我想使用带有OAuthSAMLBearerAssertion的目标在Neo SCP中使用CF服务。
但是每次我在WebIDE中检查服务时,都会出现错误500。
这是我的目的地:
#clientKey= Client-ID of your OAuth client
--> you will get the clientid from environment variables in CF:
--> xsuaa --> credentials --> clientid
#tokenServicePassword= Client secret of your OAuth client
--> you will get the clientsecret from environment variables in CF:
--> xsuaa --> credentials --> clientsecret
#Tue May 21 07:02:37 UTC 2019
Description=CF HANA OData Service
Type=HTTP
TrustAll=true
audience=xyz.aws-live-eu10 (=EntityID out of the SAML metadata)
Authentication=OAuth2SAMLBearerAssertion
WebIDEUsage=odata_gen
Name=cf_xyz_odata_auth
WebIDEEnabled=true
tokenServiceURL=https\://xyz.authentication.eu10.hana.ondemand.com/oauth/token/alias/xyz.aws-live-eu10 (= Token URL out of the SAML metadata)
URL=https\://backend.cfapps.eu10.hana.ondemand.com
ProxyType=Internet
tokenServiceURLType=Dedicated
tokenServiceUser= same as client key
WebIDESystem=CF
有什么想法吗?
答案 0 :(得分:5)
已解决:
问题是我确实必须在xs-security.json的oauth2-configuration中将Neo-Account赋予“允许的提供者”,然后删除/重新启动xsuaa服务实例。
“ oauth2-configuration”:{
"token-validity": 900,
"refresh-token-validity": 1800,
"autoapprove": "true",
"allowedproviders": ["..."],
"grant-types": ["refresh_token", "urn:ietf:params:oauth:grant-type:saml2-bearer", "password", "authorization_code"]
}