I am testing the SSO authentication on SAP HANA 2 with XSA and Azure Active Directory (AAD) as IDP, and the result is quite discouraging. Even if the configuration of the systems is simple, the problem is that user identifier configured in AAD is misinterpreted by HANA with XSA, whereas it is correctly interpreted by HANA with XSC. Looking at the configuration on Azure
you can see that the exact mail prefix is used, but when I sign-in through AAD on HANA with my account (DTOSATO@) the result on azure is as follow
Since, my user is not "5PRfJbLrfKuEem_B1VeUaxMO2sBHe_oTYuJCXLc91Oc" I can imagine that this is a new HANA user (created dynamically). The funny thing is that if I change the user identifier configured into AAD to "user.userprincipalname", I obtain the following result.
It seems that "user.userprincipalname" is the email, why?!. Moreover, even guessing the "right" combination of parameters (see the following image)
AAD sends to HANA the lower-case version of the email I configured into Azure (which is shown in the following image).
Thus, the authentication process fails because the matching performed by HANA is case sensitive and it assumes that users name must be upper-case as you see in the image below.
So, apparently it is not possible to login with SSO with HANA 2 + XSA and AAD. Is that right?
