Symptom
When using a managed HANA OLAP connection in Lumira Desktop, one of the following issues may occur:
-
Lumira Desktop gets hung with the 3 dots circling
2. When using a HANA OLAP connection with authentication set to "Use Single Sign-on", you are authenticated on HANA as your AD kerberos username, not via BI Platform SAML SSO
Environment
- Lumira Desktop 1.31
- BI Platform 4.1/4.2
- Lumira Server for BI Platform 1.31
- HANA database
Reproducing the Issue
- In Lumira Desktop, select New Document
- Connect to HANA (or Download from HANA)
- Connect to BI Platform
- Choose a HANA OLAP connection
- Error occurs
Cause
Root cause of these issues is most likely authentication related. The reason is that when Lumira Desktop uses a managed HANA OLAP connection, it is only using the HANA connection information, such as hostname, instance number, etc., from the connection object. In this case, when the connection is set to "Use SSO", Lumira Desktop will not use SAML SSO bewteen BI Platform and HANA, only Kerberos authentication to connect to HANA (if it's available).
For symptom #1, the reason Lumira Desktop gets hung is that the current user on the client machine does not have access to HANA via kerberos authentication, hence the error.
For symptom #2, you are authenticated as your AD kerberos user on HANA, which may have different roles and privileges assigned comparing to the SAML user. SAML SSO is ignored in this case.
Resolution
This is currently a limitation in Lumira Desktop - as of Lumira 1.X only Kerberos authentication is supported for SSO between Lumira Desktop and HANA, while SAML is the alternative for Lumira Server for BI Platform and HANA.
In Lumira 2.0, it is expected that:
- For HANA Live connectivity:
- For managed connections:
- SAML for Lumira Discovery
- SAML for Lumira Server for BI Platform
- For direct connections:
- SSO not supported
- SSO not supported
- For HANA Import connectivity:
- For managed connections:
- Kerberos for Lumira Discovery
- SAML/Kerberos for Lumira Server for BI Platform
- For direct connections:
- Kerberos for Lumira Discovery
- SAML/Kerberos for Lumira Server for BI Platform
At this stage of Lumira 2.0 development those are the expected supported scenarios, although unlikely it is possible that those scenarios will be modified.
See Also
hana, olap, sso, connection, single, sign, on, login, logon, lum, dsk, bip, bi4, bi41, bi42, boe, bobj, bo, online, offline, cannot, can't, can, not, unable, error, issue, working, problem, stuck, hung, hang,
Keywords
KBA , BI-LUM-DIS , Lumira Desktop/Discovery , BI-LUM-SRV-BIP , SAP Lumira Server for BI Platform , Problem