I am trying to do a multi-tenant sample proof of concept in SAP Cloud Platform(SCP) using this repository as a reference.
I have encountered a couple of problems and I am not sure what is the problem here.
After deploying the application in subaccount1(space: APS), I went ahead and subscribed the deployed application from subaccount2. I see that the deployed application URL is not working.
It says the subaccount does not map to a valid identity zone. Screenshot attached.
Also, If I access the subaccount2's URL, I get a login screen, but after login, I am getting the following error.:
Internal Server Error
in login/callback REST call
Here is mta.yaml
`ID: attempt3
_schema-version: '2.1'
version: 0.0.1
modules:
-
name: db3
type: hdb
path: db3
parameters:
memory: 256M
disk-quota: 256M
requires:
-
name: invbackend
type: nodejs
path: invbackend
parameters:
disk-quota: 1024M
memory: 1024M
provides:
- name: invbackend_api
properties:
url: '${default-url}'
requires:
- name: hdi_db3
- name: uaa_attempt3
properties:
SAP_JWT_TRUST_ACL:
- clientid: ""
identityzone: ""
-
name: invui
type: html5
path: invui
parameters:
disk-quota: 256M
memory: 256M
build-parameters:
builder: grunt
requires:
- name: uaa_attempt3
- name: invbackend_api
group: destinations
properties:
name: invbackend_api
url: '~{url}'
forwardAuthToken: true
properties:
TENANT_HOST_PATTERN: "^(.*)-invui.cfapps.eu10.hana.ondemand.com"
resources:
-
name: hdi_db3
parameters:
config:
database_id: [id placeholder]
properties:
hdi-container-name: ${service-name}
type: com.sap.xs.hdi-container
-
name: uaa_attempt3
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
shared: true
type: org.cloudfoundry.managed-service
Here is the config.json{
"appId": "attempt3!t9256",
"displayName": "Inventory Management HANA App",
"description": "An app to manage your inventory which uses HANA DB with Column Discrimination",
"category": "Provider XYZ",
"appUrls": {
"onSubscription": "https://-invbackend./callback/v1.0/tenants/{tenantId}"
}
}`
Here is the xs-security.json
{ "xsappname": "attempt3", "tenant-mode": "shared", "description": "Security profile of called application", "scopes": [{ "name": "$XSAPPNAME.Callback", "description": "With this scope set, the callbacks for tenant onboarding, offboarding and getDependencies can be called.", "grant-as-authority-to-apps": [ "$XSAPPNAME(application,sap-provisioning,tenant-onboarding)" ] }] }
Please note that if I make the tenant-mode as dedicated, I am able to log in through provider URL.
Let me know if anything else is required.
TIA
I am trying to do a multi-tenant sample proof of concept in SAP Cloud Platform(SCP) using this repository as a reference.
I have encountered a couple of problems and I am not sure what is the problem here.
After deploying the application in subaccount1(space: APS), I went ahead and subscribed the deployed application from subaccount2. I see that the deployed application URL is not working.
It says the subaccount does not map to a valid identity zone. Screenshot attached.
Also, If I access the subaccount2's URL, I get a login screen, but after login, I am getting the following error.:
Internal Server Error
in login/callback REST call
Here is mta.yaml
`ID: attempt3
_schema-version: '2.1'
version: 0.0.1
modules:
name: db3
type: hdb
path: db3
parameters:
memory: 256M
disk-quota: 256M
requires:
name: invbackend
type: nodejs
path: invbackend
parameters:
disk-quota: 1024M
memory: 1024M
provides:
properties:
url: '${default-url}'
requires:
properties:
SAP_JWT_TRUST_ACL:
identityzone: ""
name: invui
type: html5
path: invui
parameters:
disk-quota: 256M
memory: 256M
build-parameters:
builder: grunt
requires:
group: destinations
properties:
name: invbackend_api
url: '~{url}'
forwardAuthToken: true
properties:
TENANT_HOST_PATTERN: "^(.*)-invui.cfapps.eu10.hana.ondemand.com"
resources:
name: hdi_db3
parameters:
config:
database_id: [id placeholder]
properties:
hdi-container-name: ${service-name}
type: com.sap.xs.hdi-container
name: uaa_attempt3
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
shared: true
type: org.cloudfoundry.managed-service
Here is the config.json{"appId": "attempt3!t9256",
"displayName": "Inventory Management HANA App",
"description": "An app to manage your inventory which uses HANA DB with Column Discrimination",
"category": "Provider XYZ",
"appUrls": {
"onSubscription": "https://-invbackend./callback/v1.0/tenants/{tenantId}"
}
}`
Here is the xs-security.json
{ "xsappname": "attempt3", "tenant-mode": "shared", "description": "Security profile of called application", "scopes": [{ "name": "$XSAPPNAME.Callback", "description": "With this scope set, the callbacks for tenant onboarding, offboarding and getDependencies can be called.", "grant-as-authority-to-apps": [ "$XSAPPNAME(application,sap-provisioning,tenant-onboarding)" ] }] }Please note that if I make the tenant-mode as dedicated, I am able to log in through provider URL.
Let me know if anything else is required.
TIA