cancel
Showing results for 
Search instead for 
Did you mean: 

Seeking Advice on Custom Authentication for CAPM Services with HANA Cloud Database

rahuljain257
Participant
0 Kudos
225

Good day to everyone,

I'm new to the CAPM world and have recently started learning its concepts. We've developed CAP services and now need to secure them by implementing authorization and authentication.

SAP provides XSUAA, which ensures that only authorized users can access endpoints by establishing a trusted connection with identity providers for user authentication. This concept works well from SAP's perspective.

However, in our scenario, we have developed CAPM services that are bound to a HANA Cloud Database (HDI Containers). Our database/schema contains a users table (ID, Name, Username, Password). We want to implement a system where authorization and authentication occur only if the user exists in our user table.

rahuljain257_0-1720898754410.png

Instead of authenticating users against identity providers, I want to validate users against the records in our tables and generate a token if the records exist.

Is this approach correct? In ASP.NET Web API, we usually follow this practice.

Looking forward to your suggestions.

Best regards,
Rahul Jain

 

View Entire Topic
Willem_Pardaens
Product and Topic Expert
Product and Topic Expert

I would suggest to rethink this approach. The CAP framework relies on best practices for a lot of topics, including security. It uses BTP roles and HDI users to establish/govern access and connectivity to the service layer and database layer, and 'outsources' token handling to the XSUAA service.

If you want to use a custom list of users, I suggest to look at importing them to IAS so you can assign roles to them to access your application: https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/import-or-update-users-for...