cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Propagate user attributes from MDK application to backend services in different subaccounts

Go to solution
PAstolfi86
Explorer

on ‎12-20-2023 4:01 PM

0 Kudos

Hi,

we are implementing an MDK application deployed on subaccount "A" that consume a OData service deployed on subaccount "B".

The subaccount "A" has a custom IdP that is federated with ADFS. In federation has been inserted a custom assertion attribute.

In other application deployed on subaccount "A" I can see custom assertion attribute.

I want that the service on subaccount "B" reads the custom assertion attributes. To do this I've created, in mobile connectivity, a destination with OAuth2 SAML Bearer Assertion. I've established a trust with this new destination in subaccount "B" and the Authentication is correctly propagated but in the service I can't see the custom assertion attribute.

How can I propagate the assertion attributes?

Show replies
Show replies
Answer
View Entire Topic
PAstolfi86
Explorer
‎01-15-2024 3:39 PM

Hi,

I solved it by following this blog:

https://blogs.sap.com/2020/07/24/mapping-of-saml-attributes-with-xsuaa-jwt-in-cloud-foundry/

Once the service has been deployed with the xs-security which contains the list of attributes and the related role template contains the list of attribute references, the role must be created on the related deployed service. The attributes defined in the IAS must be mapped to this role.

Thank you.

Ciao.

Piervincenzo.

Show replies
Show replies
Ask a Question