-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request destination from other subaccount without BTP multi tenancy #2982
Comments
Hello @brampurnot, the error you are seeing is related to the fact that we changed our token exchnage part to use @sap/xssec which tries do get a token for the destination service using a JWT having a different landscape then the service. To my knowledge the destination service is isolated to a landscape so you need a way to hand in the URL of the destination service. We do not offer this on the import {fetchDestination} from '@sap-cloud-sdk/connectivity/internal`; For these methods you do not have a guarantee of semantic versioning but with a test coverage you could still include them with some confidence. I think we will not offer the
Best |
Hi there!
we have a very specific architecture where we we have our app deployed in multiple Kyma clusters in different regions. The idea is that customers will be redirected to the cluster with the best response time and only when all services are healthy.
For this particular use-case, we cannot use the standard BTP Multi tenancy concept with the SaaS registry. What we want to achieve now is that we deploy our app in multiple subaccounts within the same global account.
Tenants will still have their own subaccount in their region of choice. SAP IAS is used for the identity federation part. The challenge we have now is that we want to create the destinations in the subaccounts of the tenants. Therefore we need to be able to access the subaccounts destination service. We currently store the service binding details upon onboarding of the tenant in the credstore.
We are able to create and get the destinations by using the old SAP Cloud SDK Core fetchDestination function:
cloudSDK.fetchDestination(<<tenant destination URI>>, <<access_token>>)
However we are not able to do the same with the new getDestination. We have tried with a custom serviceBindingTransformFn and also with the iss but keep on getting the following error:
JKU of the JWT token (https://digicore.authentication.ap10.hana.ondemand.com/token_keys) does not match with the uaa domain (authentication.sap.hana.ondemand.com). Use legacy-token-key.
Is there any possibility to achieve this with the SAP Cloud SDK V2?
Thanks,
Bram
The text was updated successfully, but these errors were encountered: