cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP BTP Job Scheduling Service - Consume Secured CAP Service

Cristian
Participant

on ‎03-18-2021 2:14 PM

0 Kudos

Hi Experts,

We have a SAP CAP service with authentication with its own UAA service.

Now, we want to call this service from the SAP BTP Job Scheduler which has its own embedded UAA service.

We have followed the settings defined in section 7.1 of the Job Scheduler documentation to grant the Job Scheduler the required scope to call our service.

SAP Job Scheduling Service

Therefore, in our CAP service xs-security.json we have added the below and we have updated our UAA instance as defined as follows:

1. To grant scopes to SAP Job Scheduling service, open the xs-security.json file that is used for the
xsuaa service instance bound to the application and add the following to the scopes section:
 Sample Code
Example xs-security.json file scope section
"scopes": [{
 "name": "$XSAPPNAME.JOBSCHEDULER",
 "description": "Job Scheduler Scope",
 "grant-as-authority-to-apps": ["$XSSERVICENAME()"]
 }]
2. Update the xsuaa service instance with the updated xs-security.json:
cf update-service  -c xs-security.json

Additionally, we have bind our app with the job scheduling service.

Despite that, we are still getting 401 Unauthorized when trying to call the service from the Job Scheduler.

Any idea about what can be missing?

Thanks in advance.

Regards,

C.

Show replies
Show replies
hemchand_sharma
Active Participant
‎12-28-2022 6:22 AM
0 Kudos

Hello Guys,
Anyone was able to resolved the above issue. I am facing similar error.

Answer
View Entire Topic
former_member508209
Participant
‎03-19-2021 10:32 AM

Hi cachico,

Just 3 points I've noticed:

1. Have you enabled the XSUAA support for the Job Scheduler as described in section 5.1 of the linked documentation? As configuration when creating the service instance, you have to use

{"enable-xsuaa-support":true}

2. In the configuration snippet you provided for the XSUAA instance, the name of the job scheduler is missing. Insert it between the parentheses:

"grant-as-authority-to-apps": ["$XSSERVICENAME(**INSERT INSTANCE NAME HERE**)"]

3. Which scope is your application expecting to grant authorization to? So the scope name in XSUAA and in your CDS have to match. With your sample given above, you have to 

@(restrict: [{ grant: "*", to: "JOBSCHEDULER" }])

And also remember updating all services after changing them.

For some step-to-step guide on this, you can take a look to this blog post on using OAuth with the Job Scheduler by carlos.roggan.

Please let me know if this helps or which further problems you encounter.

Best,

Janik

Show replies
Show replies
Cristian
Participant
‎03-19-2021 11:58 AM
0 Kudos

Many thanks janik for your prompt response.

Regarding point 1 and 2, they were already in place but I had missed point 3.

I have added not the below:

/**
 * Locking Service Tasks.
 */
@path : '/locking-service-tasks'
@requires: 'JOBSCHEDULER' 
service locksServiceTasks {
    action notifyIfThresholdExceeded(object : String(60), threshold : Integer, emails : array of String) returns Integer;
}

But unfortunately, still facing the same issue 😞

Any idea what I may be missing?

Regards,

C.

former_member508209
Participant
‎03-19-2021 1:52 PM
0 Kudos

Hi cachico,

That is interesting. I guess you've already tried to access your service without authorization from the job scheduler? If this is working, you can gradually increase the authentication level over `authenticated-user` towards `JOBSCHEDULER`.

If scheduling jobs on your unsecured service is still failing, you may have an issue in your configuration aside of the XSUAA.

Best,

Janik

Cristian
Participant
‎03-19-2021 2:47 PM
0 Kudos

Many thanks janik,

I have tried without authentication and everything works fine.

/**
 * Locking Service Tasks.
 */
@path : '/locking-service-tasks'
service locksServiceTasks {
    action notifyIfThresholdExceeded(object : String(60), threshold : Integer, emails : array of String) returns Integer;
}

With authenticated-user is failing as well but I guess it is expected because the Job Scheduler has its own UAA token provided which differs from the one binded to my app.

I may need to raise a ticket with SAP.

Many thanks,

C.

former_member508209
Participant
‎03-30-2021 2:50 PM
0 Kudos

Hi cachico,

What was the result of your ticket?

Best,

Janik

Ask a Question