2

Environment: Cloud Foundry Trail

I deployed my business & approuter applications using help

Now my requirement is get below user profile after XSUAA login.

Is there any API to get user profile details?

{
   "lastName": "XXXXX",
   "passwordStatus": "enabled",
   "mail": "XXXXX@gmail.com",
   "displayName": "XXXX XXXX XXXXX",
   "uid": "XXXXXX",
   "photoUrl": "https://www.gravatar.com/avatar/760fcd379cf60090e1e27b052f9e49bd?d=mm",
   "firstName": "XXXX",
   "contactPreferenceEmail": "unknown",
   "status": "active",
   "spUsersAttributes": [
      {
         "ServiceProviderName": "sapcpcf",
         "NameID": "XXXXX",
         "Status": "ACTIVE",
         "ActivationTime": "20181026050006Z"
      }
    ]
}

enter image description here

Dama Ramesh
  • 159
  • 14

2 Answers2

1

Updated answer:

The IdP used by default on Cloud Foundry does not use SAML. Thus, mapping of SAML attributes does not work. Use the approach listed below only when using an IdP that supports SAML.

Instead, when using the default IdP, there three fields (given_name, family_name, email), that can be accessed as follows:

AuthTokenAccessor.getCurrentToken().get().getJwt().getClaim("email").asString();

Original answer:

you can do the following:

First, add a role template to your xs-security.json you used to configure your XSUAA instance like this:

{
    "name": "Authenticated",
    "description": "All authenticated users",
    "attribute-references": [ 
        "given_name", 
        "family_name",
        "email"
    ]
}

Note that you need to recreate the XSUAA instance with the new config in order for this change to work.

Now, in the roles section of your Identity Provider (if you use the default Cloud Foundry IdP you can find that under the "Security" tab on the left of the Cloud Cockpit), you can configure how these fields should be filled. Choose "Identity Provider" there.

Of course make sure that this role is assigned to every user.

Finally, you read the information using the UserAccessor:

final User currentUser = UserAccessor.getCurrentUser();

currentUser.getAttribute("email");

This should help you get the necessary information!

Dennis H
  • 589
  • 4
  • 10
  • I recreated XSUAA service with `attributes` using [help](https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/150b04d647cd4b42835411c1787a8b11.html) I didn't find `Identity Provider` under `Security` tab. In `NEO` environment I am able to get `com.sap.security.um.user.User` object using `InitialContext ctx = new InitialContext(); UserProvider userProvider = (UserProvider) ctx.lookup("java:comp/env/user/Provider"); User userProfile = userProvider.getUser(userName);` Please suggest me to get `userprofile` with groups & etc. in CF environment – Dama Ramesh Nov 30 '18 at 21:44
  • When you're in the Cloud Cockpit, you first need to navigate down to application level (remember Global Account > Subaccount > Space > Application). Only then you will in the sidebar on the left see the tab "Roles" under "Security". There you can edit your roles and perform the configuration described above. – Dennis H Dec 03 '18 at 13:53
  • I created Role with above attributes, and created role i assigned to my testing user email id, but values showing empty. please suggest me what i missed. – Dama Ramesh Dec 05 '18 at 07:12
  • Getting attribute values empty like 'email=CollectionUserAttribute(name=email, values=[])' from ScpCfUser. Please suggest me how to resolve? – Dama Ramesh Dec 07 '18 at 05:33
  • Hi Dennis! Thank you very much for your reply! I can get email, given_name, family_name, ect with your approach But I am unable to get uid: PXXXX, groups. – Dama Ramesh Dec 13 '18 at 05:10
0

Currently, there is no dedicated API to get all of these user profile details. You can use the AuthTokenAccessor to access the current JWT which should contain this information.

Sander Wozniak
  • 650
  • 8
  • 27