Hi,
I have the following challenge: restrictions should be checked based on the login name in the IAS (please don't ask why, a very old HANA application is being migrated to the BTP).
XSUAA with an IAS tenant as IdP is used for authentication/ authorization. In IAS, the login name was included as an assertion attribute (as login_name). Unfortunately, the attribute doesn't seem to arrive in the service. A logging of the value req.user.login_name leads to an undefined. If I understood the documentation at https://cap.cloud.sap/docs/guides/authorization correctly, the attribute should actually have been mapped.
The authorization check (@restrict then also works wonderfully with undefined as the value for $user.login_name).
The service is used by a UI5 application (with token forward to the service) using the same IAS tenant and the same XSUAA instance. The output of the user data in the UI5 application contains the mapped attribute (output via sap-approuter-userapi).
What is the right way to get your own attributes from the IAS into the CAP application (Node.js) and how can they be accessed there? Is there a guide/documentation somewhere that I've overlooked? Any hint is welcome.
Thanks.
Regards
Karsten
- SAP Managed Tags:
| User | Count |
|---|---|
| 79 | |
| 11 | |
| 10 | |
| 8 | |
| 8 | |
| 6 | |
| 6 | |
| 6 | |
| 4 | |
| 4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.