Prerequisites:
HANA XS up and running with SSL configured
BI Platform up and running with SSL configured
We use a HANA database 1.0 without a tenant base and the xs classic webserver, on BI PLATFORM side we are on 4.2 SP 7
Configuration:
This section describes the configuration, first I describe the configuration of the BI Platform afterwards I describe the configuration of your HANA database.
Configure BI Platform
Logon to CMC using
https://host:sslport/BOE/CMC
Navigate to Applications > HANA Authentication
Create Identity Provider for HDBC Connection to HANA
- Select the connection type
SAP HANA for native HANA connection, SAP HANA HTTP for HTTP and HTTPS connections
- Enter the hostname of your HANA
- HANA Port
this should be the port your indexserver is running on
- HANA Instance Number
I always provided just the port
- HANA Tenant Database
As we are running on HANA 1.0 we don't have tenant databases
- Unique Identity Provider ID
An ID of your choice my best practice is HANA_SIDBIP_SIDSAML_HDBC
- Service Provider Name
this must match the name of your HANA service provider, please see later in this post where to find the name on HANA side
- Identity Provider Base64 Certificate
the certificate is shown after you click oon the button Generate (9), this certificate needs to be imported in your HANA database to trust the identity provider we are creating
- Generate
By clicking on the button the Identity Provider Base64 Certificate gets generated, when you edit the hostname or port the certificate needs to be regenerated
Create Identity Provider for HTTPS Connection to HANA
I just explain the additional points, for the other points please see above
- HANA Port
here you have to provide the port your xs engine is running on
- Secure Connection
if you use https you have to select Secure Connection
- Test Connection
the user you provide for testing the connection must be configured for SAML and must have a mapping for the created identity provider, I describe the creation of the saml mapping later in this blog
Configure HANA database
First we have to import the certificate we generated on the BI Platform, afterwards we need to create an identity provider. There are several ways to do this. Here I will describe the steps using the SAP HANA Cockpit and the steps using the xs admin cockpit. Please be careful, if you are using file based certificates (pse files) you have to follow the steps I described here "certificate import using file based certificates" in this blog.
using the SAP HANA Cockpit
First we open the SAP HANA Cockpit and navigate to the HANA database we want to configure the SAML SSO for.
by clicking on the resource name you can open the System Overview of the database
now we search for saml and navigate to the certificate store
In the certificate store we click on Import to import the certificate we created on the BI Platform
Copy the certificate content on the BI Platform and paste it here, click on ok afterwards
The imported certificate is shown in the certificate list
Now we need to add the certificate to our saml certificate collection, therefore we search for saml on the system overview page again and click on certificate collections
Select your saml certificate collection, if you don't have a saml certificate collection yet you can create a new one here, important is to set the purpose of the collection to saml
cilck on add certificate to add the imported certificate to your saml certificate collection
select the imported certificate from the list and click OK
Now we need to add an SAML identity provider from the system overview page we click on SAML Identity Provider
We wan't to add a new identity provider
enter your identity provider name > this should be the same name as the one given on the BI Platform
the added identity provider should be shown in the list now
using xs admin
logon to your xs engine
check the name of the HANA SAML Service Provider
Go to trust manager > saml and selct import certificate
create your saml identity provider
certificate import using file based certificates
if your are using file based certificates (.pse files on the file system) in your hana database you need to import the certificates in the system PSE of your hana database. This can be done usind wdisp admin
select sapsrv.pse > Import certificate
select the certificate from BI Platform and paste it here then click on import
the successfull import is shown
create SAML Mapping
the saml mapping can be created using HANA studio or HANA cockpit
from the system overview page serch for user and navigate to User Management
I created a test user in the hana database and mapped it to the Administrator user of the BI Platform
configure the INA Service for SAML (required for HTTP and HTTPS connections)
you have to enable saml for the ina service, this is used to sign on using HTTP or HTTPS connections to your hana database. Select one of your identity providers here, it will work for all other identity providers on your hana too
test your connection
log on to the cmc of your BI Platform again, then navigate to Applications > HANA Authentication
click on test connection > the connection test should be successfull now