Live Data Connection to SAP HANA Using a Tunnel Connection and SSO

You must configure your on-premise SAP HANA system in order to support SSO for live data connections that use the tunnel connection type.

Prerequisites

  • You must use the same Identity Provider (IdP) for SAP Analytics Cloud and SAP HANA. For more information on setting up your identity provider in SAP Analytics Cloud, see Enabling a Custom SAML Identity Provider.
  • Ensure that the InA package (/sap/bc/ina/service/v2) or a higher-level package is configured for SAML authentication using the same identity provider URL as your SAP Analytics Cloud tenant. For details, see the SAP HANA XS Classic Configuration Parameters.
  • Ensure the sap.bc.ina.service.v2.userRole::INA_USER role is assigned to all users who will use the live connection and ensure those users are SAML configured. This role is required in addition to the usual roles and authorizations that are granted to users for data access purposes.
  • Ensure that your SAP HANA XS server is configured for HTTPS (SSL) with a signed certificate, and that you know which port it is using for HTTPS requests. For details, see Maintaining HTTP Access to SAP HANA and SAP Knowledge Base Article 2502174.
Note
For SAP HANA version 1.00.112.04 and above, users require both the INA_USER role, and additional object rights. The SAP HANA administrator must grant users SELECT privileges on all view items in the _SYS_BIC schema that users should have access to. For more information, see SAP Knowledge Base Article 2353833.
Note
For information on supported versions of SAP HANA, see System Requirements and Technical Prerequisites.

Procedure

  1. Follow these configuration and setup instructions:
    1. Configure Your On-Premise Systems to Use the SAPCP Cloud Connector
    2. Set Up Trust Between SAPCP Cloud Connector and Your On-Premise HANA Systems
  2. Increase the session timeout configuration parameters in SAP HANA XS server.

    To do this, you will need to increase the sessiontimeout parameter in the httpserver section of the xsengine.ini file. For example, if you change the parameter to 43200, the session will be active for 12 hours.

    For more information, see the SAP HANA XS Classic Configuration Parameters.

  3. Add a remote system to SAP Analytics Cloud:
    1. Go to Start of the navigation path (Main Menu) Next navigation step  Connection Next navigation step Connections Next navigation step  (Add Connection)End of the navigation path

      The Select a datasource dialog will appear.

    2. Expand Connect to Live Data and select SAP HANA.
    3. In the dialog, enter a name and description for your connection.
      The connection name cannot be changed later.
    4. Set the connection type to Tunnel.
    5. Add your SAP HANA host name, and HTTPS port.
      Use the virtual host name and virtual port that were configured in the cloud connector.
    6. (Optional) Choose a Default Language from the list.
      This language will always be used for this connection and cannot be changed by users without administrator privileges.
      Note
      You must know which languages are installed on your SAP HANA system before adding a language code. If the language code you enter is invalid, SAP Analytics Cloud will default to the language specified by your system metadata.
    7. Under Authentication Method select SAML Single Sign On.
    8. Select OK.

Results

The connection is saved.
Note
The connection is not tested until you create a model. For more information, see Creating a Model from a Live Data Connection.
Related Information