Skip to Content

SAML2 Web IDE SSO to HANA

Dear community,

I did set up a trust between SAP Cloud Identity and a HANA MDC. This works so far. That means, I can access the xsodata file in browser with the credentials of the SAP Cloud Identity and the login mask is shown, etc.

I also did a mapping for External Identity. So far it seems to work fine in browser.

Only thing is, when I want to access the database with my destination in WebIDE I always get the error 401 - Unauthorized. Looking in the traces:

Assertion authentication for user  failed with reason: Unable to verify XML signature(StatusCode: , StatusMessage: )

I attach a picture of my destination configuration. SAML2_audience is set to the name of the SAML Service Provider of the HANA database.

Please give me some hints, what I'm missing.

Best regards

destination.png (28.2 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Aug 20, 2018 at 06:20 PM

    Hi Johannes,

    That error message usually means that either:

    1. The certificate on SAP CP > Security > Trust > Local Service Provider is different than the one in HANA > SAML Identity Provider

    2. saml2_audience set in the destination is not the same as in HANA > SAML Service Provider > Name

    This is a good blog post to help you with that if you haven't seen it yet:
    https://blogs.sap.com/2016/03/21/principal-propagation-between-html5-and-sap-hana-xs-on-sap-hana-cloud-platform/

    Best Regards,
    Lucas

    Add comment
    10|10000 characters needed characters exceeded