2342537 - Issues with using Managed HANA OLAP Connection in Lumira Desktop

SAP Knowledge Base Article - Public

2342537 - Issues with using Managed HANA OLAP Connection in Lumira Desktop

Symptom

 

When using a managed HANA OLAP connection in Lumira Desktop, one of the following issues may occur:

  1. Lumira Desktop gets hung with the 3 dots circling
    7-13-2016 2.38.56 PM.png

 

2. When using a HANA OLAP connection with authentication set to "Use Single Sign-on", you are authenticated on HANA as your AD kerberos username, not via BI Platform SAML SSO

 

Environment

  • Lumira Desktop 1.31
  • BI Platform 4.1/4.2
  • Lumira Server for BI Platform 1.31
  • HANA database

Reproducing the Issue

  1. In Lumira Desktop, select New Document
  2. Connect to HANA (or Download from HANA)
  3. Connect to BI Platform
  4. Choose a HANA OLAP connection
  5. Error occurs

Cause

Root cause of these issues is most likely authentication related. The reason is that when Lumira Desktop uses a managed HANA OLAP connection, it is only using the HANA connection information, such as hostname, instance number, etc., from the connection object. In this case, when the connection is set to "Use SSO", Lumira Desktop will not use SAML SSO bewteen BI Platform and HANA, only Kerberos authentication to connect to HANA (if it's available).

For symptom #1, the reason Lumira Desktop gets hung is that the current user on the client machine does not have access to HANA via kerberos authentication, hence the error.

For symptom #2, you are authenticated as your AD kerberos user on HANA, which may have different roles and privileges assigned comparing to the SAML user. SAML SSO is ignored in this case.

Resolution

This is currently a limitation in Lumira Desktop - as of Lumira 1.X only Kerberos authentication is supported for SSO between Lumira Desktop and HANA, while SAML is the alternative for Lumira Server for BI Platform and HANA.

In Lumira 2.0, it is expected that:

  • For HANA Live connectivity:
    • For managed connections:
      • SAML for Lumira Discovery
      • SAML for Lumira Server for BI Platform
    • For direct connections:
      • SSO not supported
      • SSO not supported
  • For HANA Import connectivity:
    • For managed connections:
      • Kerberos for Lumira Discovery
      • SAML/Kerberos for Lumira Server for BI Platform
    • For direct connections:
      • Kerberos for Lumira Discovery
      • SAML/Kerberos for Lumira Server for BI Platform

At this stage of Lumira 2.0 development those are the expected supported scenarios, although unlikely it is possible that those scenarios will be modified.

See Also

hana, olap, sso, connection, single, sign, on, login, logon, lum, dsk, bip, bi4, bi41, bi42, boe, bobj, bo, online, offline, cannot, can't, can, not, unable, error, issue, working, problem, stuck, hung, hang,

Keywords

KBA , BI-LUM-DIS , Lumira Desktop/Discovery , BI-LUM-SRV-BIP , SAP Lumira Server for BI Platform , Problem

Product

SAP Lumira, desktop edition 1.0