Provider UI application url is not working

[prathik457]

I am trying to do a multi-tenant sample proof of concept in SAP Cloud Platform(SCP) using this repository as a reference.
I have encountered a couple of problems and I am not sure what is the problem here.
After deploying the application in subaccount1(space: APS), I went ahead and subscribed the deployed application from subaccount2. I see that the deployed application URL is not working.
It says the subaccount does not map to a valid identity zone. Screenshot attached.

Also, If I access the subaccount2's URL, I get a login screen, but after login, I am getting the following error.:
Internal Server Error
in login/callback REST call

Here is mta.yaml

`ID: attempt3
_schema-version: '2.1'
version: 0.0.1

modules:

• name: db3
  type: hdb
  path: db3
  parameters:
  memory: 256M
  disk-quota: 256M
  requires:

  • name: hdi_db3

• name: invbackend
  type: nodejs
  path: invbackend
  parameters:
  disk-quota: 1024M
  memory: 1024M
  provides:

  • name: invbackend_api
    properties:
    url: '${default-url}'
    requires:
    • name: hdi_db3
    • name: uaa_attempt3
      properties:
      SAP_JWT_TRUST_ACL:
    • clientid: ""
      identityzone: ""

• name: invui
  type: html5
  path: invui
  parameters:
  disk-quota: 256M
  memory: 256M
  build-parameters:
  builder: grunt
  requires:

  • name: uaa_attempt3
  • name: invbackend_api
    group: destinations
    properties:
    name: invbackend_api
    url: '~{url}'
    forwardAuthToken: true
    properties:
    TENANT_HOST_PATTERN: "^(.*)-invui.cfapps.eu10.hana.ondemand.com"

resources:

• name: hdi_db3
  parameters:
  config:
  database_id: [id placeholder]
  properties:
  hdi-container-name: ${service-name}
  type: com.sap.xs.hdi-container

• name: uaa_attempt3
  parameters:
  path: ./xs-security.json
  service-plan: application
  service: xsuaa
  shared: true
  type: org.cloudfoundry.managed-service

Here is the config.json{
"appId": "attempt3!t9256",
"displayName": "Inventory Management HANA App",
"description": "An app to manage your inventory which uses HANA DB with Column Discrimination",
"category": "Provider XYZ",
"appUrls": {
"onSubscription": "https://-invbackend./callback/v1.0/tenants/{tenantId}"
}
}`

Here is the xs-security.json
{ "xsappname": "attempt3", "tenant-mode": "shared", "description": "Security profile of called application", "scopes": [{ "name": "$XSAPPNAME.Callback", "description": "With this scope set, the callbacks for tenant onboarding, offboarding and getDependencies can be called.", "grant-as-authority-to-apps": [ "$XSAPPNAME(application,sap-provisioning,tenant-onboarding)" ] }] }

Please note that if I make the tenant-mode as dedicated, I am able to log in through provider URL.
Let me know if anything else is required.
TIA

[carolavaitl]

Hi @prathik457 ,
the first issue with the mapping of subdomain to the indentity zone can be solved by adding a new route. It has to fetch the tenant host pattern (also for provider subaccount).

The second issue I was getting as well in my own project and this is how I could solve it: I unsubscribed the subaccounts and deleted xsuaa and saas service. Then I built and deployed the app again and created a new saas registry service. I think xsuaa and saas did not fit anymore.