on 2017 Oct 24 2:31 PM
Dear experts
I'm getting an error message "Forbidden" whilst trying to login to the webide.
HANA Release is 2.00.020.00.1500920972
Webide is up and running: webide STARTED 1/1 512 MB <unlimited> https://fqdn:port
The login was performed as XSA_ADMIN
Any ideas ?
Cheers
M
Request clarification before answering.
Hi Marian,
The XSA_ADMIN user is equivalent to the root user at the operating system level or the SYSTEM user at database level. As a super administrator, it should only be used to perform super administrator tasks using super administrator tools.
For this reason (security), XSA_ADMIN does not have access to the WebIDE.
This is the default configuration, by design and best kept as-is.
You should use a lesser-privileged user to connect to the WebIDE, e.g. XSA_DEV or any other user that has the WebIDE_Developer role granted.
See,
Two screen captures to illustrate this (XS Admin tool, connected as XSA_ADMIN):
Showing Role Collections: 2 roles for WebIDE: DEVX_DEVELOPER and DEVX_ADMINISTRATOR
XSA_ADMIN does not have the DEVX_DEVELOPER role assigned. For this reason, you get 'Forbidden'.
Regards,
Denys / SAP HANA Academy
Subscribe to our YouTube Channel
Join us on LinkedIn
Follow us on Twitter
Github code samples
Facebook
Google+
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
florian.pfeffer , denys.kempen : now it's clear to me what must be done.
Now I have the following issue: login as XSA_ADMIN to the xsa-admin is not working (password is accepted but after login the page remains blank and nothing happens.)
The xsa-admin is running: xsa-admin STARTED 1/1 128 MB <unlimited> https://FQDN:51023
I tried different browsers but unfortunately no luck. What might be the culprit?
Excellent. One might not expect any memory issues then.
The issue is that you cannot connect to the XSA Administration application as XSA_ADMIN user. Login page displays and the user is authenticated but a blank page displays. Curious, no idea.
Below some general health checks but I have no further suggestions at this stage if the URL is correct and all the applications are up and running.
Does the controlller page display [API_URL]? What port to xsa-admin is diplayed?
https://FQDN:3<instance number>30
Can you connect on the command line using the same API URL as XSA_ADMIN and query app URLs?
xs l
xs apps
If you get an SSL validation error, run
xs l --skip-ssl-validation
The controller page is properly displaying.
The displayed port for XSA-ADMIN is 51023.
After entering the "xs l" command line I'm getting the API_URL and I'm required to authenticate.
I'm entering the correct password and get the following infos displayed: ORG, SPACE, API endpoint, User, Org, Space.
XS apps(no SSL validation error) is also showing that the xsa-admin and webide have the state STARTED.
Hi Denys
The main goal is to maintain the users and authorizations via xsa-admin and later to provide webide access to other users.
In order to achieve this I first have to logon to the xsa-admin as the xsa_admin user and this is currently not working.
Please be advised that this is a standard HANA 2.0 on Premise installation and this is not the SAP HANA express edition,
Thanks Marian,
The account used to connect on the command-line with 'xs l', also provides access to the xsa-admin web application.
I understand that the on command-line access is provided but that there is an issue with the web.
You have mentioned that the xs controller web page displays correctly: https://hostname:3<instance-number>30
What happens when you click the xsa-admin URL on that page?
Are you redirected to the UAA page? Is the URL still using the same <hostname>?
Is the port used in the URL for the UAA accessible (not blocked by firewall)?
If the UAA page displays correctly (login), what happens after you provide XSA_ADMIN user name and password (same as for xs l)?
If I click the xsa-admin URL then the page will open and I will get the login mask (the page displays correctly).
The URL is still using the same FQDN.
A firewall issue can be excluded(telnet is working).
The UAA page display correctly (login) and I can provide the credentials (XSA_ADMIN and PW) but after selecting login the page remains blue and nothing is beeing displayed.uaa-login.png
The roles you have assigned to your user (which you described in the comments of that question) are the XS classic roles for the HANA web-based development workbench. For the SAP Web IDE for SAP HANA the process is a little bit different. Details on how to do that can be found in the SAP HANA Developer Guide for XS Advanced: Enabling Access to the SAP Web IDE Administration and Development Tools
Regards,
Florian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
53 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.