Configuring SAP HANA for SAML Single Sign-On with QlikView
When you set up SAP HANA as a data source in QlikView, you can set up single sign-on (SSO) access using SAML. That is, you store the QlikView user credentials in SAP HANA Studio, and define a trusted relationship so that the system passes the QlikView credentials from QlikView to SAP HANA.
Users who create apps using an SSO data connection to SAP HANA are authenticated in SAP HANA. If the app data is loaded in-memory, then access to the data is controlled from within QlikView. In the QlikView Management Console, we recommend that you set security rules so that ODBC data connections cannot be created, to prevent the creation of other SAP HANA data source connections.
SSO using SAML can be set up for QlikView 12.10, and SAP HANA 1.00.9 or higher. You do not need to install additional connectors.
To set up SSO, do the following:
- Generate a certificate and private key.
- Install the certificate in SAP HANA.
- Create an identity provider (IDP) and user mappings in SAP HANA.
- Validate your configuration.
-
Configure QlikView
Distribute the PEM files to all QVS nodes in your QlikView installation. Use the same certificate on all QVS nodes.
Information noteMake sure the certificates are named Qlik.pem and Qlik_key.pem- On each computer, copy the certificate and private key files to the certificate folder. By default, this is C:\ProgramData\QlikTech\QlikViewServer \Certificates.
-
Create an ODBC connection to SAP HANA
To enable Single Sign-On, the keyword SSO must be added to the ODBC statement in the script.
ODBC CONNECT TO ‘[database]’ (USERID IS ‘[username]’, PASSWORD IS ‘[password]’, SSO);