cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Single Sign-On with SAP HANA XSA and Microsoft Active Directory (ADFS)

teejay
Participant

on ‎11-10-2021 2:32 AM

We are using onPrem HANA. Is it possible to use ADFS saml SSO for just Authentication purpose and augment it with XSA roles for Authorization within XSA ?

The way it is working we have to create AD Groups for each XSA Role collection and provide 1:1 mapping. We do not want to manage so many AD groups for Role mapping at runtime assignment and want to manage Role assignment to Users within XSA. The issue we are having is that AD user names are lowercase and only exist at runtime while XSA username are in Caps so they are two completely different users adding any additional roles to XSA user doesn’t add it automatically to AD user.

Thanks,

TJ

Show replies
Show replies
thomas_jung
Developer Advocate
Developer Advocate
‎11-12-2021 9:16 AM

You asked on Twitter so I wanted to answer you, but honestly I've been away from this topic in detail now for a few years. I'm not totally up to date on everything with the IDM integration with XSA. For this detailed a question on a specific scenario you might be better opening a support ticket. The only definitive answer would come that way.

But that said I don't remember anything about the scenario you described being possible. If I remember right the mapping had to be 1:1 and that you had to use Groups. But again you probably really need SAP development to answer this query directly.

Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

gregorw
Active Contributor
‎11-12-2021 10:01 AM
0 Kudos

What's about asking the ADFS side to provide the Username in Uppercase to have a match?

Show replies
Show replies
teejay
Participant
‎11-15-2021 8:26 PM
0 Kudos

Thank You Thomas and Gregor for your replies. I have opened a support ticket with SAP. I will also explore the possibility of ADFS providing the username in Uppercase.

Regards,

Tarun

Ask a Question