on 02-02-2015 10:09 PM
Looking to set up SSO from BOE to HANA using SAML and coming up short on what is hopefully just some missing configuration. If anyone has experience getting this running, I'd be grateful for feedback or links to more comprehensive documentation.
We are running BOE 4.1 SP5 and HANA rev 92 (on a multiple node installation). The plan is to 1) enable SSL logins on HANA, 2) set up BOE as the IdP, 3) create the SAML provider in HANA and establish trust between the two systems.
Everything has been restarted after the last configuration change.
A test user has been set up in HANA with the SAML provider enabled, user name matching a BOE enterprise account. When testing from the CMC, we see the following error message: Connection Failed: The test of the HANA SSO ticket used to log onto the HANA DB has failed due to: [10]: invalid username or password. (FWM 02133)
The HANA tracelog, set to debug, shows some errors in SAMLAuthenticator (ERROR in libxmlsec) before it culminates in this block:
[22277]{-1}[-1/-1] 2015-02-02 20:10:23.882796 i Authentication SAMLAuthenticator.cpp(00400) : Unable to verify XML signature
[22277]{-1}[-1/-1] 2015-02-02 20:10:23.882934 d Authentication ManagerAcceptor.cpp(00273) : Injecting logon name into method:
[22277]{-1}[-1/-1] 2015-02-02 20:10:23.882986 d Authentication SAPLogonManager.cpp(00360) : Store chosen for assertion ticket validation: saplogon.pse
[22277]{-1}[-1/-1] 2015-02-02 20:10:23.883114 w Authentication SAPLogonManager.cpp(00504) : The base64 decode of the received ticket failed. SSO_RC return value: 1281
[22277]{-1}[-1/-1] 2015-02-02 20:10:23.883121 d Authentication SAPLogonManager.cpp(00513) : Use SSO Validation PSE >>>saplogon.pse<<<
[22277]{-1}[-1/-1] 2015-02-02 20:10:23.883123 d Authentication SAPLogonManager.cpp(00514) : Received Base64 Ticket >>>SAML 2.0 assertion ticket...<<<
[22277]{-1}[-1/-1] 2015-02-02 20:10:23.883167 i Authentication MethodSAPLogon.cpp(00275) : unsuccessful login attempt with SAPLogon/SAPAssertion ticket!
[22277]{-1}[-1/-1] 2015-02-02 20:10:23.883181 d Authentication ManagerAcceptor.cpp(00273) : Injecting logon name into method:
[22277]{-1}[63/-1] 2015-02-02 20:10:23.884313 d Authentication Connection.cc(03617) : [PRE AUTHENTICATION] logon name:
[22277]{-1}[63/-1] 2015-02-02 20:10:23.884359 d Authentication Connection.cc(03684) : [POST AUTHENTICATION] logon name:
It looks like the ticket is received but not being parsed. It's not clear to me if this is related to the certificate or some other configuration element, or exactly what the missing piece is.
Hello,
I am facing the exactly same issue.
HANA Rev 94
BOE - 4.1 SP5
SSL done using openSSL instead of common cryptolib.
PS- i was able to configure BI - HANA SSO in the development environment however facing issue as mentioned above in QA.
Regards,
Jayesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.