Skip to Content
avatar image
Former Member

BI 4.2 SP04 / Lumira 2.0 / HANA - SSO Error

Hello,

I have a BusinessObject BI Platform 4.2 SP04 + Lumira 2.0.

Now, I'm trying to configure the SSO connection with a HANA database (1.0 rev 122) but I have an error while logging in from Lumira Discovery.

On BI > Applications > HANA Authentification > I have created two certificates : SAP HANA (port 30015) and SAN HANA http (8000)

These certificates were imported on the HANA side :

- HDB Studio > Security > SAML Identity provider

- Hana Cockpit :

and a new HANA User (BOTEST) was created with SSO :

Both connections are successful :

SAP HANA :

SAP HANA HTTP :

I have created two OLAP connections : SAP HANA and SAP HANA http

From Lumira Discovery > SAP HANA > Import : The connection works (using SAP HANA connection)

From Lumira Discovery > SAP HANA > Live : The connection doesn't works (using SAP HANA http)

Same error from web interface of the BI(using SAP HANA http)

Do you have any idea ? Thank you !

Ced

3bhtf.png (5.4 kB)
o7wi5.png (113.3 kB)
ctpju.png (110.4 kB)
ay2j3.png (10.0 kB)
ttzo4.png (5.7 kB)
heelz.png (3.1 kB)
fyovs.png (10.2 kB)
g7eey.png (15.2 kB)
p3wlf.png (1.6 kB)
4wbaj.png (3.1 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • avatar image
    Former Member
    Sep 19, 2017 at 02:03 PM

    Hello Tim,

    Thank you for your response. The connection HTTP works with predefined HANA account but not with the SSO option.

    In WebI with the connection 30015, it works.

    ... What is aoffice ?

    Ced

    Add comment
    10|10000 characters needed characters exceeded

    • OK Apparently Lumira 2.0 incorporates the connectivity of design studio so it should be capable of connecting to HANA via HTTP SAML. I did find an SAP note so you may need SP1 patch 2 according to note 2502914. The aoffice guide is still the best for setting up and troubleshooting the HTTP connection with SAML

  • avatar image
    Former Member
    Sep 19, 2017 at 08:55 PM

    Hi,

    I have a problem with the SSO configuration of HANA, I get the following error, but I do not know how to solve it.

    Connection Failed: The test of the HANA SSO ticket used to log onto the HANA DB has failed due to: SAP DBTech JDBC: [591]: internal error: Invalid principal id for principal $principalName$.. (FWM 02133)

    Thanks you!!

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 19, 2017 at 01:27 PM

    I haven't heard that Lumira can use an HTTP connection yet. Does it work if you have a predefined HANA account in the connection?

    Can you test the HTTP connection with aoffice? We have a seperate KBA on that, if it works with aoffice and still fails via Lumira that may be a limitation of the HTTP SAML for now.

    With the relational connection 30015, can you test that in IDT and webi to verify it works. That should actually work with Lumira too, I'm just not sure on the HTTP.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 13, 2017 at 08:02 AM

    Hi,

    Please try this wiki.

    https://wiki.scn.sap.com/wiki/display/SAPHANA/SAML+SSO+for+BI+Platform+to+HANA

    especially the certificate import in the HANA trust store. You will need accesses to the Hana webdispatcher workbench (is it the same as the Hana Cockpit for you?).

    You should check also if you have enough right for accessing the xs webdispatcher url as mentioned in the troubleshooting part.

    Finally you need to restart the HANA (at least index and xs server...)

    Good luck.

    che

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 04 at 12:08 PM

    The latest info I have received is when setting up HTTP SAML SSO connections to HANA, they have been working fine in analysis for office (aoffice) which this KBA shows details for https://apps.support.sap.com/sap/support/knowledge/preview/en/2284620

    They also work in design studio. I believe Lumira 2.0 can use them but you cannot test or find any information for an incorrect config on the BI system. Almost all HANA HTTP SAML connections currently have to be traced in the HANA HTTP server and aoffice is the best client to perform testing with (then test design studio or Lumira)

    I've seen one possible open issue with Lumira using HTTPS and SAML (I'm not sure it's resolved yet) but it seems to work with HTTP and SAML on BI 4.2 SP4 and later, possibly earlier

    -Tim

    Add comment
    10|10000 characters needed characters exceeded