cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
ext-fsatorra Frequent Visitor
Frequent Visitor

SAML SSO from Power BI to HANA on cloud

Hello,

 

In my organization we connected Power BI to a HANA database in cloud (in SAP CP). To achieve this we put in the middle a SAP Cloud Connector (SAP CC). It works perfectly but...

 

We needed to add SSO (using SAML) to propagate the user to the database so we could apply our security privileges on the data for each user.

 

We followed the guide to setup SSO (SAML) from Power BI to HANA but when I we tested a report that uses this configuration it didn't work.

 

Guide: https://docs.microsoft.com/en-us/power-bi/service-gateway-sso-saml

 

In the Power BI Gateway log I see these messages:

 

DM.EnterpriseGateway Error: 0 : 2019-08-27T16:56:40.2205171Z DM.EnterpriseGateway 34362901-f01b-424a-9ae8-0e9510364300 16f95e75-ab83-0fa9-cc75-9f618e20c44e MDSR 16f95e75-ab83-0fa9-cc75-9f618e20c44e b9d649e9-a791-4276-9992-b88d811c90f3 b9d649e9-a791-4276-9992-b88d811c90f3 DDD37E27 [DM.GatewayCore] Error processing request: [0]Microsoft.PowerBI.DataMovement.Pipeline.Diagnostics.SAMLAssertionCertificateCanNotBeFoundException: Can not find SAML assertion certificate.
GatewayPipelineErrorCode=DM_GWPipeline_Gateway_SAMLAuthenticationCertificateCanNotBeFound
GatewayVersion=3000.5.185

 

Additionally, I'm using another product similar to Power BI in the same way (SAP Analytics Cloud) and it works perfectly so I don't think it could be a HANA setup problem.

 

Indeed the error says that the SAML Assertion Certificate couldn't be found, but I don't understand what it means as I did exactly what the mentioned guide indicates.

 

In Power BI Service, when I test a report that uses this data source, the error says:

 

Cannot load model
Couldn't load the model schema associated with this report. Make sure you have a connection to the server, and try again.
Please try again later or contact support. If you contact support, please provide these details.
Activity ID: 1176d00d-b757-4d9a-8b7a-28aae6f73adb
Request ID: 94bb42c3-4d51-f9b7-1c0b-623ff9709006
Correlation ID: b8479191-b6c0-a55a-b690-66e2ee720e87
Time: Tue Aug 27 2019 15:04:41 GMT-0300 (Argentina Standard Time)
Version: 13.0.10537.179
Cluster URI: https://wabi-south-central-us-redirect.analysis.windows.net

 

In Power BI Gateway, when I go after the error to check what happened I see the error:

 

DM.EnterpriseGateway Error: 0 : 2019-08-27T16:56:40.2205171Z DM.EnterpriseGateway 34362901-f01b-424a-9ae8-0e9510364300 16f95e75-ab83-0fa9-cc75-9f618e20c44e MDSR 16f95e75-ab83-0fa9-cc75-9f618e20c44e b9d649e9-a791-4276-9992-b88d811c90f3 b9d649e9-a791-4276-9992-b88d811c90f3 DDD37E27 [DM.GatewayCore] Error processing request: [0]Microsoft.PowerBI.DataMovement.Pipeline.Diagnostics.SAMLAssertionCertificateCanNotBeFoundException: Can not find SAML assertion certificate.
GatewayPipelineErrorCode=DM_GWPipeline_Gateway_SAMLAuthenticationCertificateCanNotBeFound
GatewayVersion=3000.5.185

 

And in Power BI Desktop I don't have any problem to create anything to HANA (but I'm not using this SSO so it's ok).

 

Can you help me to understand what "Can not find SAML assertion certificate" means and how I could solve it?

 

 

Meanwhile I've created a ticket to the Support team. I will complete this post if a find the solution.

2 REPLIES 2
Community Support Team
Community Support Team

Re: SAML SSO from Power BI to HANA on cloud

Hi,

 

Sorry I can't replivate your problem, hopefully there's hint from support team. 

Community Support Team _ Dina Ye
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
ext-fsatorra Frequent Visitor
Frequent Visitor

Re: SAML SSO from Power BI to HANA on cloud

Hi Dina,

 

Thank you for trying. 

 

Let me share my news... I was diving into the Gateway's log and specially in these lines:

 

DM.EnterpriseGateway Error: 0 : 2019-08-28T21:57:00.7587913Z DM.EnterpriseGateway 92ca4670-94d7-4570-a667-9d83f29a428c 5c0dce7d-c345-ece6-81b8-6e3fb2240276 MGCC 5c0dce7d-c345-ece6-81b8-6e3fb2240276 e79cdf55-fd2b-4e57-8304-8971148a3956 e79cdf55-fd2b-4e57-8304-8971148a3956 50700D05 [DataMovement.PipeLine.GatewayDataAccess] Couldn't find saml cert


DM.EnterpriseGateway Error: 0 : 2019-08-28T21:57:00.7637915Z DM.EnterpriseGateway 92ca4670-94d7-4570-a667-9d83f29a428c 5c0dce7d-c345-ece6-81b8-6e3fb2240276 MGCC 5c0dce7d-c345-ece6-81b8-6e3fb2240276 e79cdf55-fd2b-4e57-8304-8971148a3956 e79cdf55-fd2b-4e57-8304-8971148a3956 2C947EB8 [DM.Pipeline.Diagnostics] Exception object created [IsBenign=True]: Microsoft.PowerBI.DataMovement.Pipeline.Diagnostics.SAMLAssertionCertificateCanNotBeFoundException: Can not find SAML assertion certificate.; ErrorShortName: SAMLAssertionCertificateCanNotBeFoundException


DM.EnterpriseGateway Error: 0 : 2019-08-28T21:57:00.7827929Z DM.EnterpriseGateway 92ca4670-94d7-4570-a667-9d83f29a428c 5c0dce7d-c345-ece6-81b8-6e3fb2240276 MGCC 5c0dce7d-c345-ece6-81b8-6e3fb2240276 e79cdf55-fd2b-4e57-8304-8971148a3956 e79cdf55-fd2b-4e57-8304-8971148a3956 A14C45E8 [DM.Pipeline.Diagnostics] StackTrace: at Microsoft.PowerBI.DataMovement.Pipeline.Diagnostics.SAMLAssertionCertificateCanNotBeFoundException.TraceConstructor()


at Microsoft.PowerBI.DataMovement.Pipeline.Diagnostics.SAMLAssertionCertificateCanNotBeFoundException.ConstructorInternal(Boolean deserializing)


at Microsoft.PowerBI.DataMovement.Pipeline.GatewayDataAccess.SAMLSSOHelper.GetSignedXml(String effectiveUserName, String certThumbprint, Int32 driftTolerance, Int32 assertionLifetime)


at System.Lazy`1.CreateValue()


at System.Lazy`1.LazyInitValue()


at Microsoft.PowerBI.DataMovement.Pipeline.GatewayDataAccess.SAMLSSOHelper.GetSamlAssertion(String effectiveUserName, String certThumbprint, Int32 driftTolerance, Int32 assertionLifetime)


at Microsoft.PowerBI.DataMovement.Pipeline.GatewayDataAccess.MashupConnectionProviderBase.GetSamlMashupCredential(String effectiveUserName, String certThumbprint, Int32 driftTolerance, Int32 assertionLifetime)

 

 

As you can see,

  • first the Gateway gets the SAML Mashup Credential with the effective User Name (my email address) and the Thumbprint (the ID for the certificate we generated following the guide mentioned in my initial post), the method is GetSamlMashupCredential,
  • this method invokes another method called GetSamlAssertion which invokes another method with same parameters called GetSignedXml
  • and this method reaches an exception SAMLAssertionCertificateCanNotBeFoundException
  • so I think that the Thumbprint is could be wrong (I repeated these steps from the guide but I got same error),
  • or maybe some problem when accessing the credential or something else...

 

The Support team didn't answer yet.

 

Best regards,

Fer

Helpful resources

Announcements
Community Highlights

Community Highlights

Find out what's new in the Power BI Community!

Summit North America

Power Platform Summit North America

Register by September 5 to save $200

Virtual Launch Event

Microsoft Business Applications Virtual Launch Event

Watch the event on demand for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

MBAS Gallery

Watch Sessions On Demand!

Continue your learning in our online communities.

Top Kudoed Authors
Users Online
Currently online: 111 members 1,668 guests
Please welcome our newest community members: