Provider UI application url is not working

[prathik457]

I am trying to do a multi-tenant sample proof of concept in SAP Cloud Platform(SCP) using this repository as a reference. I have encountered a couple of problems and I am not sure what is the problem here. After deploying the application in subaccount1(space: APS), I went ahead and subscribed the deployed application from subaccount2. I see that the deployed application URL is not working. It says the subaccount does not map to a valid identity zone. Screenshot attached.

Also, If I access the subaccount2's URL, I get a login screen, but after login, I am getting the following error.: Internal Server Error in login/callback REST call

Here is mta.yaml

`ID: attempt3 _schema-version: '2.1' version: 0.0.1

modules:

• name: db3 type: hdb path: db3 parameters: memory: 256M disk-quota: 256M requires:

  • name: hdi_db3

• name: invbackend type: nodejs path: invbackend parameters: disk-quota: 1024M memory: 1024M provides:

  • name: invbackend_api properties: url: '${default-url}' requires:
    • name: hdi_db3
    • name: uaa_attempt3 properties: SAP_JWT_TRUST_ACL:
    • clientid: "" identityzone: ""

• name: invui type: html5 path: invui parameters: disk-quota: 256M memory: 256M build-parameters: builder: grunt requires:

  • name: uaa_attempt3
  • name: invbackend_api group: destinations properties: name: invbackend_api url: '~{url}' forwardAuthToken: true properties: TENANT_HOST_PATTERN: "^(.*)-invui.cfapps.eu10.hana.ondemand.com"

resources:

• name: hdi_db3 parameters: config: database_id: [id placeholder] properties: hdi-container-name: ${service-name} type: com.sap.xs.hdi-container

• name: uaa_attempt3 parameters: path: ./xs-security.json service-plan: application service: xsuaa shared: true type: org.cloudfoundry.managed-service

Here is the config.json { "appId": "attempt3!t9256", "displayName": "Inventory Management HANA App", "description": "An app to manage your inventory which uses HANA DB with Column Discrimination", "category": "Provider XYZ", "appUrls": { "onSubscription": "https://-invbackend./callback/v1.0/tenants/{tenantId}" } }`

Here is the xs-security.json { "xsappname": "attempt3", "tenant-mode": "shared", "description": "Security profile of called application", "scopes": [{ "name": "$XSAPPNAME.Callback", "description": "With this scope set, the callbacks for tenant onboarding, offboarding and getDependencies can be called.", "grant-as-authority-to-apps": [ "$XSAPPNAME(application,sap-provisioning,tenant-onboarding)" ] }] }

Please note that if I make the tenant-mode as dedicated, I am able to log in through provider URL. Let me know if anything else is required. TIA

[carolavaitl]

Hi @prathik457 , the first issue with the mapping of subdomain to the indentity zone can be solved by adding a new route. It has to fetch the tenant host pattern (also for provider subaccount).

The second issue I was getting as well in my own project and this is how I could solve it: I unsubscribed the subaccounts and deleted xsuaa and saas service. Then I built and deployed the app again and created a new saas registry service. I think xsuaa and saas did not fit anymore.