This document will outline the configuration steps to establish a successful (SAML) Certificate import without a HANA system restart.
The example below will follow a SAP BI 4.x SAML certificate imported into HANA.
- HANA SP9+
- CommonCryptoLib
The following authorizations need to be added to the HANA user profile who will execute these steps.
The connection URL towards the SAP WebDispatcher on HANA:
http(s)://<FQDN>:(80<SID>/43<SID>/sap/hana/xs/wdisp/admin/public/default.html
This will give you the following screen:
From the left under "SSL and Trust Configuration" select "PSE Management"
On the right part of the screen select the drop down behind "Manage PSE" and select sapsrv.pse
On the right side of the page select "Import Certificate".
Copy past the BI 4.x certificate into the screen and press "Import".
In order to pick up the new certificate you can switch on the authentication trace.
ALTER SYSTEM ALTER CONFIGURATION ('indexserver.ini', 'SYSTEM') set ('trace', 'authentication') = 'debug' with reconfigure;
Alternatively you can do it via the Trace Configuration tab if you choose to do this manually.
Now you can test the connection to see if SSO is picking up. In case it won’t pick up there is an alternative.
In case the steps above were followed and SSO is not yet picking up for your application, the following can be done to ensure it will work. DISCLAIMER: If you proceed to do this on Production ensure you have requested an operating time! As this will only take a few second, it can disrupt your current traffic.
Go to "Core System" and select "Monitor". Here you will see the current status of your Web Dispatcher. Click on the drop down from the "Status" line and select "Soft Shutdown SAP Web Dispatcher".
This will re-establish itself within a few seconds!
Now you should have SSO working and enabled.
Lastly don't forget to switch of the authentication trace if you don't need it anymore.
ALTER SYSTEM ALTER CONFIGURATION ('indexserver.ini', 'SYSTEM') set ('trace', 'authentication') = 'default' with reconfigure;
Alternatively you can do it via the Trace Configuration tab if you choose to do this manually.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
5 | |
5 | |
5 | |
5 | |
4 | |
4 | |
4 | |
3 | |
3 |