Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert


In my previous blog post - I have described the end-to-end steps it takes to establish a live data connectivity between SAP Analytics Cloud and SAP Cloud Platform HANA database which runs on Neo Platform.

But now that the SAP Cloud Platform runs on Cloud Foundry - a few steps in the process would change as well as some new steps needs to performed.

So let's get started with the process:


  • SAP Analytic Cloud.

  • SAP HANA Service.

  • MTA Application.

  • Cloud Foundry Command line interface.

  • MultiApps CF CLI Plugin.

  • Oracle JDK 8.

  • Apache Melvin.

Integration Architecture





Image source:

Let’s understand what is stored in SAC, The short answer is: metadata and only metadata. SAP Analytics Cloud stores queries for building the stories, measure names, columns names, filter values, and so on. Basically, the metadata lets SAP Analytics Cloud rebuild the query.
But none of the actual data, not even the query results or part of the results, such as totals, are saved to SAP Analytics Cloud. Metadata is transferred to your browser and encrypted in memory.

Build and Deploy HANA Analytic Adapter in CF: 

HANA Analytic Adapter (HAA) is a multi-target application deployed in SAP Cloud Platform, Cloud Foundry to connect SAP Analytic Cloud and SAP HANA Service. Find below the steps to build and Deploy HANA Analytic adapter.

Prepare and build MTA- app(HAA)
Download HAA from git repository and extract:\HAA

Download Analytic Adapter

Download the latest version of Analytic Adapter for SAP HANA Extended Application Service Advance Model (HANA – XS Advance) from SAP Cloud Tools.

Extract the xsahaa and place it in the:\HAA\haa-java\target. Create target directory if it does not exist in haa-java.


ID: haa _schema-version: '2.0' version: 0.0.1


- name: haa-java type: java path: haa-java parameters:

memory: 1024M

buildpack: sap_java_buildpack properties:

SAP_JWT_TRUST_ACL: '[{"clientid":"sb-xsahaa-be", "identityzone": "*"}]' JBP_CONFIG_RESOURCE_CONFIGURATION: "['tomee/webapps/ROOT/WEB-

INF/resources.xml': {'xsahaa-hdi-container':'<HDI_CONTAINER-NAME>'}]" USE_NAMED_USER: true

- name: haa-java

url: ${default-url}

- name: haa-uaa

- name: haa type: nodejs path: haa-entry parameters:

memory: 512M

buildpack: nodejs_buildpack requires:

- name: haa-uaa - name: haa-java

group: destinations properties:

name: haa-java
url: ~{url} forwardAuthToken: true timeout: 600000


CORS: '[{"uriPattern": "^/sap/bc/ina/(.*)$", "allowedOrigin": [{"host":"<URL of SAP ANALYTIC CLOUD>", "protocol":"https"}], "allowedMethods": ["GET", "POST", "OPTIONS"], "allowedHeaders": ["Origin", "Accept", "X-Requested-With", "Content-Type", "Access-Control-Request-Method", "Access-Control-Request-Headers", "Authorization", "X- Sap-Cid", "X-Csrf-Token"], "exposeHeaders": ["Accept", "Authorization", "X-Requested-With", "X-Sap-Cid", "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials", "X-Csrf- Token", "Content-Type"]}]'

COOKIES: '{"SameSite": "None"}'
TENANT_HOST_PATTERN: '^(.*)-<space>-haa.cfapps.(.*)' INCOMING_CONNECTION_TIMEOUT: 600000

- name: haa-uaa

type: parameters:

path: ./xs-security.json

- name: <HDI_CONTAINER-NAME> type: org.cloudfoundry.existing-service

Replace the following:

  • <HDI_CONTAINER-NAME> – Replace it with name of hdi container. Eg. hdi_smart_data.

  • <URL of SAP ANALYTIC CLOUD CLOUD> – Replace it with URL of SAC. Eg.

  • TENANT_HOST_PATTERN – Replace the <space> with the name of CF space in which the HAA application is deployed. Eg. ‘^(.*)-<space-name>-haa.cfapps

Role & JWT identity authentication in SAP HANA Service: 


Login to HANA Cockpit with HANA DB user, make sure the user has User Admin and Role Admin system privilege. Click User Management.

Create a New HANA User, scroll down to define JWT identity authentication. Check the JWT box and click on “Add JWT Identity”, Map the JWT Provider to match the External SAML IdP Email ID attribute and save the configuration.

Click Assign Roles and Add the Access Role and External Privilege role created as part of HDI container deployment and save the configuration. The role name will have naming convention <hdi_schema_name>::access_role.

Click on Assign Privilege, Select Object Privilege tab, add object EXECUTE_MDS with Execute Privilege and _SYS_BI with Select Privilege and save the configuration.

Configure the live connection

Name : <Name of Live Connection> Eg. CFHANA
Description : Description to Live connection
Connection Type : Direct
Host : <cf-subaccount-org-name>-<space> Port : 443

Authentication Type: SAML Single Sign On

SAP recommends a configuration using CORS for these reasons:

  • You will have direct connectivity with no additional devices required. Your browser directly connects SAP Analytics Cloud, your IdP, and backend data sources by securely unlocking the same-origin policy.

  • Because there are no additional devices, a direct connection enables better performance.

  • This configuration is easy to set up.