zoukankan      html  css  js  c++  java
  • SingleSignOn ( SSO) in SAP HANA(SAP HANA中的单点登陆) 沧海

    This blog will give you details on setting up Single sign on (SSO) with SAP Hana using Kerberos.

    Why do we need SSO ?

    By enabling SSO, users can directly login from BO ( or any Front end Application) & access Hana database without providing login credentials again

    There are different teams involved for this set up ( This may change based on your organization structure)

    1) System administrator needs to install Kerberos Client on Hana server

    2) Active Directory & Service account set up is done by of Identity Management Administrator

    3) Hana Administrator needs to set  up  the configuration & user creation

    Note: I have greyed out server names & service account names in screen shots for security reasons

    Kerberos Client Installation:

    Please make sure that the Kerberos client & libraries are installed on the Hana Database server

    image

    Creation of service account:

    Identity Management Administrator will need to create a service user & a Service Principal Name( SPN) for each host on the system . For scale out box, we need to create 1 SPN for each host . Please find screen shot

    image

    image

    The SPN needs to have the following syntax:

    hdb/ <Domain Name >@Kerberos realm name

    <Domain Name>: fully qualified domain name of the host

    Generating a key Tab :

    ktpass -princ hdb/ <servername.Domain Name>@ <REALM> -mapuser  <Domain>\<serviceuser> -pass <password> -out <keytabfile >.keytab -ptype<PRINCIPAL> -crypto <CRYPTOGRAPHIC TYPE>

    <PRINCIPAL> = KRB5_NT_PRINCIPAL

    <CRYPTOGRAPHIC TYPE> = RC4-HMAC-NT

    Using the above syntax key tab file is generated

    Hana Admin configuration:

    Login  as root & update the krb5.conf file. This is located at /etc/krb5.conf

    Entries in the file

    [libdefaults]

    default_realm= <realm>

    [realms]

    <realm>={ kdc=<kdc_name>}

    Where <realm> and <kdc name>are the names of your Kerberos realm and KDC.

    Realm is your domain name in uppercase letters, such as DOMAIN_NAME.

    Note : if you are not aware of the above parameters like realm , KDC Name , Domain Name please contact your Active directory Adminstrator

    Import the key tab which was generated into Hana Box.

    Make sure the permissions are changed

    image

    Creation of  user  in HANA:

    This can be done via GUI screen or via sql syntax

    CREATE USER Kiran IDENTIFIED EXTERNALLY AS ‘Kiran@Realm’ ;

    Please assign the appropriate role to this user

    While configuring the user in Hana studio , Please check the authentication by OS user as shown below

    image

  • 相关阅读:
    将训练好的Tensorflow模型部署到web应用中
    python pip升级
    python time
    python 队列模拟递归遍历目录(广度遍历)
    python 栈模拟递归遍历目录(深度遍历)
    python 递归遍历目录
    python 队列
    python 栈
    python 递归
    python 语音模块
  • 原文地址:https://www.cnblogs.com/omygod/p/3039470.html
Copyright © 2011-2022 走看看