xsuaa in k8s

[sundarvc]

Hi team,

I have an approuter running in k8s cluster in one pod and this xsuaa spring app in another pod. As noted in post https://github.com/SAP/cloud-security-xsuaa-integration/issues/274 , the secrets are not getting passed on to the xsuaa spring app.

Can you briefly explain what needs to be done to expose the secrets to this spring app. Namely things like uaadomain,clientid ,clientsecret and xsappname. The app works if I just hard code them in the application.yml file but I would like to avoid that do something more dynamic .

Thanks, Sundar

[nenaraab]

Hi @sundarvc

you need to provide these information that are declared as part of this XsuaaCredentials interface ... via VCAP_SERVICES env variable or K8S secrets.

If it is not stored as VCAP_SERVICES env variable you have to integrate the values similar as it is described for multiple xsuaa service instances: https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/spring-xsuaa/Migration_JavaContainerSecurityProjects.md#multiple-xsuaa-bindings

If you are a SAP employee, you can watch this SAP-internal BLI: https://jtrack.wdf.sap.corp/browse/SECAUTH-436

Does this help?

Best regards, Nena

[sundarvc]

Hi Nena,

Thanks for this information. Yes, I am a SAP employee. Fyi, I got the XSUAA example working on Kyma cluster the say way as #274. This is with Approuter in a NodeJS Pod as the front-end. The scopes are propagated after authentication in the default SAP ID Service; they are not propagated if SSOCircle (another IDP) is used from some reason. I will look into your suggestions as well.

Regards, Sundar