Hi all,

OData is clearly the best way to get data from HANA through HTTP, but it is not clear to me how to manage user authentication. I am working with different versions of HANA systems (1.0 SP12, 2.0, 2.0 SP1) and, as first attempt, I tried to implement the basic authentication into my OData services. It works fine, but once the user is authorized, there is no way to logout until the (server-side) session timeout is reached. This is not acceptable to me because I need to give to users the possibility to login every time they need. Closing the browser, authenticating with different (even wrong) credentials, or changing the client-side or/and server-side cache options have no effects. I know that the login/logout mechanism is difficult to achieve using HTTP and basic authorization, so I moved to SAML 2.0 authentication because the Identity Provider (IDP) give you the possibility login and logout explicitly. SAP produced a good guide to configure the IDP (I am using HANA as IDP), the service provider and to enable the SAML to OData services both for XS Classic and Advanced, but there is no good example of saml usage through its bearer assertions (the best post you can find is outdated). So, I am not able to implement the SAML 2.0 authentication and, as many other HANA developers, I am stuck with a “No assertion found in body of request” error message.

Can anyone help me to force the evaluation of the credentials for each OData request or to implement a login/logout mechanism to consume OData services?

Bests.

Diego