Register Login

SAP HANA Authentication Mechanisms

Updated May 19, 2018

Authentication Mechanisms Supported by SAP HANA

Authentication is the process by which the uniqueness of database users gaining access to SAP HANA is confirmed. Several authentication mechanisms are supported by SAP HANA and many of them can be utilized for the incorporation of SAP HANA in SSO or single sign-on environments.

Mentioned below are the authentication methods that are maintained by SAP HANA:

User name/Password:

Here, the user needs to type in user name and password in order to sign in to the database. In SAP HANA Studio in user management in Security Tab, the user profile is made. As per the password rule, the password should be created. The password can be changed but one cannot deactivate the password rule.

SAP Logon and assertion tickets:

SAP Logon and assertion tickets authenticate the users once they log on to a SAP System which is formed to allocate such tickets for example SAP Portal, etc. In HANA system, user specified in SAP logon tickets should be created as it does not offer assistance for charting users.

Kerberos:

This allows users to validate HANA system straight away by utilizing JDBC and ODBC drivers via network or in SAP Business Objects. This authentication is assisted with SPNEGO or Simple and Protected GSSAPI Negotiation Mechanism.

X.509:

From HANA XS engine in order to sign in to HANA system via HTTP access request, this authentication method is required. By a reliable Certification Authority users can be validated by autographed client certificates, which can be kept in the SAP HANA XS trust store.

SAML 2.0:

Security Assertion Markup Language or SAML can be utilized to validate users gaining access HANA system from ODBC and JDBC clients directly. It is not used for authorization purposes. To validate users gaining access via HTTP/HTTPS through SAP HANA XS classic, SAP HANA can function as service provider.

Apart from this session cookies are strictly not an authentication tool. But, they relink users who have been validated previously by the above authentication methods.

During the user authentication process user passwords are always transmitted for JDBC and ODBC client connection, in encoded hashed form, at no time in plain text. HTTPS must be configured for HTTP connections. In SSO environments, for all client connections it is suggested to use encrypted communication channels.

Thus, it can be said that SAP HANA system supports various types of authentication method and all these login methods are configured at time of profile creation.


×