How-to Configure Live Data Connection with Username and Password from SAP Analytics Cloud to SAP HANA
Live data connections help you connect the SAP Analytics Cloud to your data sets in such a way that any changes made to the data in the source system are instantly recorded. The advantage of connecting live to the data is that they remain in the source system making it needless to move huge volumes of data. SAP Analytics Cloud may also use existing models in the source system directly to create a story and visualization on that model to conduct online analysis without data replication.
You can create a Live Data Connection to SAP HANA from SAP Analytics Cloud using several connection types. For Documentation of SAP Analytics Cloud (SAC) to HANA Connection please see: Live Data Connection to SAP HANA Using a Direct Connection with Password Authentication
Procedure
1. Grant user authorizations to HANA SYSTEMDB user SYSTEM
Set up and activate the SAP HANA Info Access Service (InA), version 4.10.0 or above, on your SAP HANA system a. Check if the HCO_INA_SERVICE is deployed on your HANA system in SAP HANA Studio:
Ensure that the SAP Information Access (InA) service (/sap/bc/ina/service/v2) on your SAP HANA server is exposed either directly, or via a reverse-proxy to browser users.
Navigate to: http://192.168.3.84:8000/sap/bc/ina/service/v2/GetServerInfo to see the JSON response:
2. Use SAP HANA Studio, ensure the sap.bc.ina.service.v2.userRole::INA_USER role is assigned to all users who will use the live connection.
Also assign SAP HANA XS Web Dispatcher roles (see above screenshot).
Click ‘Deploy’ option to save the authorizations to SYSTEMDB user SYSTEM.
Switch to the Configuration tab; increase the session timeout parameter in the http server section of the xsengine.ini file
3. Ensure that SAP HANA XS server sealinucvm19.applexus.com is configured for HTTPS (SSL) with a signed certificate, use SAP HANA XS admin and SAP HANA XS Web Dispatcher Admin tools to view the HTTPS port:
http://192.168.3.81:8000/sap/hana/xs/admin
Login as SYSTEM (this is to login SA HANA system db: SYSTEMDB)
Replace then http url as http://192.168.3.81:8000/sap/hana/xs/wdisp/admin to login to SAP HANA XS Web Dispatcher Admin landing page (as user SYSTEM)
https port 4300 is assigned used.
Note: Stay in the SAP HANA XS Web Dispatcher admin page, more steps need for CSR request quest.
4. Configure SAP HANA XS classic via SSL / HTTPS - using Web Dispatcher Administration and pse container
Reference document: https://launchpad.support.sap.com/#/notes/2502174
a. Create Signing Request
- Backup the current SAPSSLS.pse
Change the user to the bd1adm in sealinuxvm19
cd /usr/sap/BD1/HDB00/sealinuxvm19/sec
cp SAPSSLS.pse SAPSSLS.pse.OLD
b. Create a CSR Open the Website of the Web Dispatcher Administration http://192.168.3.81:8000/sap/hana/xs/wdisp/admin
Reference document: https://launchpad.support.sap.com/#/notes/2502174
Switch to the Tab of SSL and Trust Configuration -> PSE Management
Choose the SAPSSLS.pse and click "Recreate PSE"
Note: Use the values below: (Confirmed with Roger Anderson)
CN=sealinuxvm19.applexus.com, OU=Applexus, O=Applexus, L=Federal Way, S=Washington, C=US
Choose ‘Create’
Choose ‘Create CA Request’
Select the full text and copy it to the clipboard, save it to a text file: vm19 CA Request of PSE.txt, send it to Roger Anderson for CA Request
Optional: use https://www.sslshopper.com/csr-decoder.html to verify CSR
c. Sign the request
This step is to import signed certificates into SAP HANA XS Web Dispatcher. Returned zip file should contain three files: CA Root Certificate, CA Certificate and Trusted Certificate
Those certificates need to be imported in the correct order:
- Cut-and-past the CA root certificate, which is the file: sf_bundle-g2-g1.crt
- Cut-and-paste the CA certificate, it is the file: 56ab81315c5a68b1.crt
Then click on ‘Import’ - Cut-and-paste the Trusted Certificate, it is file: 56ab81315c5a68b1.pem, click Trusted certificate ‘Import’
Note: troubleshooting document:
https://launchpad.support.sap.com/#/notes/2542858
d. After importing the Certificate, use HANA Studio to kill SAP HANA XS Web Dispatcher . It will restart automatically
e. Test HTTPS port: https://192.168.3.81:4300/sap/hana/xs/admin
To use the FQDN, add following line in local desktop:
C:\Windows\System32\drivers\etc\hosts
192.168.3.84 sealinuxvm19 sealinuxvm19.applexus.com
https://sealinuxvm19.applexus.com:4300/sap/hana/xs/admin
5. Config Live Data Connection from SAC to SAP HANA using a Direct Connection w/ UserId and Password
- Add a remote system to SAP Analytics Cloud, logon SAC: https://applexus.us10.hcs.cloud.sap
With userid: joby.mathew@applexus.com and pw:
Choose ‘main menu’ -> ‘Connection’
User Name: SYSTEM
Password: xxxxxx è Note: use pw for saplinuxvm19 SYSTEMDB user SYSTEM
Click ‘OK’
Now new connection ‘SAPHANA’ is created and verified.
6. Verify the https port:
https://192.168.3.81:4300/
https://sealinuxvm19.applexus.com:4300/
7. SameSite Cookie Configuration for Live Data Connections
- Log on to the sealinuxvm19 as userid bd1adm
- cd to /hana/shared/BD1/profile
- vi rewrite.txt, insert the following section of codes from above document:
Save and exit
- Launch SAP HANA Studio, Right-click the HANA system, select Configuration and Monitoring Open Administration.
Select webdispatcher.ini, right-click profile, and select Add Parameter.
icm/HTTP/mod_0
PREFIX=/, FILE=/hana/shared/BD1/profile/rewrite.txt
- Switch to the Landscape tab. Right-click webdispatcher, and click Kill. HANA's Web Dispatcher will shut down and restart automatically, which allows the new parameter to take effect. Alternatively, you can restart the entire HANA system.
For live data in SAP HANA, currently the following connection types and authentication methods are supported by the mobile app:
- Type: Direct; Authentication: User Name and Password, SAML SSO, SAP Cloud Connector-based Mobile Single Sign-On
- Type: SAPCP; Authentication: User Name and Password, SAML SSO, SAP Cloud Connector-based Mobile Single Sign-On
Results
The connection is saved. The user whose credentials you added will have access to the live data connection.
Note:
Other Authentication methods:
- None: The browser will send directly the authentication method available to the backend: Kerberos ticket, client certificate, etc.
- SAML Single Sign On (SSO): valid for HANA, BW, S/4HANA and SAP Universe. SAP Analytics Cloud and the data source selected must use the same SAML Identity Provider: AD FS, Azure AD, SAP IAS, etc.