When I was working on the topic of the User Propagation between SAP BTP and third-party Applications. for a reason I picked the HAA-CF as my guinea pig application.

HAA-CF application simply has it all.

It has the app-router, a simple HTML5 front-end page and features a java backend micro-service being called through a destination service.

This brief is to demonstrate how one could consume a single HDI container with SAC/eSAC over a direct HANA live connection implemented with HANA Analytics Adapter (HAA) InA service.

The InA service is a java application and is provided by SAP “as is“.

Good to know:

• Nowadays, the mainstream SAP BTP cloud native database is SAP HANA Cloud. Although customers and partners on existing contracts may still be using SAP HANA Service.
• The presented method is generic in the sense that it allows to consume a single HDI container of SAP HANA Cloud (or SAP HANA Service) database on BTP platform, at a time.
• Please consider that neither embedded SAC nor MS Analysis for Office plug-in support SAP HANA Cloud live connection out-of-the-box (as for instance enterprise SAC does). They only support direct HANA live connectivity to SAP HANA BTP databases with HANA Analytics Adapter.

Pre-requisites:

• access to a sub-account with BTP Free / Trial / Paid account with Cloud Foundry environment enabled and a SAP HANA Cloud or SAP HANA Service instance up and running.
• admin access to SAC or eSAC tenant.
• good understanding of concepts behind SAP HANA HDI containers
• good understanding of concepts presented in the blog post User Propagation between SAP BTP and third-party Applications.

Disclaimer:

• The ideas presented in this blog are personal insights thus not necessarily endorsed by SAP.
• This is a playground only. All deployment examples, code snippets, gists, etc are provided “as is”.
• Images/data in this blog post is from internal/trial sandbox and/or demo systems. Any resemblance to real data is purely coincidental.
• Access to some resources referenced in this blog may be subject to a contractual relationship with SAP and a S-user login may be required. Always refer to T&C.

• In order to establish the IDP-initiated flow, a dedicated trusted IDP will have to be created in the BTP sub-account where the java backend service is hosted.

• For the sake of simplicity the destination service trust may be used as the Trusted IDP as explained in the following gist.

• However, any other trust could be used as well, provided the saml assertion signing keypair is uploaded to the destination service vault (for saml assertion signing). So this time I have not used the default destination service trust but built this trusted IDP with a trust from an external identity provider. Please refer to the following gist for more details.

• The destinations can be defined inline in the mta.yaml or as a json file. Further details are in this gist.

Deploy the HAA-CF application to a BTP CF space.

• The application structure and build is presented the following gist

Create a HANA live connection in SAC.

Things to know:

• You can retrieve the host and port of the live connection from the HAA-CF application’s HTML5 front-end page as follows:

• If you were targeting eSAC the connection will have to be created programmatically with the eSAC APIs.

The live connection is operational on-the-spot.

It does allow to access any cubes defined in the HDI container.