on 01-05-2023 7:24 AM
Hi,
I have the following challenge: restrictions should be checked based on the login name in the IAS (please don't ask why, a very old HANA application is being migrated to the BTP).
XSUAA with an IAS tenant as IdP is used for authentication/ authorization. In IAS, the login name was included as an assertion attribute (as login_name). Unfortunately, the attribute doesn't seem to arrive in the service. A logging of the value req.user.login_name leads to an undefined. If I understood the documentation at https://cap.cloud.sap/docs/guides/authorization correctly, the attribute should actually have been mapped.
The authorization check (@restrict then also works wonderfully with undefined as the value for $user.login_name).
The service is used by a UI5 application (with token forward to the service) using the same IAS tenant and the same XSUAA instance. The output of the user data in the UI5 application contains the mapped attribute (output via sap-approuter-userapi).
What is the right way to get your own attributes from the IAS into the CAP application (Node.js) and how can they be accessed there? Is there a guide/documentation somewhere that I've overlooked? Any hint is welcome.
Thanks.
Regards
Karsten
You need to follow the steps in this post https://blogs.sap.com/2020/07/24/mapping-of-saml-attributes-with-xsuaa-jwt-in-cloud-foundry/
in combination with xsuaa config in cap https://cap.cloud.sap/docs/node.js/authentication?q=Saml+attr#xsuaa.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the referenced links. Now I was able to find the my mistake. I've already added the attribute references to xs-security.json; but in SAP BTP cockpit the default roles were already create from template without attribute references. I had to drop the generated default roles to "enable" the attribute references. (The build log shows a message, that the xsuaa could not be updated; but the app deployment didn't fail, so I haven't seen the deployment issue.)
User | Count |
---|---|
79 | |
11 | |
10 | |
8 | |
8 | |
6 | |
6 | |
6 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.