Dear All,
Here are some common basic troubleshooting steps for embedded analytics authentication and authorization:
Here are the available cookies set for SAC
Set By Cookie Purpose When Set
Approuter | JSESSIONID | Single cookie placed on the users device so the server can identify the user. | Created as a browser session cookie whenever a new user visits SAC site. The value is not updated unless the current session ends, in which case a completely new JSESSIONID cookie is set. |
x-sap-boc-referer | Single cookie placed on the users device to track request referrer | Created as a browser session cookie when authenticating with SAC | |
HANA xsjs code** | x-sap-boc-pusher-count | Single cookie placed on the users device to track session state | Created as a browser session cookie after successfully authenticated in SAC |
HANA | xsSecureId* | Single cookie placed on the users device so the backend hana server can identify the user. | Created as a browser session cookie after successfully authenticated in SAC |
sapxslb | Single cookie placed on the users device to ensure sticky backend hana session | Created when client first time access the hana server. | |
Platform | BIGipServer* | Used for BIGIP to route traffic and ensure sticky session | Created when client first time access the server. |
JTENANTSESSION_<tenantid> | This cookie is issued along with the JSESSIONID cookie and is used for session consistency - if it is not send along with the JSESSIONID cookie then the session will be considered invalid | The cookie is issued after successful authentication by the application runtime. | |
mdsourcrs* | Multi-Domain cookie which contains the URL and some additional information about the application that has triggered the authentication so that a redirect to this application is made after successful authentication. | The cookie is issued during authentication by the authentication login modules in regular platform domains scenario | |
'ouc*' | Realy state cookie which contains the URL and some additional information about application that has triggered the authentication. | The cookie is issued during authentication by the authentication login module in custom domains scenario |
To allow third-party cookies in the web browser please check the links provided below for the most popular browsers:
Here´s the way to setup Safari (untested): Open "Settings" and click on "Preferences". Then, select the "Privacy tab" and deselect the checkbox before the "Prevent cross-site tracking" option. Deselect the checkbox before the "Block all cookies" option. Then exit the popup.
To use the SAML Tracer extension, you need to enable it. To do this, follow these steps:
Once the SAML Tracer extension is enabled, it will start capturing all SAML requests and responses that are sent and received by your browser. You can view these requests and responses by opening the SAML Tracer extension window. To do this, follow these steps:
Here are the steps to perform with User having issues to login through Identity Provider
Here are some additional things to keep in mind when troubleshooting SAML logs:
As you know, it's too dificult to get into Admin side of it to check and validate the Users in User Administration...
After you login into SAC or EA, you will go to SCIM API URL for Users to find and validate
URL should look like this : https://<SAC URL>/api/v1/scim/Users/<P0000001>
SAP Analytics Cloud: User and Team Provisioning API
Managing Users and Teams → api/v1/scim
Managing Users and Teams → api/v1/scim2
This API uses SCIM 2.0. For more information, see SCIM Core Schema.
sac.api.version | Handles the version of SAP Analytics Cloud SCIM API. Possible values:
Default value: 1 |
APP_SCAN | Embedded Analytics | Group for SCA Application |
ADMINISTRATOR_COMM-SCAN | Embedded Analytics | Group for SCA administrator |
AUTHOR_COMM-SCAN | Embedded Analytics | Group for SCA author |
AUTHENTICATED_COMM-SCAN | Embedded Analytics | Group for SCA viewer |
Go to IAS Admin Console and User Management - Validate the User has got all required User groups are assigned
When SAP Identity Provisioning Service ( IPS) sync the User to SAC or EA, below transformation logic will set the approriate role based on User Group assigned in IAS User Management for the particular User.In the above illustration, its shown for SAP Commissions Product, so you can consume the right user groups for other SAP Products.
Benchmark your client’s score, as well as the latency and bandwidth to your SAP Analytics Cloud service: Analyze System Performance and SAP Analytics Cloud Performance Benchmark
Check if the third-party proxy is forcing the browser to use HTTP 1.1 instead of HTTP/2: 3056467 - Slow performance when accessing / consuming content in SAP Analytics Cloud (SAC)
Verify that your system meets the appropriate system requirements: System Requirements and Technical Prerequisites
Enable the “High Performance” power plan on the desktop that is accessing SAP Analytics Cloud: 2327454 - Low performance occurs in tables / grid and other areas of SAP Analytics Cloud
Generate an HTTP archive (HAR) file to help troubleshoot system errors and performance issues in SAP Analytics Cloud: 2280022 - How to collect a HTTP archive (HAR) file (Chrome developer tools network trace) in SAP Ana...
Analyze the performance of a Chrome page using Chrome DevTools: Performance features reference
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
3 | |
3 | |
2 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 |