Skip to Content
author's profile photo Former Member
0
Former Member
Nov 12, 2020 at 02:19 PM

SAP HANA Cockpit SSO with HANA Ressource Impossible/error.

403 Views

Hello,

I am trying to set the SSO between the HANA Cockpit and 1 other SAP HANA systems (Registered Resources) with no success.

HANA Cockpit: Hostname: SAPCPT, SID: SD1 (HANA Cockpit 2.0 SP12 on HANA 2.0 SP05)

HANA DB1 : Hostname: SAPHANA3, SID: LD1 (HANA 2.0 SP05 rev52 + XSA).

I am following the the document at: https://help.sap.com/viewer/afa922439b204e9caf22c78b6b69e4f2/2.12.0.0/en-US/afef8c66f8804a30b81ccad36c3e9d7e.html.

When I save the registered resource I get the Error Message: Failed to update SSO connection. Request Failed. Failed to create XSUAA JWT trust.

I have searched SAP Notes, and find the note: 2781316 - Failed to update SSO connection Request Failed Could not update or create JWT trust: SAP DBTech JDBC: [258]: insufficient privilege: Not authorized

this note says to remove the SAPXSUAAJWT certificate collection from the Cockpit. So I have deleted the SAPXSUAAJWT certificate collection in the SAPHANA1 system from the HANA Cockpit. Then I deleted and recreated the Database resource for the SAPHANA1-SYSTEMDB database and activate the SSO with the SSO_USER. Then When I save it works.

In fact a new Certificate collection named SAPXSUAAJWT was created in the SAPHANA1-SYSTEMDB and owned by SSO_USER, with no provider associated.

But Now, when I go to the SAPHANA1 system and do a XSA diagnose, I get the error:

SYSTEMDB: JWT Trust to UAA could not be established: Failed to personalize session

So I searched for Note and find: 2950026 - XSA diagnose: JWT Trust to UAA could not be established: Failed to personalize session.But I get no records with the request: SELECT PURPOSE_OBJECT FROM SYS.PSE_PURPOSE_OBJECTS WHERE PSE_NAME = 'SAPXSUAAJWT';

I tried to do a XSA renew-db-trust and it gives me the error: ERROR: FAILED to configure trust relationship to the database 'SYSTEMDB': Could not update or create SAML trust: SAP DBTech JDBC: [258]: insufficient privilege:

So I decided to delete the certificate collection SAPXSUAAJWT in the SAPHANA1-SYSTEMDB. and do once again XSA renew-db-trust, then it works. But now the SSO between the Cockpit and the SAPHANA1 is not working anymore...

It seems that both process are using the same certificate collection Named "SAPXSUAAJWT" but the owner are not the same, when they create it. I still don't know how to implement SSO between the Cockpit and SAP HANA systems

If someone could help...