Skip to Content
0

how enable SSO on HANA XSA

Dec 08, 2017 at 01:07 AM

193

avatar image

Hi,

I'd like to enable single sign on (SSO) to HANA XSA and Lumira 2.0

I'm using hana expres 2.0 SPS 02 with XSA, SAP Lumira 2.0 Discovery and AWS

My scenario is that I'm using AWS Cognito to authenticate user logins on my personal portal. Then I want these authorized users to be able to access the HANA XSA applications (urls) without having to login to the XS Advanced with a username/password.

I know I need a Identity Provider service (IDP), whether SAML or JWT based, it doesnt matter. But it would be helpful to me if anyone has tried this scenario before with their own IDP and HANA XSA or Lumira as the service with proper SSO.

Thank you,

Matt

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Matheus Oliveira Goulart Mar 14 at 03:39 PM
0

Hello,

I was able to configure SSO in XSA using MS Azure. We just configured the IDP and imported the metadata XML in XSA and it worked. Now i'm doing some tests with roles and attributtes assertion, but the SSO is already configured and working.

Best Regards.

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Thank you Matheus, do you have a link to documentation for enabling SSO with XSA and MS Azure?

0

Hello Matthew,

Our AD technical team followed the configuration for XS Classic application from microsoft, and i just imported the SAML metadata XML generated by Azure. After that a link appeared in XSA Logon screen that when you click to it, redirects you to your AD logon page.

Tutorial: Azure Active Directory integration with SAP HANA

There is an application id they registered inside the "Identifier" field of application configuration in Azure (the id is "XSA ID"-"SAML", example for a SAP id XSD, the application Id is XSD-SAML, and there is a field in Azure where you fulfill that id). You have to change the "Reply URL" for the XSA UAA too.

It's important to update your XSA component to the latest version and SPS, because there is a lot of bug fix for the components.

The issues we are facing now is to set the AD Logon page as the default logon screen and to control application scopes through groups in Azure (assert groups to roles in XSA).

Thanks.

0