cancel
Showing results for 
Search instead for 
Did you mean: 

BI 4.2 SP04 / Lumira 2.0 / HANA - SSO Error

Former Member
0 Kudos

Hello,

I have a BusinessObject BI Platform 4.2 SP04 + Lumira 2.0.

Now, I'm trying to configure the SSO connection with a HANA database (1.0 rev 122) but I have an error while logging in from Lumira Discovery.

On BI > Applications > HANA Authentification > I have created two certificates : SAP HANA (port 30015) and SAN HANA http (8000)

These certificates were imported on the HANA side :

- HDB Studio > Security > SAML Identity provider

- Hana Cockpit :

and a new HANA User (BOTEST) was created with SSO :

Both connections are successful :

SAP HANA :

SAP HANA HTTP :

I have created two OLAP connections : SAP HANA and SAP HANA http

From Lumira Discovery > SAP HANA > Import : The connection works (using SAP HANA connection)

From Lumira Discovery > SAP HANA > Live : The connection doesn't works (using SAP HANA http)

Same error from web interface of the BI(using SAP HANA http)

Do you have any idea ? Thank you !

Ced

Accepted Solutions (0)

Answers (6)

Answers (6)

mrwong05
Participant
0 Kudos

tammy.powlas3

Hana 2.0 SSO for lumira 2.3 add-on for BIP 4.2 SP5 is not working for OLAP BIP managed connections.

Pre-defined User is working.

According to a June 2020 KBA https://launchpad.support.sap.com/#/notes/0002618948 :

  1. Change the managed connection to use a pre-defined username and password
  2. After creating the dashboard, publish it to BI Enterprise
  3. Change the managed connection back to SSO
  4. The dashboard will now work when run from BI Launchpad

After doing this, I still receive an error when trying to open the document on BIP from any user.

So my question is, has this issue been resolved? I really need SSO to work from BIP to Hana for Lumira Documents.

--Matt

.

TammyPowlas
Active Contributor
0 Kudos

Hi Matt - I don't know; I recommend creating a new thread with this question.

mrwong05
Participant
0 Kudos

Thanks Tammy, I'm sorry to get you involved. I thought you were the moderator for Lumira as you have been helpful in the past.

BasicTek
Active Contributor
0 Kudos

The latest info I have received is when setting up HTTP SAML SSO connections to HANA, they have been working fine in analysis for office (aoffice) which this KBA shows details for https://apps.support.sap.com/sap/support/knowledge/preview/en/2284620

They also work in design studio. I believe Lumira 2.0 can use them but you cannot test or find any information for an incorrect config on the BI system. Almost all HANA HTTP SAML connections currently have to be traced in the HANA HTTP server and aoffice is the best client to perform testing with (then test design studio or Lumira)

I've seen one possible open issue with Lumira using HTTPS and SAML (I'm not sure it's resolved yet) but it seems to work with HTTP and SAML on BI 4.2 SP4 and later, possibly earlier

-Tim

0 Kudos

Hi,

Please try this wiki.

https://wiki.scn.sap.com/wiki/display/SAPHANA/SAML+SSO+for+BI+Platform+to+HANA

especially the certificate import in the HANA trust store. You will need accesses to the Hana webdispatcher workbench (is it the same as the Hana Cockpit for you?).

You should check also if you have enough right for accessing the xs webdispatcher url as mentioned in the troubleshooting part.

Finally you need to restart the HANA (at least index and xs server...)

Good luck.

che

Former Member
0 Kudos

Hi,

I have a problem with the SSO configuration of HANA, I get the following error, but I do not know how to solve it.

Connection Failed: The test of the HANA SSO ticket used to log onto the HANA DB has failed due to: SAP DBTech JDBC: [591]: internal error: Invalid principal id for principal $principalName$.. (FWM 02133)

Thanks you!!

BasicTek
Active Contributor
0 Kudos

I believe this is a different error, in one case we found it permissions related https://launchpad.support.sap.com/#/notes/0002467934

Former Member
0 Kudos

Hello Tim,

Thank you for your response. The connection HTTP works with predefined HANA account but not with the SSO option.

In WebI with the connection 30015, it works.

... What is aoffice ?

Ced

BasicTek
Active Contributor
0 Kudos

That's anlaysis for office. It was the product I think the HTTP connection was actually designed for https://apps.support.sap.com/sap/support/knowledge/preview/en/2284620

If aoffice works then you know the connection is ok and the issue is Lumira. I habdle much of the SAML info on the BI side and have not seen Lumira work with the HTTP connections yet but SP4 is new so sometimes things change that's i'm not aware of.

Regarding the webi working then Lumira should be able to consume that relational connection... Is it failing in Lumira still?

Former Member
0 Kudos

Tim,

Unlike the Webi, Lumira from the web interface works with a http connection only. I will look for aoffice. Meanwhile, I found this table about Lumira 2.0.

I see that SSO is not supported for SAP HANA Live Direct connection. In Lumira Discovery, when I select a Live connection, I have two choice : SAP HANA or SAP BI Platform . I suppose that "SAP HANA" is the direct connection (there is no SSO option) and SAP BI Platform is the managed connection (uses the OLAP connection "SAP HANA http")

Thank you.

BasicTek
Active Contributor
0 Kudos

OK Apparently Lumira 2.0 incorporates the connectivity of design studio so it should be capable of connecting to HANA via HTTP SAML. I did find an SAP note so you may need SP1 patch 2 according to note 2502914. The aoffice guide is still the best for setting up and troubleshooting the HTTP connection with SAML

BasicTek
Active Contributor
0 Kudos

I haven't heard that Lumira can use an HTTP connection yet. Does it work if you have a predefined HANA account in the connection?

Can you test the HTTP connection with aoffice? We have a seperate KBA on that, if it works with aoffice and still fails via Lumira that may be a limitation of the HTTP SAML for now.

With the relational connection 30015, can you test that in IDT and webi to verify it works. That should actually work with Lumira too, I'm just not sure on the HTTP.