Skip to Content

BI 4.2 SP04 / Lumira 2.0 / HANA - SSO Error

Sep 19, 2017 at 09:40 AM


avatar image


I have a BusinessObject BI Platform 4.2 SP04 + Lumira 2.0.

Now, I'm trying to configure the SSO connection with a HANA database (1.0 rev 122) but I have an error while logging in from Lumira Discovery.

On BI > Applications > HANA Authentification > I have created two certificates : SAP HANA (port 30015) and SAN HANA http (8000)

These certificates were imported on the HANA side :

- HDB Studio > Security > SAML Identity provider

- Hana Cockpit :

and a new HANA User (BOTEST) was created with SSO :

Both connections are successful :



I have created two OLAP connections : SAP HANA and SAP HANA http

From Lumira Discovery > SAP HANA > Import : The connection works (using SAP HANA connection)

From Lumira Discovery > SAP HANA > Live : The connection doesn't works (using SAP HANA http)

Same error from web interface of the BI(using SAP HANA http)

Do you have any idea ? Thank you !


3bhtf.png (5.4 kB)
o7wi5.png (113.3 kB)
ctpju.png (110.4 kB)
ay2j3.png (10.0 kB)
ttzo4.png (5.7 kB)
heelz.png (3.1 kB)
fyovs.png (10.2 kB)
g7eey.png (15.2 kB)
p3wlf.png (1.6 kB)
4wbaj.png (3.1 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Cédric C Sep 19, 2017 at 02:03 PM

Hello Tim,

Thank you for your response. The connection HTTP works with predefined HANA account but not with the SSO option.

In WebI with the connection 30015, it works.

... What is aoffice ?


Show 3 Share
10 |10000 characters needed characters left characters exceeded

That's anlaysis for office. It was the product I think the HTTP connection was actually designed for

If aoffice works then you know the connection is ok and the issue is Lumira. I habdle much of the SAML info on the BI side and have not seen Lumira work with the HTTP connections yet but SP4 is new so sometimes things change that's i'm not aware of.

Regarding the webi working then Lumira should be able to consume that relational connection... Is it failing in Lumira still?



Unlike the Webi, Lumira from the web interface works with a http connection only. I will look for aoffice. Meanwhile, I found this table about Lumira 2.0.

I see that SSO is not supported for SAP HANA Live Direct connection. In Lumira Discovery, when I select a Live connection, I have two choice : SAP HANA or SAP BI Platform . I suppose that "SAP HANA" is the direct connection (there is no SSO option) and SAP BI Platform is the managed connection (uses the OLAP connection "SAP HANA http")

Thank you.

0ggbw.png (139.0 kB)
zsuoz.png (4.5 kB)

OK Apparently Lumira 2.0 incorporates the connectivity of design studio so it should be capable of connecting to HANA via HTTP SAML. I did find an SAP note so you may need SP1 patch 2 according to note 2502914. The aoffice guide is still the best for setting up and troubleshooting the HTTP connection with SAML

Sebastian Ospina Sep 19, 2017 at 08:55 PM


I have a problem with the SSO configuration of HANA, I get the following error, but I do not know how to solve it.

Connection Failed: The test of the HANA SSO ticket used to log onto the HANA DB has failed due to: SAP DBTech JDBC: [591]: internal error: Invalid principal id for principal $principalName$.. (FWM 02133)

Thanks you!!

Show 1 Share
10 |10000 characters needed characters left characters exceeded

I believe this is a different error, in one case we found it permissions related

Tim Ziemba
Sep 19, 2017 at 01:27 PM

I haven't heard that Lumira can use an HTTP connection yet. Does it work if you have a predefined HANA account in the connection?

Can you test the HTTP connection with aoffice? We have a seperate KBA on that, if it works with aoffice and still fails via Lumira that may be a limitation of the HTTP SAML for now.

With the relational connection 30015, can you test that in IDT and webi to verify it works. That should actually work with Lumira too, I'm just not sure on the HTTP.

10 |10000 characters needed characters left characters exceeded
Sylvain Chevallereau
Dec 13, 2017 at 08:02 AM


Please try this wiki.

especially the certificate import in the HANA trust store. You will need accesses to the Hana webdispatcher workbench (is it the same as the Hana Cockpit for you?).

You should check also if you have enough right for accessing the xs webdispatcher url as mentioned in the troubleshooting part.

Finally you need to restart the HANA (at least index and xs server...)

Good luck.


10 |10000 characters needed characters left characters exceeded
Tim Ziemba
Jan 04 at 12:08 PM

The latest info I have received is when setting up HTTP SAML SSO connections to HANA, they have been working fine in analysis for office (aoffice) which this KBA shows details for

They also work in design studio. I believe Lumira 2.0 can use them but you cannot test or find any information for an incorrect config on the BI system. Almost all HANA HTTP SAML connections currently have to be traced in the HANA HTTP server and aoffice is the best client to perform testing with (then test design studio or Lumira)

I've seen one possible open issue with Lumira using HTTPS and SAML (I'm not sure it's resolved yet) but it seems to work with HTTP and SAML on BI 4.2 SP4 and later, possibly earlier


10 |10000 characters needed characters left characters exceeded