cancel
Showing results for 
Search instead for 
Did you mean: 

How to 'deploy' roles when using IAS for a CAP application?

Dirk_koest
Product and Topic Expert
Product and Topic Expert
0 Kudos
365

Hello experts,

we are currently developing a standard CAP application using Java with a rather simple data model. It uses SAP HANA Cloud and we want to go with IAS (no XSUAA). The SAP BTP environment is K8s.

The service should be accessible only for a specific role (kind of Admin). For this we will use CDS annotation @requires. Until now we always used XSUAA for our applications and thus had a xs-security.json file to define roles and role templates which then could be assigned to specific users in BTP cockpit.

Now with IAS we are wondering how to do exactly the above step to be able to assign a user to a specific role. Question is: is there a similar file for IAS like xs-security.json for XSUAA or how is the mapping done between IAS Groups (probably) and BTP roles?

Any help/hint appreciated!

Thanks in advance.

Dirk

 

 

PulkitArora
Discoverer
0 Kudos
I'm generating a JWT and I want to map my groups during runtime after custom authentication of JWT in CAP Java application. Is there a way to do it?

Accepted Solutions (0)

Answers (1)

Answers (1)

vobu
Active Contributor

IMO there's no way around `xsuaa` as it is the mapper between Auth{X,Z} source and its application at runtime. 

In other words: no matter what single source of truth you use, whether it is the standard SAP Cloud IdP, or a custom IdP (in the subaccount) or IAS, `xsuaa` is always required to map authentication and authorisation into the CAP runtime.