on 03-08-2016 9:26 AM
Dear all,
yesterday I was able to set up the SSO using Kerberos for our SAP HANA databases.
It works perfectly.
Then I noticed that I still need to give user and password to access the SAP HANA Cockpit.
Is ist possible to set up SSO for SAP HANA Cockpit as well?
Best Regards,
Ernaldo Cezar
The problem is solved.
It was gap in the keytab file.
I registered at the beginning only the host alias as a Service Principal Name (SPN):
hdb/alias.domain.com@DOMAIN.COM
HTTP/alias.domain.com@DOMAIN.COM
The solution was to register also the hostname as a SPN:
hdb/hostname.domain.com@DOMAIN.COM
HTTP/hostname.domain.com@DOMAIN.COM
I generated the keytab file by myself with all the entries above.
Now the SSO is working for SAP HANA Studio and SAP HANA Cockpit.
Regards,
Ernaldo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Below documentation refers to SSO setup for SAP HANA Cockpit and refers the configurations needed in the XS Administration tool. Since you are using kerberos, I am guessing the SPNEGO setup mentioned in SAP note 1837331 is also applicable.
https://help.sap.com/saphelp_hanaplatform/helpdata/en/5c/482d15e5704fa1aa46371d36039150/content.htm
If you're integrating the SAP HANA cockpit into a single sign-on (SSO) environment, you have specified and configured the methods for user authentication in the SAP HANA XS Administration Tool.
Here, create a runtime configuration for the following applications:
For more information about how to do this, see SAP HANA XS Administration Tools in the SAP HANA Administration Guide.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Suresh,
Thanks for your help.
I followed all the steps described in the SAP note 1837331 in order to set up the authentication through SPNEGO. The application sap.uis doesn't exist in the database. Instead of sap.uis, I found 2 another applications: sap.ui5 and sap.admin.uis
Anyway, I become the following error in the browser when starting SAP HANA Cockpit:
SPNEGO token could not be authenticated.
No successfull authentication possible.
In the nameserver trace of the HANA database I see a warning when we start the database:
[19502]{-1}[-1/-1] 2016-03-09 14:18:29.253763 e Authentication Provider.cpp(00633) : Kerberos: Using empty Service Principal Name!
And another error when the try to login on the SAP HANA Cockpit:
[19364]{19364}[-1/-1] 2016-03-09 14:18:36.179333 e Authentication AbstractMethodGSSAcceptor.cpp(00032) : Error during Kerberos: Major: "No credentials were supplied, or the credentials were unavailable or inaccessible [458752]", minor: " []"
At the moment I'm reviewing the configuration of Kerberos and the AD.
Regards,
Ernaldo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Osvaldo,
Thanks for your quick answer.
In fact the idea is not to use an user and password to login. In the setting of the HANA system we chose the option: "Authentication by current operating system user".
It means, there is no password to store in the Secure Storage. This field is anyway inactiv.
Regards,
Ernaldo
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.