fbpx
Back

Authentication Methods in SAP HANA

SAP HANA database facilitates the integration of different authentication methods. To integrate the SAP HANA database in your environment you need an overview of the supported authentication methods.

There are following options available:

  • Direct logon to database with user and password
  • Authentication using Kerberos (third party authentication provider)
  • Authentication using security assertion markup language (SAML) bearer token

SAP HANA supports the Kerberos protocol for single sign-on. It has been tested with Windows Active Directory Domain Kerberos implementation and MIT Kerberos network authentication protocol. The ODBC database client and the JDBC database client support Kerberos.

To implement this, you need to install the MIT Kerberos client software on the host of the SAP HANA database.
The users stored in the Microsoft Active Directory or the MIT Kerberos Key Distribution Center can be mapped to database users in the SAP HANA database.
For this purpose, specify the user principal name (UPN) as the external ID when creating the database user.

SAML, Security Assertion Markup Language, is the XML-based standard for communicating identity information between organizations. The primary function of SAML is to provide Internet Single Sign-On (SSO) for organizations. SAML is used to securely connect Internet applications that exist both inside and outside the organization’s firewall.

SAML may be selected as a user authentication method when creating users in the SAP HANA studio.

The main purpose of SAML for SAP HANA is to support scenarios where clients are not directly connected to the SAP HANA Database, but to a middle tier application server (XS engine, for example).
• This middle tier application server runs an HTTP server. Whenever the application server needs to connect to the database on behalf of the user, it requests a SAML assertion from the client.
• The assertion is issued by an identity provider after the client was successfully authenticated. The assertion is then forwarded to the SAP HANA database, which will grant access based on the previously established trust to the identity provider.

Password Criteria

some words are not accepted as passwords. This black list can be found in table _SYS_SECURITY._SYS_PASSWORD_BLACKLIST

This schema and table are owned by SYSTEM user.

Tag:,

author avatar
How2bw

How2bw is a collection of free and paid study material, ebooks and courses on SAP BI mainly SAP BW, HANA, BODS and BI.
It is a hub of free blog posts to aid the readers working in SAP industry in their day to day work and also provides affordable and easy learning platform to advance their career.

You may also like

Starting and Stopping SAP HANA System
6 February, 2022

The goal of this lesson is to get to know the different ways to start and stop SAP HANA. As the administrator of SAP HANA database, you need to stop the system for maintenance purposes. SAP HANA Database could be …

HDBSQL Command Line Tool in SAP HANA
6 February, 2022

The goal of this lesson is show some of the most important commands of HDBSQL. SAP HANA HDBSQL is a command line tool for entering and executing SQL statements, executing database procedures, and querying information about HANA database. You can …

How to expand (Scale Up) SAP HANA system
6 February, 2022

This lesson describes how you can expand your HANA system. After completing this lesson you will be able to understand the basics of scale out and configuration of a distributed system. You can find detailed information in scale out at: …

Leave a Reply

@2014-2022 how2bw.in All rights reserved DISCLAIMER: How2bw is not associated with SAP AG

error: Content is protected !!