SAPZilla Community Network
So you want to use SAML to support single sign-on and secure your SAP HANA XS web application? Who doesn’t? This blog post will give you step-by-step instructions to enable your XS app to authenticate existing users from your SAP BI, NW, BW or your non-SAP apps.
Here is how I enabled SAML authentication for my XS app. I have performed these tasks in both rev 67 and rev 70 versions of HANA. I will refer to an SSL guide posted by Erik Lemen and a SAML/XS one posted internally by Bjoern Friedmann. Let’s get to work!
This guide will NOT document how to set up an Identity Provider (IDP) for SAML. It assumes that you already have access to an IDP and have access to an administrator of the IDP. Chances are that you already have a SAML IDP set up in your company. If not, you can use the SAP BI Platform, the Netweaver SSO product, or SAP’s own cloud-based ID Service (SAP IDS) as your IDP (see the Further Reading section for more on those products).
Additionally you will need access to the HANA Linux environment using the Linux admin ID setup for your HANA instance. You also will a HANA user ID that has been assigned the following role to administer the SAML configuration tool: sap.hana.xs.admin.roles::SAMLAdministrator
What if we do not want to use SAML to support single sign-on and secure your SAP HANA XS web application?