on 06-20-2018 10:30 AM
Hello Experts,
I have created a simple MTA App in Cloud Foundry that connects to Hana DB through Node JS. This app defines a role template 'Viewer' with display scope and a user attribute 'Country'. After the app is deployed, I have created a role and role collection from this template and assigned it to the business user.
Now, I am unable to read these attributes in the database level. I am issuing a simple select.
Select session_context('XS_COUNTRY') from dummy;
But this shows null as result.
select from M_SESSION_CONTEXT and select session_context('APPLICATOINUSER') are also showing null values.
I am able to see the scope and the user attributes in the JWT token in the Node JS app level though.
Am I missing anything? This app is deployed on cloud foundry trial instance.
The project can be accessed from Link
I think you problem might be that you are loading the hdbext middleware before you process the JWT token via passport. Therefore there is no token information to inject into the DB session because it hasn't been processed yet. I'd recommend loading the security information before loading the database middleware as in this example:
https://github.com/SAP/com.sap.openSAP.hana5.example/blob/hana2_sps03/core_node/server.js
The example referenced above has no problem seeing the APPLICATIONUSER or custom attributes in the session context.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Thomas,
I have tried this. However, now I am getting an 'Internal server error' when running the App. The core-js service logs shows the below error message:
[APP/PROC/WEB/0] ERR Error: the predefined session variable cannot be set via SET command: XS_APPLICATIONUSER
Up on further research about this error, I came across the Note: 2470084 which says:
The HANA instance in your SAPCP account has by default no direct connectivity to XSUAA.
And I am following the steps under b) Sap Cloud Platform (SAPCP) of that Note to establish this trust.
I have done the following:
- Downloaded xsuaa_hdbtrust_sql.sh bash shell script on my laptop
- My operating system being Windows, I downloaded cygwin to run this script.
- Obtained metadata URL as explained in step 1.
- Executed the following as explained in step 2:
/cygdrive/c/Users/ajc5cob/Desktop/Software/xsuaa_trust
$ ./xsuaa_hdbtrust_sql.sh -a https://XXXXX.authentication.eu10.hana.ondemand.com/sap/trust/jwt -q ~/xs_appuser.sql
However, this gives the following error:
./xsuaa_hdbtrust_sql.sh: line 71: curl: command not found
###############################################
Error
The response from request to base
URI https://robertbosch.authentication.eu10.hana.ondemand.com/login was empty
Check your parameter -a and/or your XSUAA on https://XXXXXXX.authentication.eu10.hana.ondemand.com
###############################################
Usage: ./xsuaa_hdbtrust_sql.sh <options>
This bash script calls xsuaa REST endpoints for JWT trust and creates a SQL script for manual execution
Options:
-a: xsuaa base URI [default: https://localhost:30032/uaa-security]
-i: SQL template in [default: xsuaa_template.sql]
-q: SQL file created [default: xs_appuser.sql]
-n: HANA host name:port [default: EMPTY, no hdbsql used]
-u: HANA system user name [default: system]
-p: HANA system user passwordsa
Not sure how to proceed further. I have tried this on my Trial SCP and Productive SCP Accounts. And I get the same error. Please advice,
When I access https://XXXXX.authentication.eu10.hana.ondemand.com/sap/trust/jwt manually through browser, I am getting the access token.
Thanks in advance,
Ajith
Instal on cygwin curl, link: https://stackoverflow.com/questions/3647569/how-do-i-install-curl-on-cygwin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.