": "UAA",
"scope-references": [
"uaa.user"
]
}]
}Am I missing a scope of a role template or something like that ?
Using the command cf logs myapp --- recent
I'm having this error message :
"GET request to /ByD/ completed with status 500 - The requested scope is invalid. Make sure that the scope(s) you requested in parameter scope actually exist in the system."}
P.S : When I use BasicAuth with the following source/target I was able to consume the destination without issue, but not when I switch to OAuth2SAMLBearerAssertion
{<br> "source": "^/ByD/(.*)$",
"target": "$1",
"authenticationType": "xsuaa",
"destination": "ByD",
"csrfProtection": false
} <br> - SAP Managed Tags:
Accepted Solutions (1)
I finally found the issue, I wrote the scope as Scope and it must not be in capital letter, now I'm able to consume the destination without any problem
Answers (0)
| User | Count |
|---|---|
| 90 | |
| 10 | |
| 10 | |
| 10 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.