cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

417 authorization cloud connector to trial subaccount cloud Foundry

Go to solution
cesar
Discoverer

‎05-25-2022 11:25 PM - edited ‎05-27-2022 6:07 AM

0 Kudos

Hi Team

I created a new trial account with access to BTP. It has a global account and trial subaccount with dev space with cloud foundry instance created
02 - subaccount_02.jpg

 

with my User for trial BTP subaccount

01 - user_02.jpg

and the above data i tried to connect my local cloud connector (from my laptop in localhost:8443 ) to my new btp trial subaccount (cloud foundry feature set B)

01 - connecttion cloud connector_02.jpg
But I get this error:

01 - error cloud connector.jpg

 417 An authorization problem ocurred when downloading the configuration.  Check the spelling of the subaccount name, user, and password. See "Log And Trace Files"

The log shows generic authorization error:

2022-05-27 01:35:48,002 -0300#WARN#com.sap.ui5.resource.ResourceUtil#https-jsse-nio2-8443-exec-10# #An error occured when accessing the /META-INF/ui5.properties! Reason: The /META-INF/ui5.properties could not be found!
2022-05-27 01:35:48,027 -0300#WARN#com.sap.ui5.resource.ResourceServlet#https-jsse-nio2-8443-exec-10# #Could not find property "x-sap-ui5-BuildTimestamp" in ui5.properties or MANIFEST.MF or the value is not valid! Using System.currentTimeMillis as cachebuster timestamp.
2022-05-27 01:36:12,717 -0300#WARN#com.sap.scc.util.JvmUtils#https-jsse-nio2-8443-exec-8# #SAP JVM monitor classes are not available, run without extended monitoring. Root cause: java.lang.ClassNotFoundException: com.sap.jvm.monitor.vm.ThreadAnnotationKey
2022-05-27 01:36:12,722 -0300#INFO#com.sap.scc.rt#https-jsse-nio2-8443-exec-8# #JVM (without monitor classes) is loaded
2022-05-27 01:44:54,025 -0300#WARN#com.sap.scc.config#https-jsse-nio2-8443-exec-5# #Cannot find host mapping configuration file C:\SAP\scc20\scc_config\cf.us10.hana.ondemand.com\faxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxfe\backends.xml
2022-05-27 01:44:54,095 -0300#WARN#com.sap.scc.config#https-jsse-nio2-8443-exec-5# #Creating an sslContextProvider for account faxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxfe@cf.us10.hana.ondemand.com without SSLContext. Keystore did not contain a certificate.
2022-05-27 01:44:54,690 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #TLSSocketFactory: enabled are TLSv1, TLSv1.1, TLSv1.2
2022-05-27 01:44:54,975 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Will retrieve Connectivity CA certificate from SAP Cloud Platform
2022-05-27 01:44:54,975 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Executing Http Get request to https://connectivitycertsigning.cf.us10.hana.ondemand.com:443/certificate/management/v1/trusted/ca/a...
2022-05-27 01:44:56,710 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Returned Http Response with code 200
2022-05-27 01:44:56,720 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Connectivity CA certificate retrieved successfully from SAP Cloud Platform
2022-05-27 01:45:19,005 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #New RSA keypair was generated. Key size used 4096, time 21970 ms
2022-05-27 01:45:19,305 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Send Certificate Signing Request for Cloud Connector certificate to SAP Cloud Platform
2022-05-27 01:45:19,305 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Executing Http Post request to https://connectivitycertsigning.cf.us10.hana.ondemand.com:443/certificate/management/v1/sign/account/faxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxfe
2022-05-27 01:45:22,125 -0300#INFO#com.sap.scc.security#https-jsse-nio2-8443-exec-5# #Returned Http Response with code 401
2022-05-27 01:45:22,170 -0300#INFO#com.sap.scc.config#https-jsse-nio2-8443-exec-5# #Stopping service channels on faxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxfe[CCSTRL01LOC]@cf.us10.hana.ondemand.com
2022-05-27 01:45:22,220 -0300#ERROR#com.sap.scc#https-jsse-nio2-8443-exec-5# #SCC handshake failed: 401 — Unauthorized
com.sap.scc.servlets.SccHandshakeException: SCC handshake failed: 401 — Unauthorized

I have all the relevant authorizations in my subaccount, but nothing works
01 - authorizations_02.jpg

seems like I need something in my new btp trial subaccount, because i don't have any problems if I try to connect my local cloud connector to another subaccount.

also, I see the "Universal Id home page" when I login to my new btp trial account which I couldn't connect from my cloud connector.  

01 - user_id.jpg

 If I use my another btp account that i can connect with success through my cloud connector, i don't see the Universal Id home page.

I tried with note 2461997 and 2571763, but nothing works

I create my new BTP trial account following this steps https://developers.sap.com/tutorials/hcp-create-trial-account.html 

Any suggest? I will apreciate your comments.

Regards!








 

Show replies
Show replies
Margit_Wagner
Product and Topic Expert
Product and Topic Expert
‎08-15-2022 11:34 AM
0 Kudos

Hi @AntalP , @cesar

We have received your request and are in the process of evaluating the problem,
Please allow for a delay in our response
Kind regards
Margit
 

Answer
View Entire Topic
HayBouten
Product and Topic Expert
Product and Topic Expert
‎02-03-2023 5:44 AM
0 Kudos

@Meinrad I think you read the question and answer wrong.

Your point a)
The question is if this statement is true or false: When you open the SAP HANA database explorer, it will connect automatically to the selected database, no additional authentication is required.

That statement is false. The explanation is: Incorrect. Opening the SAP HANA database explorer does need additional authentication. The authentication is performed by the SAP ID service to map your BTP account to the SAP HANA database user account. 

Where do you read in the explanation that authentication is NOT required. It clearly states that it IS required.

Your point b)
In your reality example the interactive authentication already happened when you opened SAP HANA Cloud Central, that is true. SAP HANA database explorer uses that SAP HANA Cloud Central authentication because it is still valid, and doesn't require an interactive authentication.

That you do not have to specify username/password doesn't mean that you are not authenticated. If that, in general, was true ... what would be the point of SSO? 

-- Hay

Show replies
Show replies
Meinrad
Participant
‎02-03-2023 7:02 AM
0 Kudos

As I said - from project perspective all good. SSO is in place. That is the important message. . We can also agree that "another" authentication than logon to BTP must be in place in order to use Database Explorer. Maybe it would be good to know why I have to authenticate when I open HANA cloud Central. What's the basic idea of those 2 users for BTP and HANA Cloud Central?
But reading word by word - it was asked if I have to provide a password. And when I played around I didn't have to because I started Database Explorer from HANA Cloud Central. Besides... The question is not specificly asking for the first launch of Database Explorer. It is asking generally. I guess we agree that for second launch no password is required 😉
I can see that this is difficult to discuss here. Thanks for trying to give me clarification. I think that discussion helped me to get a better understanding here even though I struggle with the exact wording.

 

HayBouten
Product and Topic Expert
Product and Topic Expert
‎02-03-2023 2:36 PM
0 Kudos
@Meinrad, on the why you have to authenticate when opening SAP HANA Cloud Central, SAP HANA Cockpit or SAP HANA database explorer, Looking at the URL, I guess because it's a seperate application in it's own domain.
Ask a Question