Skip to Content
0
Sep 19, 2023 at 12:25 PM

Subdomain does not map to a valid identity zone in a Multi-Tenant Environment (SAP CAP, MTXS)

309 Views

The application I'm currently developing uses SAP CAP with the MTXS Sidecar for Tenant Subscription Handling.
The subscription works. A unique URL is created that I can map to the application router. Also a new HDI Container is created by the service manager.

But on attempt to access the application, I get rerouted to the XSUUA Service with an error message.

The URL for the authentification is:

https://$TENANT-$ORGNAME.authentication.eu10.hana.ondemand.com/oauth/authorize

with $TENANT and $ORGNAME being placeholders for the tenant and organization name respectively.

image.png

My mta.yaml looks like so:


_schema-version: "3.1"
ID: example
version: 1.0.0
description: ""
parameters:
  enable-parallel-deployments: true
  appname: example
  deploy_mode: html5-repo
build-parameters:
  before-all:
    - builder: custom
      commands:
        - npm install --production
        - npm run build:cf

modules:
  - name: example-srv
    type: nodejs
    path: gen/srv
    parameters:
      buildpack: nodejs_buildpack
      disk-quota: 512M
      memory: 256M
    build-parameters:
      builder: npm-ci
    provides:
      - name: srv-api # required by consumers of CAP services (e.g. approuter)
        properties:
          srv-url: ${default-url}
    requires:
      - name: example-auth
      - name: example-db
      - name: example-registry

  - name: example-approuter
    type: approuter.nodejs
    path: router # from cds.env.folders. Consider also cds.env.build.target -> gen/app
    properties:
      TENANT_HOST_PATTERN: "^(.*)-${space}-${app-name}.${default-domain}"
    parameters:
      disk-quota: 256M
      memory: 256M
      routes:
        - route: https://${default-host}.${default-domain}
    requires:
      - name: example-html5-repo-runtime
      - name: example-auth
      - name: srv-api
        group: destinations
        properties:
          name: srv-api # must be used in xs-app.json as well
          url: ~{srv-url}
          forwardAuthToken: true
    provides:
      - name: app-api
        properties:
          app-protocol: ${protocol}
          app-uri: ${default-uri}
    build-parameters:
      builder: custom
      commands:
        - npm install
        - npm run build:ts

  - name: example-app-content
    type: com.sap.application.content
    path: .
    requires:
      - name: example-html5-repo-host
        parameters:
          content-target: true
    build-parameters:
      build-result: app_resources
      requires:
        - artifacts:
            - example.zip
          name: example
          target-path: app_resources/

  - name: example
    type: html5
    path: app/example
    build-parameters:
      build-result: dist
      builder: custom
      commands:
        - npm install
        - npm run build:cf
      supported-platforms: []

  - name: example-mtx
    type: nodejs
    path: gen/mtx/sidecar
    build-parameters:
      builder: npm-ci
    parameters:
      memory: 256M
      disk-quota: 512M
    provides:
      - name: mtx-api
        properties:
          mtx-url: ${default-url}
    requires:
      - name: app-api
        properties:
          SUBSCRIPTION_URL: ~{app-protocol}://\${tenant_subdomain}-~{app-uri}
      - name: example-db
      - name: example-auth
      - name: example-registry

resources:
  - name: example-auth
    type: org.cloudfoundry.managed-service
    parameters:
      service: xsuaa
      service-plan: application
      path: ./xs-security.json
      config:
        xsappname: example
        tenant-mode: shared
    requires:
      - name: app-api

  - name: example-html5-repo-host
    type: org.cloudfoundry.managed-service
    parameters:
      service: html5-apps-repo
      service-plan: app-host
      service-key: example-html5-repo-host-key
  - name: example-html5-repo-runtime
    type: org.cloudfoundry.managed-service
    parameters:
      service: html5-apps-repo
      service-plan: app-runtime
      service-name: html5-apps-repo-rt
  - name: example-registry
    type: org.cloudfoundry.managed-service
    requires:
      - name: mtx-api
    parameters:
      service: saas-registry
      service-plan: application
      config:
        xsappname: example
        appName: example
        displayName: example
        description: Example Substription Service
        category: "Example Services"
        appUrls:
          getDependencies: ~{mtx-api/mtx-url}/-/cds/saas-provisioning/dependencies
          onSubscription: ~{mtx-api/mtx-url}/-/cds/saas-provisioning/tenant/{tenantId}
          onSubscriptionAsync: true
          onUnSubscriptionAsync: true
          onUpdateDependenciesAsync: true
          callbackTimeoutMillis: 300000 # Increase if your deployments are taking longer than that
  - name: example-db
    type: org.cloudfoundry.managed-service
    parameters:
      service: service-manager
      service-plan: container
My application router:

{
	"welcomeFile": "index.html",
	"authenticationMethod": "route",
	"logout": {
		"logoutEndpoint": "/logout",
		"logoutPage": "LOGOUT_PAGE_URL"
	},
	"routes": [
		{
			"source": "^/logout.html$",
			"target": "example/logout.html",
			"service": "html5-apps-repo-rt",
			"authenticationType": "none"
		},
		{
			"source": "^/index.html",
			"target": "/userexample/index.html",
			"service": "html5-apps-repo-rt",
			"cacheControl": "no-cache, no-store, must-revalidate"
		},
		{
			"source": "/v2/exampleservice/(.*)$",
			"target": "/v2/exampleservice/$1",
			"authenticationType": "xsuaa",
			"destination": "srv-api",
			"csrfProtection": true
		},
		{
			"source": "^(/.*)",
			"target": "/userexample/$1",
			"authenticationType": "xsuaa",
			"service": "html5-apps-repo-rt"
		}
	]
}
I greatly appreciate any assistance in pinpointing possible sources of error.

Attachments

image.png (23.1 kB)