We developed a web application using SAP Web-IDE Full Stack; we need to retrieve the details of the user logged into application (as defined in SAP Cloud Platform Identity Authentication Administration), for example display name and assigned groups. We tried the userapi/currentUser API, but it seems to work only on NEO environment, for this reason is working fine while debugging in Web-IDE, but we get a 404 error when deploying the app on Cloud Foundry. Do we need to add a new destination to make userapi work also on CF? Or is there some kind of similar solution available on Cloud Foundry?
Asked
Active
Viewed 3,205 times
2 Answers
2
I highly suggest using the SAP S/4HANA Cloud SDK for such tasks. It is an SDK developed to make building applications for SAP Cloud Platform easy, by providing easy to use mechanisms for all the Cloud Platform mechanisms.
Regarding your task at hand, there is a UserAccessor class that you can use like this:
final Optional<User> user = UserAccessor.getCurrentUser();
This works on Neo as well as on Cloud Foundry, i.e. there is a single interface for both platforms, which allows you to develop your app in a platform agnostic way.
If this sounds like it could solve your problem, I recommend checking out this blog post series to get started.
Alternatively, you can also simply add the following dependency to your project to start testing the SDK:
<dependency>
<groupId>com.sap.cloud.s4hana.cloudplatform</groupId>
<artifactId>scp-neo</artifactId>
<version>2.7.0</version>
</dependency>
For Cloud Foundry use scp-cf instead of scp-neo.
Hope this helps!
P.S.: To answer your question also on a technical level, Cloud Foundry uses so-called JWTs for authentication and authorization. You can check whether a JWT is present by looking at the Authorization header of the request. The JWT should hold the information you're looking for.
Dennis H
- 589
- 4
- 10
-
Hi Dennis, thanks for your reply. How is possible to take these data (JWTs) from a SAPUI5 webapp developed (WebIDE) and deployed on Cloud Foundry? Thanks, Luca – Luca Motta Mar 26 '19 at 10:46
-
If users enter your application via the approuter and authenticate against an IdP (be it the default SAP one or a custom one), you will still have a JWT in the auth header. I'd assume that even in a frontend application you could use that value. However, I would question your use case here. Can you elaborate on what you're trying to achieve? – Dennis H Feb 03 '20 at 15:21
-
Thanks Dennis =) I have resolved, see the answer above. Thanks. – Luca Motta Feb 17 '20 at 17:13
2
In SAP Cloud Foundry if you develop a MTA using XSUAA service to manage User Authentication and Admistration, defined for example in the mta.yaml,
...
resources:
- name: uaa_myapp
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
type: org.cloudfoundry.managed-service
...
you can use the UAA API published from XSUAA service self to manage user authentication and authorization (e.g.: retrieve user info, groups assigned, password management etc..). also in the case the application is federated with another IDP.
To consume this API for example to retrieve user info you need to:
- Determine the XSUAA endpoint bound to your app (SCP Cockpit > XSUAA service detail > take the value url)
- Create a destination (xsuaa_api_destination) of type OAuth2TokenExchange bound to your app with url url took before, and fill OAuth2 authentication parameters with the data contained in XSUAA service detail (step 1).
- From your app execute the call xsuaa_api_destination/userinfo, for example using an ajax if you are using JS.
You can find other info in Account and Authentication Service of the Cloud Foundry Environment SAP doc.
Luca Motta
- 231
- 2
- 12