cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP Cloud SDK: How to setup requests using the business user instead of communication user (CAP)

Go to solution
DanielSchneider
Participant

on ‎2024 Dec 05 3:45 PM

0 Kudos
507

Hi community,

I am using SAP Cloud SDK (with Node.js) and want to make a request to S4H Public Cloud with the business user instead of a communication user.

The setup looks like follows:

  • The project is a MTA with a Node.js server and a SAPUI5 application
  • The SAPUI5 application uses a destination with authentification type SAMLAssertion to make calls to OData services which are available on S4H Public Cloud
  • The SAPUI5 apps then also calls the Node.js server for certain things
    • The Node.js server is using the SAP Cloud SDK to make calls to released OData API services of S4H Public Cloud
    • For this a destination with a communication user is used right now
      • Needed communication arrangement with that comm.user are maintained on the S4H Public Cloud system
      • This works wihtout problems
      • Now I would like to make certain calls to those APIs with the business user (which is logged on in the SAPUI5 app) instead of the communication user
        • I made sure that the APIs support that (a business catalog with the the authorization to call those APIs exists - so the business user is actually allowed to call those APIs if he has assigned a corresponding role which includes that business catalog)
        • I was able to use the SAMLAssertion destination in the SAPUI5 application to call the APIs directly in there - it worked
          • But I would now also like to be able to do the same thing on the Node.js server
          • I'm struggling how to setup the connections (forwarding tokens?)

The part for the connection between the SAPUI5 app and the Node.js server inside xs-app.json looks like follows:

 {
      "source": "^/admin/(.*)$",
      "target": "/admin/$1",
      "destination": "srv-api",
      "authenticationType": "xsuaa",
      "csrfProtection": true
    }
 
The SAMLAssertion destination on the BTP subaccount looks like follows:
DanielSchneider_0-1733413435663.png

 

 
Has anyone tried this before? Any help is very appreciated!
 
Thank you
Daniel
 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

Dinu
Active Contributor
‎2024 Dec 06 7:38 AM

Try setting up the destination as described in documentation: https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/user-propagation-from-cloud-foundry-e...

 

Show replies
Show replies
DanielSchneider
Participant
‎2024 Dec 10 2:28 PM
0 Kudos

Thanks for pointing me to the right direction, it worked!

In case anyone else is interested:
I used @SAP-cloud-sdk/connectivity to retrieve the JWT (with the function retriveJwt), see https://sap.github.io/cloud-sdk/docs/js/features/connectivity/destinations.

Just provide the request as parameter to that function [let retrievedJwt = retriveJwt(request)] and you should get the JWT, which you then can pass on to the execute request of the API (providing both the destination name and the jwt). This way the call is getting made with the business user logged on in the frontend application. You also need to make sure that you have a communication arrangement for the given API.

Answers (0)

Ask a Question