Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP BI PLATFORM SAML SSO TO HANA DATABASE

nico_luhr
Explorer
‎03-22-2020 11:27 PM

Prerequisites:


HANA XS up and running with SSL configured

BI Platform up and running with SSL configured

We use a HANA database 1.0 without a tenant base and the xs classic webserver, on BI PLATFORM side we are on 4.2 SP 7

Configuration:


This section describes the configuration, first I describe the configuration of the BI Platform afterwards I describe the configuration of your HANA database.

Configure BI Platform


Logon to CMC using https://host:sslport/BOE/CMC



Navigate to Applications > HANA Authentication



Create Identity Provider for HDBC Connection to HANA



  1. Select the connection type
    SAP HANA for native HANA connection, SAP HANA HTTP for HTTP and HTTPS connections

  2. Enter the hostname of your HANA

  3. HANA Port
    this should be the port your indexserver is running on

  4. HANA Instance Number
    I always provided just the port

  5. HANA Tenant Database
    As we are running on HANA 1.0 we don't have tenant databases

  6. Unique Identity Provider ID
    An ID of your choice my best practice is HANA_SIDBIP_SIDSAML_HDBC

  7. Service Provider Name
    this must match the name of your HANA service provider, please see later in this post where to find the name on HANA side

  8. Identity Provider Base64 Certificate
    the certificate is shown after you click oon the button Generate (9), this certificate needs to be imported in your HANA database to trust the identity provider we are creating

  9. Generate
    By clicking on the button the Identity Provider Base64 Certificate gets generated, when you edit the hostname or port the certificate needs to be regenerated


 

Create Identity Provider for HTTPS Connection to HANA



I just explain the additional points, for the other points please see above

  1. HANA Port
    here you have to provide the port your xs engine is running on

  2. Secure Connection
    if you use https you have to select Secure Connection

  3. Test Connection
    the user you provide for testing the connection must be configured for SAML and must have a mapping for the created identity provider, I describe the creation of the saml mapping later in this blog


 

Configure HANA database


First we have to import the certificate we generated on the BI Platform, afterwards we need to create an identity provider. There are several ways to do this. Here I will describe the steps using the SAP HANA Cockpit and the steps using the xs admin cockpit. Please be careful, if you are using file based certificates (pse files) you have to follow the steps I described here "certificate import using file based certificates" in this blog.

 

using the SAP HANA Cockpit


First we open the SAP HANA Cockpit and navigate to the HANA database we want to configure the SAML SSO for.



by clicking on the resource name you can open the System Overview of the database



now we search for saml and navigate to the certificate store



In the certificate store we click on Import to import the certificate we created on the BI Platform



Copy the certificate content on the BI Platform and paste it here, click on ok afterwards



The imported certificate is shown in the certificate list



Now we need to add the certificate to our saml certificate collection, therefore we search for saml on the system overview page again and click on certificate collections



Select your saml certificate collection, if you don't have a saml certificate collection yet you can create a new one here, important is to set the purpose of the collection to saml



cilck on add certificate to add the imported certificate to your saml certificate collection



select the imported certificate from the list and click OK



Now we need to add an SAML identity provider from the system overview page we click on SAML Identity Provider



We wan't to add a new identity provider



enter your identity provider name > this should be the same name as the one given on the BI Platform



the added identity provider should be shown in the list now


using xs admin


logon to your xs engine



check the name of the HANA SAML Service Provider



Go to trust manager > saml and selct import certificate



create your saml identity provider


certificate import using file based certificates


if your are using file based certificates (.pse files on the file system) in your hana database you need to import the certificates in the system PSE of your hana database. This can be done usind wdisp admin



select sapsrv.pse > Import certificate



select the certificate from BI Platform and paste it here then click on import



the successfull import is shown


create SAML Mapping


the saml mapping can be created using HANA studio or HANA cockpit

from the system overview page serch for user and navigate to User Management





I created a test user in the hana database and mapped it to the Administrator user of the BI Platform


configure the INA Service for SAML (required for HTTP and HTTPS connections)


you have to enable saml for the ina service, this is used to sign on using HTTP or HTTPS connections to your hana database. Select one of your identity providers here, it will work for all other identity providers on your hana too



 

test your connection


log on to the cmc of your BI Platform again, then navigate to Applications > HANA Authentication



click on test connection > the connection test should be successfull now
6 Comments
Labels in this area
Popular Blog Posts