Skip to Content
Author's profile photo Rui Nogueira

The DevTalks Series – Identity Managment

After moving to the SAP HANA Cloud Platform team this year I’ve talked to my team mates about creating a series of videos around specific topics in the SAP NetWeaver Cloud world. They all thought it was a great idea and my new team mate Matthias Steiner provided the name for this series: “DevTalks”.

After learning from Matthias that we even have a song for the intro of the videos (“Neo – Flying in the clouds” from SAP Mentor Matt Harding, thanks Matt!!) I’ve asked my colleague Martin Raepple if he’d be willing to talk about a very interesting topic – Identity & Access Management in SAP NetWeaver Cloud. He’s the Product Owner of this topic in the SAP NetWeaver Cloud team.

With the video below you’ll get a good overview on how SAP HANA Cloud Platform runs the identity management on SAML. Other protocols (e.g. oAuth) are already in the pipeline.

After watching this video you might want to get your hands dirty with coding and configuring. So for those of you who can’t resist to try out what Martin was talking about, Martin created a series of tutorials around SSO (Single-Sign-On) and Identity Federation on SAP HANA Cloud Platform. You can also download his xLeave application as a war file or the complete source code.

For those of you who’d like to learn how to use oAuth in SAP HANA Cloud Platform I recommend the corresponding oAuth blog from Chris Paine. Thanks Chris for writing this up!

That’s all for now. We’ll come up with more videos for you soon covering other topics in the SAP HANA Cloud Platform area. And with that you’ll also get to know some of the developers behind this great product.


For those of you who don’t know how to start with SAP NetWeaver Cloud: visit the developer center for SAP HANA Cloud Platform and get started quickly.

Have fun,


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Matthias Steiner
      Matthias Steiner

      Hi Rui, hi Martin,

      great job guys!!! I've been thinking about kicking off the "DevTalks" series for quite some time now, yet never found the time to do so. As such, I'm really happy to have Rui join the team and help us spreading the word about all things NEO 😉

      Keep rockin'!!!



      Author's profile photo Chris Paine
      Chris Paine

      Great video guys, and thanks for the mention Rui.

      Really look forward to seeing OAuth work with the built-in authentication/security model. Especially nice would be being able to apply that to the standard resources of the application, rather than having to apply JavaScript as I do to check if the user has a valid session cookie and redirecting them to a login page if not.

      Any potential for certificate based authentication (apologies if this already exists I wasn't aware). As the multi-trip authentication for SAML and OAuth can be somewhat frustrating for users (long delays).

      I saw on the wikipedia entry on  SAML

      that perhaps there is another step in the authentication process - like with my implementation of OAuth, that the return call from the IdP actually then redirects the user to a logged in page (making another browser round trip). Or is there someway that Neo side-steps this? Perhaps having some way to automatically serve the originally requested page rather than 302'ing it?



      Author's profile photo Rui Nogueira
      Rui Nogueira
      Blog Post Author

      Hey Chris!

      Martin will get back to you regarding your questions. He's not in the office this week so it might take a week for you to get feedback.

      Looking forward to your next whiteboard presentations for SAP NetWeaver Cloud. Anything in the pipeline? 🙂



      Author's profile photo Martin Raepple
      Martin Raepple

      Hi Chris,

      thanks for your feedback! Regarding OAuth, we actually plan to support two different scenarios:

      • SSO and ID Federation with (OAuth-based) Social IdPs: Similar to the current federation solution with SAML 2-based IdPs as described in the video, the account operator should be able to configure trust to a social IdP and define federation settings for it, such as attribute mappings and federated role assigments. No additional coding will be required in this case.
      • OAuth(2)-based protection of RESTful resources exposed by NW Cloud applications: Compared to the previous scenario, the OAuth Authorization Server (AS) and Resource Server (RS) are now part of the NW Cloud platform, and the consumer could be any client supported by the specification (native mobile app, JavaScript, ...). The authentication of the user before issuing the authorization grant to the Client will be triggered by the AS. This could lead to the above SAML Web SSO flow (which we already use today) with the trusted IdP of the NW Cloud account the application (or RS in OAuth terms) is deployed to.

      Client-certificate based authentication is not yet an official feature of the platform.



      Author's profile photo Former Member
      Former Member

      Hi Experts,

      I am curious to understand whether I am able to develop an application with my developer trial account on SAP HANA cloud Platform, that will authenticate users with their Facebook or Google account ?