cancel
Showing results for 
Search instead for 
Did you mean: 

HANA 2.0 webide login - forbidden

former_member186752
Participant
0 Kudos
4,347

Dear experts

I'm getting an error message "Forbidden" whilst trying to login to the webide.

HANA Release is 2.00.020.00.1500920972
Webide is up and running: webide STARTED 1/1 512 MB <unlimited> https://fqdn:port

The login was performed as XSA_ADMIN

Any ideas ?

Cheers

M

Accepted Solutions (1)

Accepted Solutions (1)

dvankempen
Product and Topic Expert
Product and Topic Expert

Hi Marian,

The XSA_ADMIN user is equivalent to the root user at the operating system level or the SYSTEM user at database level. As a super administrator, it should only be used to perform super administrator tasks using super administrator tools.

For this reason (security), XSA_ADMIN does not have access to the WebIDE.

This is the default configuration, by design and best kept as-is.

You should use a lesser-privileged user to connect to the WebIDE, e.g. XSA_DEV or any other user that has the WebIDE_Developer role granted.

See,

Two screen captures to illustrate this (XS Admin tool, connected as XSA_ADMIN):

Showing Role Collections: 2 roles for WebIDE: DEVX_DEVELOPER and DEVX_ADMINISTRATOR

XSA_ADMIN does not have the DEVX_DEVELOPER role assigned. For this reason, you get 'Forbidden'.

Regards,

Denys / SAP HANA Academy

Subscribe to our YouTube Channel
Join us on LinkedIn
Follow us on Twitter
Github code samples
Facebook
Google+

former_member186752
Participant
0 Kudos

florian.pfeffer , denys.kempen : now it's clear to me what must be done.

Now I have the following issue: login as XSA_ADMIN to the xsa-admin is not working (password is accepted but after login the page remains blank and nothing happens.)
The xsa-admin is running: xsa-admin STARTED 1/1 128 MB <unlimited> https://FQDN:51023
I tried different browsers but unfortunately no luck. What might be the culprit?

dvankempen
Product and Topic Expert
Product and Topic Expert
0 Kudos

What's the environment? Cloud or local VM / installation? How much memory allocated?

former_member186752
Participant
0 Kudos

Local installation, HANA 2.0 on premise Installation; 64GB Mem Allocation (Setup for testing purposes.)

dvankempen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Excellent. One might not expect any memory issues then.

The issue is that you cannot connect to the XSA Administration application as XSA_ADMIN user. Login page displays and the user is authenticated but a blank page displays. Curious, no idea.

Below some general health checks but I have no further suggestions at this stage if the URL is correct and all the applications are up and running.

Does the controlller page display [API_URL]? What port to xsa-admin is diplayed?

https://FQDN:3<instance number>30 

Can you connect on the command line using the same API URL as XSA_ADMIN and query app URLs?

xs l

xs apps

If you get an SSL validation error, run

xs l --skip-ssl-validation
former_member186752
Participant
0 Kudos

The controller page is properly displaying.

The displayed port for XSA-ADMIN is 51023.

After entering the "xs l" command line I'm getting the API_URL and I'm required to authenticate.

I'm entering the correct password and get the following infos displayed: ORG, SPACE, API endpoint, User, Org, Space.
XS apps(no SSL validation error) is also showing that the xsa-admin and webide have the state STARTED.

dvankempen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Marian,

Sounds good.

Yet, you have an issue connecting to web-ide (as xsa_dev) or xsa-admin (as xsa_admin), correct?

The (account) assumes SAP HANA, express edition.

Does the URL redirect to the UAA page (for login)?

former_member186752
Participant
0 Kudos

Hi Denys

The main goal is to maintain the users and authorizations via xsa-admin and later to provide webide access to other users.

In order to achieve this I first have to logon to the xsa-admin as the xsa_admin user and this is currently not working.

Please be advised that this is a standard HANA 2.0 on Premise installation and this is not the SAP HANA express edition,

dvankempen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Thanks Marian,

The account used to connect on the command-line with 'xs l', also provides access to the xsa-admin web application.

I understand that the on command-line access is provided but that there is an issue with the web.

You have mentioned that the xs controller web page displays correctly: https://hostname:3<instance-number>30

What happens when you click the xsa-admin URL on that page?

Are you redirected to the UAA page? Is the URL still using the same <hostname>?

Is the port used in the URL for the UAA accessible (not blocked by firewall)?

If the UAA page displays correctly (login), what happens after you provide XSA_ADMIN user name and password (same as for xs l)?

former_member186752
Participant
0 Kudos

If I click the xsa-admin URL then the page will open and I will get the login mask (the page displays correctly).

The URL is still using the same FQDN.

A firewall issue can be excluded(telnet is working).

The UAA page display correctly (login) and I can provide the credentials (XSA_ADMIN and PW) but after selecting login the page remains blue and nothing is beeing displayed.uaa-login.png

dvankempen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Appears to be an issue with the particular Java app.

Do other Java apps display correctly? E.g. Database Explorer?

At this stage, I would reinstall XSA but you may have other options. Did you already create a support ticket?

former_member186752
Participant
0 Kudos

The database explorer is working (checked it via SAP HANA Cockpit).

So next attempt will be a resintall ...

I did not open a support ticket yet but will consider it depending on the results of the reinstall action.

Answers (1)

Answers (1)

pfefferf
Active Contributor
0 Kudos

The roles you have assigned to your user (which you described in the comments of that question) are the XS classic roles for the HANA web-based development workbench. For the SAP Web IDE for SAP HANA the process is a little bit different. Details on how to do that can be found in the SAP HANA Developer Guide for XS Advanced: Enabling Access to the SAP Web IDE Administration and Development Tools

Regards,
Florian