cancel
Showing results for 
Search instead for 
Did you mean: 

Difference between BI and HANA SAML OpenSSL and SAP crypto SSO?

Former Member
0 Kudos

Hi Experts,

As per my understanding there are 2 ways of configuring SSO between BI 4.1 and HANA servers.

  1. Open SSL
  2. SAP crypto based SSO.

Apart from configuration method/steps what is difference of these two ways? What aspects should be considered before opting for any one approach? what are the benefits for both approach?

Note: We don’t have Kerberos based authentication in BI and HANA environment.

Thank you in advance!

Regards,

Rahul

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Hello,

technically i cant say whats the difference. Whats pretty sure is that SAP "only" supports the SAPCryptoLib in the case of SAP BI. I think you wont be able to raise any Incidents with the SAP Support when using OpenSSL on SAP BI Level.

You dont need Kerberos for configuring SSO between SAP BI and HANA. This will be achieved sia SAML. So you can use it with Enterprise, LDAP, Win AD or SAP Authentication. Please refer to this Blog:

If you need a clearer statement i would recommend you open an Incident with the SAP Support and ask if we support OpenSSL for SAP BI and whats the difference to SAPCryptoLib.

Regards

-Seb.

Former Member
0 Kudos

Hi Seb,

Thank you for your prompt response!

I was looking more specific to advantages for any of the option, I am aware that Kerberos/Windows AD authentication is not required, the intention to mention that was to give deeper insight about our environment for best suited suggestions.

I guess I should officially get communication from SAP for the support point that you mentioned if we opted for OPEN SSL SSO approach.

Regards,

Rahul  

former_member184468
Active Participant
0 Kudos

There is only one method (aside from kerberos) which is SAML.  What you are referring to is the encryption libraries used to secure the SAML ticket sent from the BI system to the HANA system.

Technically, the cryptographic libraries should be interchangeable, they have one function to perform which is the encryption/digital signature.

On the HANA side, you are going to find a lot more materials and better support with using sap crypto. 

However do not confuse the SSO method (SAML) with the encryption method of the communication over the wire.

Answers (1)

Answers (1)

Former Member
0 Kudos

Thank you for clarification Greg!

Just a small doubt, We are performing this trial test run using temp license keys before building/moving to the actual environment. Can we use the same crypto lib that we have downloaded from SAP Service Market Place?

Regards,

Rahul

former_member184468
Active Participant
0 Kudos

yes, the temp keycode doesn't affect what crypto library is available to you or the cryptography that is available to you.