stackoom
  简体   繁体   中英

SAP Fiori Launchpad on Cloud Foundry - Role Configuration Issues

 原文  2022-03-30 16:36:05       sap-business-technology-platform/ sap-business-application-studio

Question

We have a range of apps deployed to our Fiori Launchpad (via an mta) file on Cloud Foundry.

I came across this blog that describes setting up role access on an app by app basis.

Configuring Roles – SAP Fiori Launchpad Cloudfoundry | SAP Blogs.

Firstly, I setup approuter/xs-app.json as follows. Note this has as single config_admin scope as opposed to the 2 (approver and user) in the blog. The reason for this is we only need a single configurable role at the moment, so I'm making the assumption we only need a single scope.

Does the below snippet look correct? I've used "srv_api" as the destination from the blog, but not sure If it needs to be something else.

{
    "authenticationMethod": "route",
    "welcomeFile": "/cp.portal",
    "routes": [
        {
            "source": "^/catalog(.*)$",
            "target": "/catalog$1",
            "destination": "srv_api",
            "authenticationType": "xsuaa",
            "scope": {
                "GET": ["$XSAPPNAME.config_admin"],
                "PATCH": ["$XSAPPNAME.config_admin"],
                "POST": ["$XSAPPNAME.config_admin"],
                "PUT": ["$XSAPPNAME.config_admin"],
                "DELETE": ["$XSAPPNAME.config_admin"],
                "default": ["$XSAPPNAME.config_admin"]
            }
        }
    ],
    "logout": {
        "logoutEndpoint": "/do/logout"
    }
}

Next up, xs-security.json in the project root. 
"sap.platform.cf": { "oAuthScopes": ["$XSAPPNAME.config_admin"] }

... and finally the manifest.json of the app I would like to apply the role to: 

 "sap.platform.cf": { "oAuthScopes": ["$XSAPPNAME.config_admin"] }

The app exists in a Group containing only that app.

When deployed to SAP Cloud Foundry, the Group and app are hidden. Fine I thought, just needs the role configured on the BTP side?

In BTP, I setup the role collection with my user, and the the two roles, ADMIN_USER and Token_Exchange, which were deployed correctly to BTP in the previous step.

However, the app and it's Catalog are still hidden from view on the Fiori Launchpad. The only apps that do appear are the one's without the "sap.platform.cf" manifest entry.

Am I approaching this the correct way? Have I missed something?

Or do I need to setup two separate scope, as in the guide, and include the relevant scope in each and every app?

*Note - I've tried setting up the user without the Token_Exhange role, with the same result.

1 answers

solution1
 1  2022-03-30 18:15:51

The answer is a typo in xs-security.json

Should be: "scope-references": ["$XSAPPNAME.config_admin"]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SAP Fiori Get logged in user details in UI5 application SAP BTP Launchpad (Trial) managed HTML5 apps are not visible to catalogs and groups assignment DestinationAccessException while trying to access destination details using SAP Cloud SDK for JAVA SAP Cloud SDK - Accessing Auth Token Destination Error: Failed to read authentication token Date Comparison in Groovy SAP CPI SAP CAP Install Plugin Multiapps Error. Why? SAP BTP Portal - App react Not found after refresh(F5) DOS Attack mitigation/rate limiting on SAP BTP CF Apps Apis SAP WEBI - how to run two different query in same document Does a Dynatrace default configuration for BTP workload exist?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM