Saturday, 5 November 2016

Secure your HANA Cloud Connector with OpenSSL certificates – Part 3

In parts 1 and 2 of this blog series, I showed how to secure your SCC with a trusted UI Certificate as well as how to further secure your SCC with a trusted System Certificate, put your CA certificate in the Trust Store, install a SCC CA Certificate and with that enable Principal Propagation. As a result, we got 4 green boxes in the SCC General Security Status:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 3
Therefore, in the final blog of this series, I will show how to configure local LDAP for authentication of Cloud Connector administrators.

This configuration is JNDIRealm based and pretty straight forward given your directory setup:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 3

However, I found it useful to test the settings in an LDAP tool with the configured user to ensure that access is permitted and the correct results retrieved for both the user:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 3

As well as for the role search:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 3

Also, it is good to know, that as of SCC version 2.8.0 and higher, you can always easily revert back to the file based user store.

Since the Administrator is a pure service user, I can confirm this and get an all green General Security Status:

Secure your HANA Cloud Connector with OpenSSL certificates – Part 3

If you followed me until here, then you got a fully secured HANA Cloud Connector now.

Source: scn.sap.com

No comments:

Post a Comment