cancel
Showing results for 
Search instead for 
Did you mean: 

how enable SSO on HANA XSA

mrwong05
Participant
0 Kudos

Hi,

I'd like to enable single sign on (SSO) to HANA XSA and Lumira 2.0

I'm using hana expres 2.0 SPS 02 with XSA, SAP Lumira 2.0 Discovery and AWS

My scenario is that I'm using AWS Cognito to authenticate user logins on my personal portal. Then I want these authorized users to be able to access the HANA XSA applications (urls) without having to login to the XS Advanced with a username/password.

I know I need a Identity Provider service (IDP), whether SAML or JWT based, it doesnt matter. But it would be helpful to me if anyone has tried this scenario before with their own IDP and HANA XSA or Lumira as the service with proper SSO.

Thank you,

Matt

Accepted Solutions (0)

Answers (1)

Answers (1)

matheusog
Participant
0 Kudos

Hello,

I was able to configure SSO in XSA using MS Azure. We just configured the IDP and imported the metadata XML in XSA and it worked. Now i'm doing some tests with roles and attributtes assertion, but the SSO is already configured and working.

Best Regards.

mrwong05
Participant
0 Kudos

Thank you Matheus, do you have a link to documentation for enabling SSO with XSA and MS Azure?

matheusog
Participant
0 Kudos

Hello Matthew,

Our AD technical team followed the configuration for XS Classic application from microsoft, and i just imported the SAML metadata XML generated by Azure. After that a link appeared in XSA Logon screen that when you click to it, redirects you to your AD logon page.

Tutorial: Azure Active Directory integration with SAP HANA

There is an application id they registered inside the "Identifier" field of application configuration in Azure (the id is "XSA ID"-"SAML", example for a SAP id XSD, the application Id is XSD-SAML, and there is a field in Azure where you fulfill that id). You have to change the "Reply URL" for the XSA UAA too.

It's important to update your XSA component to the latest version and SPS, because there is a lot of bug fix for the components.

The issues we are facing now is to set the AD Logon page as the default logon screen and to control application scopes through groups in Azure (assert groups to roles in XSA).

Thanks.