You installed XSA with MDC and you assigned your application in a organization / space to a logical database. This assignment can be done in XSA Admin in Service Broker Config (l#/serviceBrokerConfig)
Now the identity propagation fails.
The reason is that there is not automatic trust between UAA and HANA MDC. The trust creation will come with HANA 2 SP01 during MDC creation. The installation creates a trust to system DB only.
You can create this trust with the attached bash script yourself. You need to following parameters to do this.
- system user (of logical database)
- system password (of logical database)
- xsa admin user (is optional but if you provide this name this user is enable to logon with SAML / JWT)
- jdbcURL This URL can be taken from uaa.log. In case you can create trust to a logical database you need the database name
Step 1
Download the files from
https://github.com/strehle/xsuaa-scripts/tree/master/saml to your XSA machine.
Step 2
Prepare execute. Configure settings in xsuaa_settings.cfg. Example for HANA with SID : XSA on instance 00 with logical database ABC
HANA_SID=XSA
HANA_INSTANCE=00
HANA_SYSTEM_USER=system
XSA_USER=xsa_admin
XSA_UAA_ENDPOINT="https://`hostname -f`:30032/uaa-security"
# documentation about jdbc url, see http://help.sap.com/saphelp_hanaplatform/helpdata/en/ff/15928cf5594d78b841fbbe649f04b4/frameset.htm
# this is the jdbc url for a multiple instance database with connect to tenant DB ABC
JDBC_HANA_ENDPOINT="jdbc:sap://`hostname -f`:30013/?databaseName=ABC"
Save this to file xsuaa_settings.cfg
Step 3
Execute the shell script xsuaa_hdbtrust.sh. Best you execute it on the XSA instance under the <sid>adm user of your XSA installation, however you can also call if from another machines. For xs login you need xs command tool.
./xsuaa_hdbtrust.sh xsuaa_settings.cfg
The script creates the trust and executes the test. Typical successful output is:
Result:
{"SESSION_USER":"SYSTEM","CURRENT_USER":"SYSTEM","SESSION_CONTEXT('XS_APPLICATIONUSER')":"XSA_ADMIN"}
In case you can here an error you can check in uaa.log the error reason or in HANA trace you will find the reason.