Skip to Content
1

ApptoAppSSO destination to HANA XS: Unable to verify XML signature

Oct 28, 2016 at 01:43 PM

499

avatar image
Former Member

Hello,

I am attempting to connect a HANA XS application to an HTML5 application in HCP. My case is close to the one in this guide:

https://blogs.sap.com/2016/03/21/principal-propagation-between-html5-and-sap-hana-xs-on-sap-hana-cloud-platform/

I have set the following destination:

Only difference is that I am using SAP's default SSO. I have no issues connecting to the HANA XS service directly and authenticating. When the app tries to connect through the destination, the connection fails.

In the browser debugger I see the following error returned to the app:

StatusCode in ResponseMessage != OK; please refer to the database trace for more information

In the server log I get the following:

Assertion authentication failed with reason: Unable to verify XML signature(StatusCode: , StatusMessage: )

What can be the reason, is there an issue with the destination configuration I set?

1.png (25.1 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

avatar image
Former Member Nov 01, 2016 at 04:30 PM
0

Turns out I needed to add the HCP service provider settings as an identity provider in HANA. After adding a SAP Cloud Identity IdP, I did just that and it worked.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Tsvetelin,

I have the same issue as you. Can you please share some details how excactly you solved the issue?

Thank you.

Christian

0
avatar image
Former Member Nov 02, 2016 at 03:57 PM
0

It works fine in one HCP account, but not in another. One account has a HANA version 1.00.102.04.1453734118 (SPS 10). There the destination works with no issues.

In another account, the HANA version is 1.00.112.05.1469552341 (SPS 11).

There we have the following issue. The user is recognized, but the HTTP request returns code 403 - Forbidden. If the same service is called directly from a browser, it works fine, so it doesn't seem to be due to a lack of rights. If the user is not present in HANA, it is created and then we get status code 500.


2.png (39.9 kB)
3.png (51.0 kB)
Share
10 |10000 characters needed characters left characters exceeded
Sebastian Esch Jan 23, 2017 at 04:21 PM
0

In our case we had the same problem on a HANA instance in HCP with SP11. After an upgrade to SP12 it worked as expected. Now we have an AppToAppSSO connection from one HCP Account where we are running the HTML5 App to another HCP Account where the HANA instance is located.

Share
10 |10000 characters needed characters left characters exceeded
Sebastian Esch Jan 23, 2017 at 04:21 PM
0

In our case we had the same problem on a HANA instance in HCP with SP11. After an upgrade to SP12 it worked as expected. Now we have an AppToAppSSO connection from one HCP Account where we are running the HTML5 App to another HCP Account where the HANA instance is located.

Share
10 |10000 characters needed characters left characters exceeded