Reputation: 119
I was referring 'https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-sap-hana-cloud-platform-tutorial/' for the R&D on 'how to enable single sign on with Azure active directory for SAP HANA XS application'.
Please clarify the below 2 points.
1) What does SAP HANA 'application' means here? Does the xs service app also can be used to integrate with Azure Active Directory (AAD)?
2) I was unable to do 'Assigning a role to a user' step. In cockpit > Authorizations > Users, I enetered my AAD user, then clicked on 'Show Assignments'. There were no roles displayed which is expected being an AAD user. I clicked on 'Assign' as you mentioned in your document but there were no 'Role' available to select in dropdown.
By default, below values are selected in the popup and no other values are available.
Account: services
Application: dispatcher
Role:-----
After doing the steps mentioned in the tutorial, I can see 'SAP HANA Cloud App' in https://myapps.microsoft.com/ ( yay :) ). But when I click on it, it asks for the credentials again and only after entering SAP HANA db credentials, I can access the app. Obviously this is not what is expected. The XS app has no authentication set in .xsaccess file in SAP HANA.
Thanks! Ramees
Upvotes: 1
Views: 864
Reputation: 1061
To the single questions:
1) What does SAP HANA 'application' means here? Does the xs service app also can be used to integrate with Azure Active Directory (AAD)?
As written the trust establishment will be valid for Java EE and HTML 5 applications only. XS applications have a separate trust configuration.
2) I was unable to do 'Assigning a role to a user' step. In cockpit > Authorizations > Users, I enetered my AAD user, then clicked on 'Show Assignments'. There were no roles displayed which is expected being an AAD user. I clicked on 'Assign' as you mentioned in your document but there were no 'Role' available to select in dropdown.
Again role assignments via the cloud cockpit are valid for Java and HTML 5 applications only. Currently you have no roles defined for the subscriptions and applications you have in your account.
The section:
> In order to enable Azure AD users to log into SAP HANA Cloud Platform,
> you must assign roles in the SAP HANA Cloud Platform to them.
from the tutorial is a bit misleading. Assigning roles is not a must - it depends on the logic that you have in your application.
But when I click on it, it asks for the credentials again and only after entering SAP HANA db credentials, I can access the app. Obviously this is not what is expected. The XS app has no authentication set in .xsaccess file in SAP HANA.
Seems that you are using a HANA XS application. Like I mentioned the HCP configurations in this tutorial are valid for Java and HTML 5 applications only.
Upvotes: 1