on 04-08-2024 3:18 PM
Hi everyone,
We have a multitenant application, with a launchpad-module, deployed on a provider subaccount. When subscribing from a consumer’s subaccount, launchpad-module is returned as a dependency, so the consumer can access the launchpad. Also, for the consumer subaccount we have an IAS using OpenID Connect protocol, through which we can access the launchpad.
Due to a necessity of having UI5 and React applications together, we have created an SAP Build WorkZone launchpad, on consumer’s subaccount. In this new launchpad, we have added UI5 applications from multitenant application (Wee see our multitenant application as Content-Provider in Content Channels tab) and a React application.
The React application calls API “/users-api” to get the current user data. This call is made through multitenant router.
So, when we login the Build WorkZone launchpad, it looks like Single-Sign-On (SSO) is working fine, because we are getting access not only to the launchpad, but to the multitenant UI5 app and its data too, meaning that SSO is propagating to multitenant router.
The problem arrives while doing logout. Build WorkZone launchpad throws Single Logout (SLO) from IAS, but it looks like logout is not propagated to multitenant router, so, when we login again (With a different user) and call the “/users-api” we are getting the data from the previous user.
Is our approach wrong? There is a way to extend or override Build Work Zone standard logout process?
Thanks in advance.
Hi @FranciscoGarcia,
What did you enter on the xs-app.json file for your application? Do you have a logout end-point defined? What about a the logout html with the script that does log the user out.
Please the following blog (session entitled 'Logout'):
https://community.sap.com/t5/technology-blogs-by-sap/sap-application-router/ba-p/13393550
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Ivan-Mirisola ,
Indeed, I was missing logoutEndpoint from xs-security approuter. And, as @Dinu said, adding the logout URL of the approuter in "Front Channel Logout" of the IAS, it seems to work.
Thanks,
User | Count |
---|---|
72 | |
8 | |
8 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.