cancel
Showing results for 
Search instead for 
Did you mean: 

sap cap xs-security grant authorities for various applications

jesinaloa
Explorer
0 Kudos
212

Hello, I am configuring security scopes for several applications that communicate with our SAP CAP, for which we have created application-type xsuaa services for each of them,

however when trying to give permissions in our scope for those services it keeps giving me 401 unauthorized

However when I only add one service to the scope, this one works fine for me Could you help me know what causes this behavior? greetings and thanks

This is the xs-security of my application 


where I give authorization to the UAA application type services

jesinaloa_1-1734099950468.png

 

and this is my xs-security from the UAA service uaaemployeetimes

jesinaloa_0-1734099765662.png

and this is my xs-security from the UAA service uaacitasmedicas

jesinaloa_2-1734099983637.png

 

 

 

View Entire Topic
HakanHaslaman
Product and Topic Expert
Product and Topic Expert
0 Kudos

To resolve the 401 Unauthorized error when granting multiple apps authority in SAP CAP, the UAA service must be bound to both the app and the CAP service, as both need proper security configuration.
Please double-check that the scope and client IDs in xs-security.json match exactly, including case sensitivity and use cf oauth-token to ensure the token includes the correct scope and audience for all apps. If it works with one app, add apps one by one to isolate the issue. If the problem persists, review the UAA configuration and ensure it’s consistent for both applications.

jesinaloa
Explorer
0 Kudos
Good morning Hakan, I have followed your recommendations and I have linked the UAA services of the respective applications to my app and CAP service At first it added all the UAA to my xs-security and made sure that when consumed it was reflected in the scope, however this does not work. When you add one by one and deploy each iteration it starts working however it gets to the point where it adds a certain application to xs-security and it fails and this sets me back We see the following error in the Server logs Error: Jwt token with audience: ['uaa','sb-uaaemployeetimes!t3247','ZHCM_CAP_EMPLOYEECENTRAL!t3247','uaaemployeetimes!t3247'] is not issued for these clientIds: [ 'sb-uaajobscheduler!t3247', 'uaajobscheduler!t3247']. I think my xs-security is wrong In my xs-security of my application I have the ReadPolicies scope. In this scope I give authorization to the UAA application type services In each of these UAA services I give authorities for my application and for the UAA services am I right? I have updated my posts where I add the images of my respective xs-security Thank you very much for your help