SAP Knowledge Base Article - Preview

3234112 - Single-sign-on to HANA Cockpit 2 with SAML is failed due to authorization error


  • Following error is raised when you log on to HANA Cockpit with SAML SSO.
  • cockpit-persistence-svc.log shows following error:
    Servlet.service() for servlet [] in context with path [] threw exception
    java.lang.IllegalStateException: {"message":{"key":"PERSIST_USER_NOT_ENABLED","defaultText":"The user ID that you provided has not been added in the cockpit. Contact your cockpit administrator and ask to be added to the cockpit.","attributes":{"at":" Line 197"}}}
  • You have logged on with SAML SSO. However, XS UAA shows empty or wrong "currently resolved authorities"/"SAML groups" when you access to "User info" with following link.

    For example, if the cockpit is running on instance 01, the URL is 
    currently resolved authorities []

    SAML groups []



HANA Cockpit 2.0


SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0


SSO, You're not authorized to open the SAP HANA Cockpit, Ask the cockpit administrator to launch the cockpit manager tool and provide you with authorization. , KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , HAN-DB-SEC , SAP HANA Security & User Management , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.