Skip to Content

(Re-)Establish Trust with XSUAA and HANA DB

You installed XSA with MDC and you assigned your application in a organization / space to a logical database. This assignment can be done in XSA Admin in Service Broker Config (l#/serviceBrokerConfig)

Now the identity propagation fails.

The reason is that there is not automatic trust between UAA and HANA MDC. The trust creation will come with HANA 2 SP01 during MDC creation. The installation creates a trust to system DB only.

You can create this trust with the attached bash script yourself. You need to following parameters to do this.

  • system user (of logical database)
  • system password (of logical database)
  • xsa admin user (is optional but if you provide this name this user is enable to logon with SAML / JWT)
  • jdbcURL This URL can be taken from uaa.log. In case you can create trust to a logical database you need the database name

Step 1

Download the files from https://github.com/strehle/xsuaa-scripts/tree/master/saml to your XSA machine.

Step 2

Prepare execute. Configure settings in xsuaa_settings.cfg. Example for HANA with SID : XSA on instance 00 with logical database ABC

HANA_SID=XSA
HANA_INSTANCE=00
HANA_SYSTEM_USER=system
XSA_USER=xsa_admin
XSA_UAA_ENDPOINT=”https://`hostname -f`:30032/uaa-security”
# documentation about jdbc url, see http://help.sap.com/saphelp_hanaplatform/helpdata/en/ff/15928cf5594d78b841fbbe649f04b4/frameset.htm
# this is the jdbc url for a multiple instance database with connect to tenant DB ABC
JDBC_HANA_ENDPOINT=”jdbc:sap://`hostname -f`:30013/?databaseName=ABC”

Save this to file xsuaa_settings.cfg

Step 3

Execute the shell script xsuaa_hdbtrust.sh. Best you execute it on the XSA instance under the <sid>adm user of your XSA installation, however you can also call if from another machines. For xs login you need xs command tool.

 ./xsuaa_hdbtrust.sh xsuaa_settings.cfg

The script creates the trust and executes the test. Typical successful output is:

Result:
{“SESSION_USER”:”SYSTEM”,”CURRENT_USER”:”SYSTEM”,”SESSION_CONTEXT(‘XS_APPLICATIONUSER’)”:”XSA_ADMIN”}

In case you can here an error you can check in uaa.log the error reason or in HANA trace you will find the reason.

3 Comments
You must be Logged on to comment or reply to a post.