- SAP Managed Tags
Hello Experts,
It should be easy, but no. I'm still struggling with this issue, and I don't understand what is missing.
Context:
I have a CAP project service nodejs connected with an external service with a destination. This project uses a user variable. The project is not the issue because it's working fine. I can call it with the URL, and it retrieves all the information I want, also in Postman.
This CAP project is also integrated into a mta project with multiple sapui5 other projects, and here is the problem right now. The app itself, sapui5, has also been working fine since last year. They are also connected with workflow BTP service.
I receive in the sapui5 log:
GET request to /Sapui5_Apps.vendoronboarding/oktaCAP/odata/v4/okta/$metadata?sap-language=EN completed with status 500 Bad credentials
Let's go to the files:
The destination is configured like that.
If I set the complete link
https://blabla-okta-cap-srv.cfapps.us21.hana.ondemand.com/odata/v4/okta/$metadata?sap-language=EN
and test it, the result on the server side (nodejs cap) is s...
https://blabla-okta-cap-srv.cfapps.us21.hana.ondemand.com
xs-app.json
{
"welcomeFile": "/index.html",
"authenticationMethod": "route",
"routes": [{
"source": "^/bpmworkflowruntime/(.*)$",
"target": "/$1",
"service": "com.sap.bpm.workflow",
"endpoint": "workflow_rest_url",
"authenticationType": "xsuaa"
},
{
"source": "^/bpmworkflowruntimeodata/(.*)$",
"target": "/$1",
"service": "com.sap.bpm.workflow",
"endpoint": "workflow_odata_url",
"authenticationType": "xsuaa"
},
{
"source": "^/oktaCAP/(.*)$",
"target": "/$1",
"destination": "conn_okta",
"authenticationType": "none",
"csrfProtection": false
},
{
"source": "^/sap/(.*)$",
"target": "/sap/$1",
"destination": "sap",
"authenticationType": "xsuaa",
"csrfProtection": false
},
{
"source": "^/sapTRUST/(.*)$",
"target": "/sap/$1",
"destination": "sap_TRUST",
"authenticationType": "xsuaa",
"csrfProtection": false
},
{
"source": "^/resources/(.*)$",
"target": "/resources/$1",
"authenticationType": "none",
"destination": "ui5"
},
{
"source": "^/okta/(.*)$",
"target": "/$1",
"authenticationType": "none",
"destination": "okta_OLD_NOTWORKING"
},
{
"source": "^/test-resources/(.*)$",
"target": "/test-resources/$1",
"authenticationType": "none",
"destination": "ui5"
},
{
"source": "^(.*)$",
"target": "$1",
"service": "html5-apps-repo-rt",
"authenticationType": "xsuaa"
}
] }
If I put authenticationType = none, the same issue
Code sapui5:
isValidateOktaGroupsAndEmail: function (sEmail, bGroup) {
var response = {
result: null,
data: null,
error: null
};
var sUrl = this.appModulePath + "/oktaCAP/odata/v4/okta/getUserGroups(email='"+sEmail+"')"; //'/okta/api/v1/users/' + sEmail + (bGroup ? '/groups' : '');
$.ajax({
url: sUrl,
method: 'GET',
contentType: 'application/json',
async: false,
success: function (result, xhr, data) {
response.data = data;
response.result = result;
},
error: function (error) {
response.error = error;
console.log('Error in GET call to ' + sUrl);
}
});
return response;
}
Structure of all the project:
mta file:
_schema-version: "3.2"
ID: Sapui5_apps
version: 0.0.1
modules:
- name: okta-cap-srv
type: nodejs
path: okta-cap
parameters:
buildpack: nodejs_buildpack
readiness-health-check-type: http
readiness-health-check-http-endpoint: /health
build-parameters:
builder: npm
provides:
- name: srv-api # required by consumers of CAP services (e.g. approuter)
properties:
srv-url: ${default-url}
requires:
- name: Sapui5_apps-destination-service
- name: conn_okta
- name: Sapui5_apps-destination-content
type: com.sap.application.content
requires:
- name: Sapui5_apps-destination-service
parameters:
content-target: true
- name: Sapui5_apps_html_repo_host
parameters:
service-key:
name: Sapui5_apps_html_repo_host-key
- name: uaa_Sapui5_apps
parameters:
service-key:
name: uaa_Sapui5_apps-key
parameters:
content:
subaccount:
destinations:
- Name: Sapui5_Apps_Sapui5_apps_html_repo_host
ServiceInstanceName: Sapui5_apps-html5-app-host-service
ServiceKeyName: Sapui5_apps_html_repo_host-key
sap.cloud.service: Sapui5_Apps
- Authentication: OAuth2UserTokenExchange
Name: Sapui5_Apps_uaa_Sapui5_apps
ServiceInstanceName: Sapui5_apps-xsuaa-service
ServiceKeyName: uaa_Sapui5_apps-key
sap.cloud.service: Sapui5_Apps
existing_destinations_policy: update
build-parameters:
no-source: true
- name: Sapui5_apps-app-content
type: com.sap.application.content
path: .
requires:
- name: Sapui5_apps_html_repo_host
parameters:
content-target: true
build-parameters:
build-result: resources
requires:
- artifacts:
- vendoronboarding.zip
name: vendoronboarding
target-path: resources/
- artifacts:
- vendorsearch.zip
name: vendorsearch
target-path: resources/
- artifacts:
- vendorsearchnocc.zip
name: vendorsearchnocc
target-path: resources/
- artifacts:
- vendorinactivation.zip
name: vendorinactivation
target-path: resources/
- artifacts:
- vendorpaymentterms.zip
name: vendorpaymentterms
target-path: resources/
- artifacts:
- bponboarding.zip
name: bponboarding
target-path: resources/
- artifacts:
- vendorcurrency.zip
name: vendorcurrency
target-path: resources/
- name: vendoronboarding
type: html5
path: vendor_on_boarding
build-parameters:
build-result: dist
builder: custom
commands:
- npm install --registry=https://registry.npmjs.com/
- npm run build:cf
supported-platforms: []
- name: onboardingworkflow-module
type: com.sap.application.content
path: onboardingworkflow-module
requires:
- name: workflow
parameters:
content-target: true
- name: vendorsearch
type: html5
path: vendorsearch
build-parameters:
build-result: dist
builder: custom
commands:
- npm install --registry=https://registry.npmjs.com/
- npm run build:cf
supported-platforms: []
- name: vendorsearchnocc
type: html5
path: vendorsearchnocc
build-parameters:
build-result: dist
builder: custom
commands:
- npm install --registry=https://registry.npmjs.com/
- npm run build:cf
supported-platforms: []
- name: vendorinactivation
type: html5
path: vendorinactivation
build-parameters:
build-result: dist
builder: custom
commands:
- npm install --registry=https://registry.npmjs.com/
- npm run build:cf
supported-platforms: []
- name: vendorpaymentterms
type: html5
path: vendorpaymentterms
build-parameters:
build-result: dist
builder: custom
commands:
- npm install --registry=https://registry.npmjs.com/
- npm run build:cf
supported-platforms: []
- name: vendorcurrency
type: html5
path: vendorcurrency
build-parameters:
build-result: dist
builder: custom
commands:
- npm install --registry=https://registry.npmjs.com/
- npm run build:cf
supported-platforms: []
- name: bponboarding
type: html5
path: bp_on_boarding
build-parameters:
build-result: dist
builder: custom
commands:
- npm install --registry=https://registry.npmjs.com/
- npm run build:cf
supported-platforms: []
resources:
- name: Sapui5_apps-destination-service
type: org.cloudfoundry.managed-service
parameters:
config:
HTML5Runtime_enabled: true
init_data:
instance:
destinations:
- Authentication: NoAuthentication
Name: ui5
ProxyType: Internet
Type: HTTP
URL: https://ui5.sap.com
- Name: OktaUserGroups
Type: HTTP
URL: https://blablabla-okta-cap-srv.cfapps.us21.hana.ondemand.com
Authentication: OAuth2UserTokenExchange
ProxyType: Internet
existing_destinations_policy: update
existing_destinations_policy: update
version: 1.0.0
service: destination
service-name: Sapui5_apps-destination-service
service-plan: lite
- name: Sapui5_apps_html_repo_host
type: org.cloudfoundry.managed-service
parameters:
service: html5-apps-repo
service-name: Sapui5_apps-html5-app-host-service
service-plan: app-host
- name: uaa_Sapui5_apps
type: org.cloudfoundry.managed-service
parameters:
path: ./xs-security.json
service: xsuaa
service-name: Sapui5_apps-xsuaa-service
service-plan: application
- name: workflow
type: org.cloudfoundry.managed-service
parameters:
service: workflow
service-plan: standard
- name: conn_okta
type: org.cloudfoundry.managed-service
parameters:
service: connectivity
service-plan: lite
parameters:
deploy_mode: html5-repo
I also did not touch or modify the xs-security.json file. It has remained the same from the beginning (it is working fine with the sapui5 that is connecting with the workflow service).
{
"xsappname": "sapui5_apps",
"tenant-mode": "dedicated",
"description": "Security profile of called application",
"scopes": [
{
"name": "uaa.user",
"description": "UAA"
}
],
"role-templates": [
{
"name": "Token_Exchange",
"description": "UAA",
"scope-references": [
"uaa.user"
]
}
]
}
What is missing?
I still have not learned completely how it works: the mta.yaml, destination, and connection. Maybe there is a better architecture than creating a new destination for that service and calling it again in t
Accepted Solutions (0)
Answers (1)
| User | Count |
|---|---|
| 31 | |
| 8 | |
| 8 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.