Skip to Content
User Experience Insights
Author's profile photo Ankit Arora

SAP Analytics Cloud and On-Premise SAP HANA SSO Setup With External Identity Provider

This article describes about the end-to-end SSO setup from SAP Analytics Cloud to SAP HANA On-Premises with external non-sap identity provider.

In SAP Analytics Cloud(SAC), Based on your business requirement you may create models from data sources available in on-premise or cloud SAP HANA databases, and you may create story based on those models to perform real time analysis without data replication and duplication. This feature allows SAP Analytics Cloud to be used in scenarios where data cannot be moved into the cloud for security or privacy reasons, or your data already exists on a different cloud system.

The connection established between SAC and SAP HANA uses Live Data Connection with CORS setup. However, every time when end user executes the report for real time analysis, live data connection needs to be manually authenticated with target SAP HANA user credentials.

This article talks about the SSO setup between SAC and SAP HANA database with which the live data connection will not ask for the credentials again while executing the story or reports in SAC rather it will use the same credentials that was used to authenticate the SAC application.

SSO%20Setup%20High%20Level%20Overview

 High Level Overview of the complete setup

Limitation of this setup is that the external identity provider should be same for SAP Analytics cloud and SAP HANA. This setup doesn’t work if the IDP is different for both the participants.

The complete end to end configuration can be segregated in below 3 different sections to reduce the complexity of the configuration

 

Step Details
1.Setup SAP HANA XS with HTTPS https://blogs.sap.com/2022/05/04/setup-sap-hana-xs-with-https/
2.Setup SAML in SAP HANA with external Identity Provider https://blogs.sap.com/2022/05/06/setup-saml-in-sap-hana-with-external-identity-provider/
3.Setup SSO in SAC with external Identity Provider https://blogs.sap.com/2022/05/10/sso-setup-for-sap-analytics-cloud-using-external-an-identity-provider/

As you finish above three step setup, you need update the live connection details. Login to home page of SAP SAC and click on live data connection button on left bottom corner of the screen

Select the the data source as SAP HANA

 Provide details about your SAP HANA and select SAML single sign on

 

Once you click ok, new browser window will appear for the first time that will authenticate SAP HANA  SAML connection and will disappear automatically.

Once this is done, you may try and validate the end to end setup by running some story based on this live connection which should be able to fetch the data without asking for the credentials.

Please note that the live Direct connection with CORS setup is not maintained in this article, if you need details about this setup you may follow below link for the details

https://help.sap.com/docs/SAP_ANALYTICS_CLOUD/00f68c2e08b941f081002fd3691d86a7/58c890e1c89d41e69b2cec31bac2d95f.html

Thanks for reading this article and please do share your valuable feedback in a comment section or ask questions if you have any!!!

 

 

Assigned Tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Anikesh Jyotishi
      Anikesh Jyotishi

      Thank you Ankit for the detailed blogs,

      I am in the process of setup SSO between SAP SAC to HANA DB live data connection via AZ IDP.

      Mapped metadata between AZ to Hana (vice-versa) and AZ to SAC (AZ to SAC working fine).

      While using the authentication method as SAML SSO it redirects to MS authentication then HANA URL with "StatusCode in ResponseMessage != OK; please refer to the database trace for more information" after some time giving the below error.

      We couldn't connect to your HANA system. Possible causes: Third-party cookies are blocked, or CORS is not configured correctly. For more information, see our troubleshooting page.
      Troubleshoot
      DB log:-
      XSSession        XSSessionLifecycle.cpp(00303) : Assertion authentication for user <email> failed with reason: Internal processing error(StatusCode: , StatusMessage: )
      [10548]{-1}[-1/-1] 2023-02-07 10:55:24.173172 i Savepoint        SavepointImpl.cpp(03056) : Savepoint current savepoint version: 620958, restart redo log position: 0x481fd783, next savepoint version: 620959, last snapshot SP version: 0
      Followed below note.
      2596646 - Failed to connect to System in SAP Analytics Cloud (SAC)
      2933072 - Error We couldn't connect to your HANA system. Possible causes: Third-party cookies are blocked, or CORS is not configured correctly happens when creating live HANA connection in SAP Analytics Cloud (SAC)
      The same setup is working fine with the user id password.
      Kindly help me here.
      Thanks,
      Anikesh

       

      Author's profile photo Dirk Obert
      Dirk Obert

      Hi Anikesh,

      did you checked 2380176  (FAQ: SAP HANA Database Trace) by searching for " Assertion authentication for user <email> failed with reason: Internal processing error"?

      Br.,

      Dirk

      Author's profile photo Anikesh Jyotishi
      Anikesh Jyotishi

      Thank you Dirk,

       

      It was solved some time back.