The HANA CORS (Cross Origin Resource Sharing) configuration is straight forward but as the old saying goes, a picture paints a thousand words. Such a shame that the SAP documentation policy does not allow screenshots. I have captured the configuration steps here.
SAP Analytics Cloud Version 2018.1.0
SAP HANA Version 1.00.111 (SPS 11).
The official SAP Analytics Cloud documentation is good and could be found here.
Live Data Connection to SAP HANA
This CORS setup is pretty simple.
- Configure HANA HTTPS (SSL)
- InA (Information Access)
- CORS Configuration
- XS Timeout
- SameSite Cookie Settings
1. Configure HANA HTTPS (SSL)
The Configuration of the SSL certificate is within the Web Dispatcher at the URL below.
The following role is required.
sap.hana.xs.wdisp.admin::WebDispatcherAdmin
http://<WebServerHost>:80<SAPHANAinstance>/sap/hana/xs/wdisp/admin/
For me that is
http://ivml2152.wdf.sap.corp:8024/sap/hana/xs/wdisp/admin/public/default.html
/sap/hana/xs/wdisp/admin/
Once completed you must be able to access XS classic urls via HTTPS, without any security pop-ups or certificate errors. Usually this is port 4300, if your SAP HANA instance number is 00, but 24 in my case, therefore port 4324.
The full configuration steps for HTTPS are outlined within the SAP HANA help documentation so I won't repeat those here.
Configure HTTPS (SSL) for Client Application Access
2. Information Access (InA) using EPM-MDS
Verify InA is installed and you have rights to access this service.
https://<hana-hostname>:43<SAPHANAinstance>/sap/bc/ina/service/v2/GetServerInfo
For me that is
https://ivml2152.wdf.sap.corp:4324/sap/bc/ina/service/v2/GetServerInfo
/sap/bc/ina/service/v2/GetServerInfo
The response from InA is in JSON, using a JSON browser extension makes the response more readable.
If InA is not working it may not be installed (as below). Errors such as
"InformationAccess Service GetServerInfo is not available. Install the SAP HANA EPM-MDS plugin."
You will need to download the the HANA
EPM-MDS package from
SWDC.
Check that your user has access to this package via the
sap.bc.ina.service.v2.userRole::INA_USER role.
Verify that you can access Metadata via InA
https://<hana-hostname>:43<SAPHANAinstance>/sap/bc/ina/service/v2/GetResponse?Request={%22Metadata%22:{%22Expand%22:[%22Cubes%22]}}
For me that is
https://ivml2152.wdf.sap.corp:4324/sap/bc/ina/service/v2/GetResponse?Request={%22Metadata%22:{%22Exp...]}}
/sap/bc/ina/service/v2/GetResponse?Request={%22Metadata%22:{%22Expand%22:[%22Cubes%22]}}
3. CORS Configuration
Be aware the CORS config below needs to be repeated after each and every HANA update, e.g moving from revision 122.12 to 122.15.
To access the XS admin site your user requires the following roles.
sap.hana.xs.admin.roles::RuntimeConfAdministrator sap.hana.xs.admin.roles::SAMLViewer
sap.hana.xs.admin.roles::HTTPDestViewer
Login to your XS (classic) admin site, the URL would be something like
https://<hana-hostname>:43<SAPHANAinstance>/sap/hana/xs/admin/#/package/sap.bc.ina.service.v2
For me that becomes
https://ivml2152.wdf.sap.corp:4324/sap/hana/xs/admin/#/package/sap.bc.ina.service.v2
/sap/hana/xs/admin/#/package/sap.bc.ina.service.v2
Verify that Basic Authentication is allowed as below
Configure CORS, with the Allowed Origins, Allowed Headers and Exposed Headers as specified below.
# Allowed Headers
accept
authorization
content-type
x-csrf-token
x-request-with
x-sap-cid
accept-language
# Exposed Headers
x-csrf-token
As an alternative, or if you experience any issues with the XS user interface, SQL can be used.
An example SQL statement is show, that can apply this configuration. The SQL needs to be modified with your appropriate SAP Analytics Cloud URL.
UPDATE "_SYS_XS"."RUNTIME_CONFIGURATION"
SET "CONFIGURATION" = ' {"cors":{"enabled":true,"allowOrigin":["https://<url_address>"],"exposeHeaders":["x-csrf-token"],"allowHeaders":["accept-language","x-sap-cid","x-request-with","x-csrf-token","content-type","authorization","accept"],"allowMethods":["GET","HEAD","POST","OPTIONS"],"maxAge":3600}}'
WHERE "PACKAGE_ID" = 'sap.bc.ina.service.v2';
This is also described in the
SAP Note 2655556
4. XS Timeout
We should also increase the XS timeout from the default of 900 seconds (15 minutes) to 43200 (12 hours). Below is the SQL to do this.
alter system alter configuration ('xsengine.ini','SYSTEM') set ('httpserver','sessiontimeout')='43200' with reconfigure;
This can also be changed in HANA Studio.
5. SameSite Cookies Settings
I have captured these steps in a separate blogpost that can be found here
https://blogs.sap.com/2020/08/26/how-to-fix-google-chrome-samesite-cookie-issue-with-sac-and-hana/
SAP Analytics Cloud
With the CORS configuration now completed we can establish the Live Direct HANA connection within SAP Analytics Cloud.
Troubleshooting
Recently (during 2020 and early 2021) Google Chrome has included additional privacy settings for blocking third-party cookies. The impact of this is that live HANA connections can fail due to the site being seen as a third-party.
You can check for third-party cookies being blocked.
With Chrome Site Settings, you can allow the blocked Cookies
If SAC refuses to connect, then further information can be seen in the web browser Developer Console (F12) or (View/Tools -> Web Developer -> Console)