Live Data Connection to SAP BW Using a Direct Connection and SSO
You must configure your on-premise SAP BW system in order to support SSO for live data connections that use the direct connection type.
- You are using a supported version of SAP BW. For more information, see System Requirements and Technical Prerequisites.NoteAdditional correction notes must be applied for some versions of SAP BW. For more information, see SAP Note 2541557.
- You are using same Identity Provider (IdP) for SAP Analytics Cloud and SAP NetWeaver. For more information on setting up your identity provider in SAP Analytics Cloud, see Enabling a Custom SAML Identity Provider.
- Ensure that the InA package
(/sap/bw/ina) or a higher-level package is
configured for SAML authentication using the same identity provider URL as
your SAP Analytics Cloud
tenant. For more information on enabling SAML on SAP NetWeaver, see Enabling the SAML Service
To check if the Ina package is enabled, open the following URL in your browser: https://<Your_ABAP_System>/sap/bw/ina/GetServerInfo?sap-client=<Your_Client_ID>. Make sure you are redirected to your IdP login page, and after login you get a JSON response. Replace <Your_ABAP_System> with your ABAP system host, and <Your_Client_ID> with your SAP BW client ID.
- If you have multiple authentication methods configured on your ABAP system, see Alternative Logon Order.
Configure Cross-Origin Resource Sharing (CORS) support on your SAP
If you are using SAP NetWeaver version lower than 7.52, follow the instructions here Enable CORS on SAP NetWeaver releases lower than 7.52, and then skip to step 2 below.
If you are using SAP NetWeaver version 7.52 or above, you must apply SAP Note 2531811 or import ABAP 7.52 SP1 to fix CORS related issues in SAP NetWeaver, and then follow the steps below.
Enable CORS in your system parameters.
- Enter transaction code: RZ11.
- Enter Parameter: icf/cors_enabled
- Select Display.
- Set Value to 1.
Add SAP Analytics Cloud to the HTTP whitelist.
NoteFor more information on SAP NetWeaver HTTP Whitelists, see Managing HTTP Whitelists.
- Enter transaction code: /NUCONCOCKPIT.
- Change Scenario to HTTP Whitelist Scenario.
- Change the Mode of Cross-origin Resource Sharing to Active Check.
- Double-click Cross-origin Resource Sharing.
- Select the Display/Change icon.
- Under Whitelist, select the
Add icon, and in the
Input Window, add the
- Service Path: Add /sap/bw/ina.
- Host rule: Add your SAP Analytics Cloud host. For example, mytenant.us1.sapbusinessobjects.cloud.
- Allowed Methods: Select GET, HEAD, POST, and OPTIONS.
- Add the following to Allowed
- Add the following to Exposed
- Allow Credentials: Ensure this is selected.
- Save this information.
- Enable CORS in your system parameters.
Install custom web content to your SAP NetWeaver
- Enter transaction code: SE24.
- Enter Object Type: ZCL_DUMMYAUTH_SERVICE, select Create, and then select Save.
- Go to the Interfaces tab, and add IF_HTTP_EXTENSION, plus a description.
Go to the Methods tab, and add the following
- Method: IF_HTTP_EXTENSION~HANDLE_REQUEST
- Level: Instance Method
- Visibility: Public
- Description: Add a description
Double click on
IF_HTTP_EXTENSION~HANDLE_REQUEST and add
the following code:
- Select Save, and then Activate.
- Enter transaction code: SICF.
- Enter Service Path: /sap/bw/ina, and then press Enter.
- Under ina, then choose New Sub-Element. , right click
- In Service Name, enter auth.
- Add a description.
- Open the Handler List tab, and enter ZCL_DUMMYAUTH_SERVICE
- Save and return to the main menu.
(Optional) Check if the auth package is installed.
Open the following URL in your browser: https://<Your_ABAP_System>/sap/bw/ina/GetServerInfo?sap-client=<Your_Client_ID>. Make sure you are redirected to your IdP login page, and that you do not get 404 page after login.
Replace <Your_ABAP_System> with your ABAP system host, and <Your_Client_ID> with your SAP BW client ID.
Verify end-users' web browser configuration and access.
Your end users' web browsers must be configured to:
- Allow pop-up windows from the SAP Analytics Cloud domain: [*.]sapbusinessobjects.cloud.
- Allow 3rd party cookies from the SAP BW server's domain or the domain of your reverse proxy. For example, in Internet Explorer 11, go to , add your domain name, then select Enable Protected Mode.
Add a remote system to SAP Analytics Cloud:
- Log onto SAP Analytics Cloud and go to .
In the dialog, enter a name for your new connection.
The connection name cannot be changed later.
- Set the connection type to Direct.
- Add your SAP BW host name, HTTPS port, and Client.
(Optional) Choose a Default Language from
This language will always be used for this connection and cannot be changed by users without administrator privileges.NoteYou must know which languages are installed on your SAP BW system before adding a language code. If the language code you enter is invalid, SAP Analytics Cloud will default to the language specified by your system metadata.
- Under Authentication Method select SAML Single Sign On.
- Select OK.