0

Hi, I have an app running on SAP Cloud Plattform. For user authentification I am using XSAUAA. But by opening the app I am always redirected to a login page in which I have to click on “accounts.sap.com” to automatically login – I want to avoid this step. Therefore I got the solution internally, but don’t know how to implement it by using Mendix. So the solution I got internally is that I should use an xs-security.json file while creating the xsauaa instance. In that JSON-File I should enter following information: "oauth2-configuration": { "allowedproviders": ["accounts.sap.com"] } That would make the app skip the login-page, since only one IDP provider is allowed and the login screen only appears if more than one IDP provider is provided/allowed. Now I tried to create the xsauaa instance manually and add the configuration to the instance. But I can’t bind the instance with my Mendix application since I am receiving error messages like that the xsappname doesn’t match. And also I have the feeling that the xsauaa instance settings are updated by Mendix each time I deploy the app. So I looked for a way how to change the xsauaa instance settings in the Mendix environment. I found out that there is a “XsuaaBindingSettings.java” and a “XsuaaIdentity.java” file. For me it seems like the “XsuaaIdentity.java” file contains the settings I am looking for. But since it is a java code and I don’t know how to adapt it so it generates the setting json file I would like to have, could you help me?  What changes do I have to make in the XsuaaIdentity.java file to have the setting above (allowed providers) included? The XsuaaIdentity.java file looks like this spackage sapauthentication.xsuaa; import com.mendix.core.Core; import com.mendix.logging.ILogNode; import com.mendix.thirdparty.org.json.JSONArray; import com.mendix.thirdparty.org.json.JSONObject; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.builder.ReflectionToStringBuilder; import org.apache.commons.lang.builder.ToStringStyle; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import java.util.Map; public class XsuaaBindingSettings { public static final String AUTHENTICATION_CALLBACK_PATH = "xsauaacallback/"; private final String hostname; private final String redirectUri; private final String urlEncodedRedirectUri; private final String serviceName; private final String servicePlan; private final String clientId; private final String clientSecret; private final String url; private final String verificationKey; private final String xsAppName; public XsuaaBindingSettings(final String vcapApplication, final String vcapServices) { final JSONObject vcapApplicationObject = new JSONObject(vcapApplication); final JSONArray appliationUrisArray = vcapApplicationObject.getJSONArray("application_uris"); hostname = appliationUrisArray.getString(0); redirectUri = "https://" + hostname + "/" + AUTHENTICATION_CALLBACK_PATH; try { urlEncodedRedirectUri = URLEncoder.encode(redirectUri, "UTF-8"); } catch (UnsupportedEncodingException e) { throw new RuntimeException("Failed to encode redirect URI"); } final JSONObject vcapServicesObject = new JSONObject(vcapServices); final JSONArray xsuaaArray = vcapServicesObject.getJSONArray("xsuaa"); final JSONObject xsuaaConfigurationObject = xsuaaArray.getJSONObject(0); serviceName = xsuaaConfigurationObject.getString("name"); servicePlan = xsuaaConfigurationObject.getString("plan"); final JSONObject credentialsObject = xsuaaConfigurationObject.getJSONObject("credentials"); clientId = credentialsObject.getString("clientid"); clientSecret = credentialsObject.getString("clientsecret"); url = credentialsObject.getString("url"); verificationKey = credentialsObject.getString("verificationkey"); xsAppName = credentialsObject.getString("xsappname"); } public String getRedirectUri() { return redirectUri; } public String getUrlEncodedRedirectUri() { return urlEncodedRedirectUri; } public String getServiceName() { return serviceName; } public String getServicePlan() { return servicePlan; } public String getClientId() { return clientId; } public String getClientSecret() { return clientSecret; } public String getUrl() { return url; } public String getVerificationKey() { return verificationKey; } public String getXsAppName() { return xsAppName; } @Override public String toString() { return ReflectionToStringBuilder.toString(this, ToStringStyle.SHORT_PREFIX_STYLE); } public static XsuaaBindingSettings importSettingsFromEnvironment() { LOGGER.info("Importing XSA-UAA binding settings from environment ..."); final Map<String, String> environment = System.getenv(); final String vcapApplication = environment.get("VCAP_APPLICATION"); final String vcapServices = environment.get("VCAP_SERVICES"); final XsuaaBindingSettings settings = new XsuaaBindingSettings(vcapApplication, vcapServices); LOGGER.info("Imported settings: " + settings); return settings; } public static boolean isXsaUaaEnvironment(){ LOGGER.debug("Checking XSA-UAA binding nvironment ..."); final Map<String, String> environment = System.getenv(); final String vcapApplication = environment.get("VCAP_APPLICATION"); final String vcapServices = environment.get("VCAP_SERVICES"); if(StringUtils.isBlank(vcapApplication) || StringUtils.isBlank(vcapServices)){ return false; } return true; } private final static ILogNode LOGGER = Core.getLogger("XSA-UAA-SSO"); }   

asked 2020-01-20

2 answers