Skip to Content

[SAP HANA Academy] Live3: Web Services – Authentication

[Update: April 5th, 2016 –  The Live3 on HCP tutorial series was created using the SAP HANA Cloud Platform free developer trial landscape in January 2015. The HCP landscape has significantly evolved over the past year. Therefore one may encounter many issues while following along with the series using the most recent version of the free developer trail edition of HCP.]

In the next part of the SAP HANA Academy’s Live3 on HCP course Philip Mugglestone explains why a “proxy” authentication server is needed to access your SAP HANA Cloud Platform web services from a SAP HANA Cloud HTML5 application. Watch Philip’s tutorial video below.

Screen Shot 2015-05-08 at 10.05.31 AM.png

(0:12 – 3:00) Issue with HTML5 Authentication for the HCP Developer Trail Edition

Prior to this tutorial the web services were set up using the SAP HANA instance. We now want to access our Live3 app, OData, and server side JavaScript from a front end application UI.

Back in the SAP HANA Cloud Platform Cockpit our SAP HANA instance now has one application. Clicking on the application shows the URL, which you can navigate to and then enter a command like we’ve done in the earlier videos in the Live3 course.

There is one slight complication to building a HTML5 front end application. Our SAP HANA instances in the developer trail edition of HCP use SAML 2.0 authentication. Normally to access a backend system when working with a HTML5 application you use a destination in order to reference a folder or URL. The destination appears to be local to where the HTML5 application is hosted. However, it is pushed out to a backend system that can be hosted anywhere on the internet (even behind a firewall if you use the cloud connector). The destination is very important as it allows you get around the restriction of most browsers.

The trail edition of the SAP HANA Cloud Platform uses only SAML 2.0 as the authentication for the SAP HANA instance. SAML 2.0 is not an authentication method available in the destination configuration in the SAP HANA Cloud Platform Cockpit. Fortunately there is workaround.

Screen Shot 2015-05-08 at 10.32.13 AM.png

(3:00 – 4:45) Explanation for Proxy’s Necessity via the Live3 Course Architecture

Normally the browser or mobile HTML5 app would access the SAP HANA Cloud Platform where the HTML5 app is hosted. It would then access a backend system, which is SAP native web services, through a destination. However, we can’t connect the destination to the SAP HANA XS instance. So a destination can be defined that goes through the SAP HANA Cloud Connector that is installed locally on the desktop. Then a proxy will be inserted in-between the SAP HANA Cloud Connector and the native web services to account for the SAML 2.0 authentication and then connect back to the destination. This would not be run in production but is being used in this course purely as a work around of a technical limitation of the free trail developer edition of the SAP HANA Cloud Platform.

Screen Shot 2015-05-08 at 10.35.08 AM.png

(4:45 – 5:45) Locating the Proxy

The necessary proxy was created by SAP Mentor, Gregor Wolf. Search Google for “Gregor Wolf GitHub” and click on the link to his page. Under the popular repositories section open the hanatrail-auth-proxy file. Written in node.js the file will allow us to access the SAP HANA web services via a destination. The next video will detail how to download and install the proxy.

Follow along with the SAP HANA Academy’s Live3 on HCP course here.

SAP HANA Academy – Over 900 free tutorial videos on using SAP HANA and SAP HANA Cloud Platform.

Follow @saphanaacademy

You must be Logged on to comment or reply to a post.
    • Hi Gregor,

      The intention of this specific document is to write out the individual steps and highlight the important concepts covered in video number 22 out of 42 of the SAP HANA Academy’s Live3 on HCP course.

      Philip’s original blog posts provides an overview of the entire 42 video course by detailing the Live3 application’s business case and the course’s architecture. My documents for each individual video help ensure that people following along with the course can quickly find the different sections of the videos where certain parts are covered in case they have missed a step or need a quick refresher on a concept.

      Thank you for creating the SAP HANA trail authentication proxy used in the course.

      Best Regards,