cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO für SAP HANA Cockpit

Go to solution
ernaldo_cezar2
Explorer

on ‎03-08-2016 9:26 AM

0 Kudos

Dear all,

yesterday I was able to set up the SSO using Kerberos for our SAP HANA databases.

It works perfectly.

Then I noticed that I still need to give user and password to access the SAP HANA Cockpit.

Is ist possible to set up SSO for SAP HANA Cockpit as well?

Best Regards,

Ernaldo Cezar

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ernaldo_cezar2
Explorer
‎03-11-2016 10:30 AM
0 Kudos

The problem is solved.

It was gap in the keytab file.

I registered at the beginning only the host alias as a Service Principal Name (SPN):

hdb/alias.domain.com@DOMAIN.COM

HTTP/alias.domain.com@DOMAIN.COM

The solution was to register also the hostname as a SPN:

hdb/hostname.domain.com@DOMAIN.COM

HTTP/hostname.domain.com@DOMAIN.COM

I generated the keytab file by myself with all the entries above.

Now the SSO is working for SAP HANA Studio and SAP HANA Cockpit.

Regards,

Ernaldo

Show replies
Show replies

Answers (2)

Answers (2)

suresh_devarajan
Explorer
‎03-10-2016 12:11 AM
0 Kudos

Below documentation refers to SSO setup for SAP HANA Cockpit and refers the configurations needed in the XS Administration tool. Since you are using kerberos, I am guessing the SPNEGO setup mentioned in SAP note 1837331 is also applicable.

https://help.sap.com/saphelp_hanaplatform/helpdata/en/5c/482d15e5704fa1aa46371d36039150/content.htm

If you're integrating the SAP HANA cockpit into a single sign-on (SSO) environment, you have specified and configured the methods for user authentication in the SAP HANA XS Administration Tool.

Here, create a runtime configuration for the following applications:

  • sap.hana.admin
  • sap.uis

For more information about how to do this, see SAP HANA XS Administration Tools in the SAP HANA Administration Guide.

Show replies
Show replies
ernaldo_cezar2
Explorer
‎03-10-2016 6:56 AM
0 Kudos

Dear Suresh,

Thanks for your help.

I followed all the steps described in the SAP note 1837331 in order to set up the authentication through SPNEGO. The application sap.uis doesn't exist in the database. Instead of sap.uis, I found 2 another applications: sap.ui5 and sap.admin.uis

Anyway, I become the following error in the browser when starting SAP HANA Cockpit:

SPNEGO token could not be authenticated.

No successfull authentication possible.

In the nameserver trace of the HANA database I see a warning when we start the database:

[19502]{-1}[-1/-1] 2016-03-09 14:18:29.253763 e Authentication   Provider.cpp(00633) : Kerberos: Using empty Service Principal Name!

And another error when the try to login on the SAP HANA Cockpit:

[19364]{19364}[-1/-1] 2016-03-09 14:18:36.179333 e Authentication   AbstractMethodGSSAcceptor.cpp(00032) : Error during Kerberos: Major: "No credentials were supplied, or the credentials were unavailable or inaccessible [458752]", minor: " []"

At the moment I'm reviewing the configuration of Kerberos and the AD.

Regards,

Ernaldo

Former Member
‎03-08-2016 11:33 AM
0 Kudos

Hi Eraldo.

You can try this aproach:

SAP HANA STUDIO

Properties -->DATABASE USER LOGON --> select "Store user name and password in secure store"

Next time you login, it will not ask for user or password.

Best Regards.

Osvaldo Dias Ferreira

Show replies
Show replies
ernaldo_cezar2
Explorer
‎03-08-2016 11:42 AM
0 Kudos

Dear Osvaldo,

Thanks for your quick answer.

In fact the idea is not to use an user and password to login. In the setting of the HANA system we chose the option: "Authentication by current operating system user".

It means, there is no password to store in the Secure Storage. This field is anyway inactiv.

Regards,

Ernaldo

Ask a Question