How to configure SAML Authentication on HANA XSA?
SOLUTION
Please follow the steps below in order to configure SAML on HANA XSA:
- First, you need to Import the Identity Provider (IdP) metadata into HANA XSA.
- Now please export the XSA metadata and import it into the Identity Provider according to the IdP vendor's documentation.
Map Role Collections
The users will be able to logon after exchanging the metadata, but they will not have any authorizations, because it is needed to map the Identity Provider groups to XSA Role Collections.
All the attributes which comes in the SAML assertion from the IdP and will be mapped to Role Collections are Groups (case sensitive). Therefore please configure the IdP to send this attribute according to the respective vendor's documentation.
Example:
SAML response:
<Attribute Name="Groups">
<AttributeValue xlns:xs="http://www.xyz.org/2014/XMLScema"
xlns:xsi="http://www.xyz.org/2014/XMLScema-instance" xsi:type="xs:string">MY_GROUP</AttributeValue>
Mapping