Symptom
- Following error is raised when you log on to HANA Cockpit with SAML SSO.
- cockpit-persistence-svc.log shows following error:
Servlet.service() for servlet [com.sap.hana.cockpit.persistence.api.groups.GroupsForUserGet] in context with path [] threw exception
java.lang.IllegalStateException: {"message":{"key":"PERSIST_USER_NOT_ENABLED","defaultText":"The user ID that you provided has not been added in the cockpit. Contact your cockpit administrator and ask to be added to the cockpit.","attributes":{"at":"com.sap.hana.cockpit.persistence.model.GroupManager.getUsersGroups() Line 197"}}}
- You have logged on with SAML SSO. However, XS UAA shows empty or wrong "currently resolved authorities"/"SAML groups" when you access to "User info" with following link.
https://<cockpit_FQDN>:3<instance#>32/uaa-security/support.jsp
For example, if the cockpit is running on yourserver.company.com instance 01, the URL is
https://yourserver.company.com:30132/uaa-security/support.jsp
******
...
currently resolved authorities []
SAML groups []
...
******
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Read more...
Environment
- SAP HANA Cockpit 2.0
- SAP HANA XS Advanced
- IDP
Product
SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0
Keywords
SSO, You're not authorized to open the SAP HANA Cockpit, Ask the cockpit administrator to launch the cockpit manager tool and provide you with authorization. , KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , HAN-DB-SEC , SAP HANA Security & User Management , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.