Skip to Content

The HANA CORS (Cross Origin Resource Sharing) configuration is straight forward but as the old saying goes, a picture paints a thousand words.  Such a shame that the SAP documentation policy is does not allow screenshots.  I have therefore tried to capture the configuration steps here.

SAP Analytics Cloud Version 2018.1.0
SAP HANA Version 1.00.111 (SPS 11).

The official SAP Analytics Cloud documentation is good and could be found here.
Live Data Connection to SAP HANA

This new CORS setup is really as simple as 1, 2, 3.

  1. Configure HANA HTTPS (SSL)
  2. INA (Information Access)
  3. CORS Configuration

1. Configure HANA HTTPS (SSL)

The Configuration of the SSL certificate is within the Web Dispatcher at

http://<WebServerHost>:80<SAPHANAinstance>/sap/hana/xs/wdisp/admin/

For me that is http://ivml2152.wdf.sap.corp:8024/sap/hana/xs/wdisp/admin/public/default.html

/sap/hana/xs/wdisp/admin/

Once completed you must be able to access XS classic urls via HTTPS, without any security pop-ups or certificate errors. Usually this is port 4300, if your SAP HANA instance number is 00, but 24 in my case, therefore port 4324.

The full configuration steps for HTTPS are outlined within the SAP HANA help documentation so I won’t repeat those here.

Configure HTTPS (SSL) for Client Application Access

 

2. Information Access (InA)

Verify InA is installed and you have rights to access this service.

https://<hana-hostname>:43<SAPHANAinstance>/sap/bc/ina/service/v2/GetServerInfo

For me that is https://ivml2152.wdf.sap.corp:4324/sap/bc/ina/service/v2/GetServerInfo

/sap/bc/ina/service/v2/GetServerInfo

The response from InA is in JSON, using a JSON browser extension makes the response more readable.  If InA is not working for you should check the INA package is installed and your user has access to this package via the sap.bc.ina.service.v2.userRole::INA_USER role.

Verify that you can access Metadata via InA

https://<hana-hostname>:43<SAPHANAinstance>/sap/bc/ina/service/v2/GetResponse?Request={%22Metadata%22:{%22Expand%22:[%22Cubes%22]}}

For me that is https://ivml2152.wdf.sap.corp:4324/sap/bc/ina/service/v2/GetResponse?Request={%22Metadata%22:{%22Expand%22:[%22Cubes%22]}}

/sap/bc/ina/service/v2/GetResponse?Request={%22Metadata%22:{%22Expand%22:[%22Cubes%22]}}

3. CORS Configuration

Be aware the CORS config below needs to be repeated after each and every HANA update, e.g moving from revision 122.12 to 122.15.

To access the XS admin site your user requires the following roles.

sap.hana.xs.admin.roles::RuntimeConfAdministrator  sap.hana.xs.admin.roles::SAMLViewer

Login to your XS (classic) admin site, the URL would be something like

https://<hana-hostname>:43<SAPHANAinstance>/sap/hana/xs/admin/#/package/sap.bc.ina.service.v2

For me that becomes https://ivml2152.wdf.sap.corp:4324/sap/hana/xs/admin/#/package/sap.bc.ina.service.v2

/sap/hana/xs/admin/#/package/sap.bc.ina.service.v2

Verify that Basic Authentication is allowed as below

Configure CORS, with the Allowed Origins, Allowed Headers and Exposed Headers as specified below.

# Allowed Headers
accept
authorization
content-type
x-csrf-token
x-request-with
x-sap-cid

# Exposed Headers
x-csrf-token

 

SAP Analytics Cloud

With the CORS configuration now completed we can establish the Live Direct HANA connection within SAP Analytics Cloud.

 

To report this post you need to login first.

8 Comments

You must be Logged on to comment or reply to a post.

  1. John Kearns

    Agree that this was a very helpful document.  The use of screenshots and actual URLs helped immensely.

    I realized from the screenshots provided that I had entered the allowed headers as a single string instead of 6 discreet headers.

    Changing that solved my connectivity issue.

    (0) 
    1. Ian Henry Post author

      Hi Mario,

      There is a hack that you can try for testing, that allows self-signed certs to work, by trusting the certificate within your browser.

      You can follow the steps above, ignoring the SSL step.

      Beware, this needs to be done in each and every session that you access SAP Analytics Cloud.
      To use the self-signed certificate you must first navigate to the XS HTTPS url, port 4300 by default.
      You will then receive a warning that the SSL certificate is invalid, once you have trusted it, you can then continue to SAP Analytics Cloud and connect to your HANA system.

       

      (0) 
  2. Mike Howles

    Is anybody else having a problem adding the exposed header ‘x-csrf-token’?  I can do everything else but I get a UI5 error in JavaScript console when trying to add this particular one…

    (0) 
    1. Ian Henry Post author

      Hi Mike,

      I have not come across that one, could be browser related – perhaps try with a different browser, or clear browser the cache?

       

      (0) 
      1. Mike Howles

         

        I ruled all that out. Tried different browsers and killed cache/cookies etc.  It’s a genuine code bug, at least in 2.0 SP3…  For clarity’s sake, I’m using the XS Classic HANA admin services (not XSA that pulls its stuff from a public CDN, so I’ve heard) which may explain why not everybody is struggling with this, as I’m probably an oddity with still only using XS Classic.  I managed to “hot fix” it by modifying a JS file to prevent the JS error and now I’ve got the connection working in SAC.  Screenshot below shows the hot fix. (Yeah, yeah, not supported by SAP, but whatever, I’m using HANA Express, and the code was broken, and now it’s not)

         

         

        (2) 
        1. Ian Henry Post author

          Wow, thanks for sharing Mike.

          I’m on 2.0 SP2, so I haven’t come across this one yet.

          I did see that HANA 2.0 SPS03 Revision 31 is now available, let’s hope that fixes it too.

           

          (1) 

Leave a Reply