We are currently using basic authentication in our python connectors to SAP HANA. In our current connection string, we use SQLAlchemy and it looks something like this:
def get_engine(host_name):
return create_engine('hana://{user}:{password}@{host_name}:{port}/HUP'.format(
user=request.json['username'],
password=base64.b64decode(bytes(request.json['password'], encoding='utf-8')).decode('utf-8'),
host_name=host_name,
port=current_app.config['HANA_PORT']
)
)
We now need to transition into using HANA Oauth so it's no longer necessary to input the username and password into the connection string. Ideally, there should be a way to input the JWT into the connection details. I can't find much in the way of resources online that really illustrate how to create a Python based connector with HANA that uses Oauth. Any help here would be greatly appreciated.
Type 'cmd' in the search option and then type 'python –version' to see the version of the python installed. NWRFCSDK Installation (SAP website):
SAP HANA Security is protecting important data from unauthorized access and ensures that the standards and compliance meet as security standard adopted by the company. SAP HANA provides a facility i.e. Multitenant database, in which multiple databases can be created on single SAP HANA System.
The following steps create a simple Python app that can connect to and query an SAP HANA database. The first step is to check if Python is installed. Enter the commands below. If Python is installed, the command will return a value such as Python 3.9.0. Use whichever command returns a Python 3.4 or greater version number.
If you have not used the SAP HANA client for Python, check out the Connect to SAP HANA Using Python tutorial. There are multiple ways to gather this information depending on which version of HANA you are using. If you are using HANA as a Service, you can find endpoint information in the SAP HANA Service Dashboard.
To connect to a SAP HANA as a Service or HANA Cloud instance you must specify ENCRYPT=True in your connection parameters to enable TLS encryption as these services do not allow unencrypted connections. Different cryptographic providers are available depending on the platform.
If you are using SAP HANA, express edition, the host and port by default are hexehost and 39015. Do you have the following information ready? Before proceeding, test out the connection parameters. Knowing that these parameters are correct can make debugging in the coming steps much easier.
I set it up like so..
Identity Provider
(IdP) to the Database. Your json config
via xs-security
will allow for scope of permissions.First download the Python: sap_xssec
lib. It should allow you to get at attributes for JWT token.
Second, setup your Service & security
//import these lib. after downloading
from sap import xssec
from cfenv import AppEnv
// get your env.
myEnv = AppEnv()
// get your UAA service
myService = myEnv.get_service(name='<uaa_service_name>').credentials
// now your JWT access token for
contextWithAccessToken = xssec.create_security_context(access_token, myService)
Next configure your xs-security
file
Example xs-security.json File
{
"xsappname" : "node-hello-world",
"scopes" : [ {
"name" : "$XSAPPNAME.Display",
"description" : "display" },
{
"name" : "$XSAPPNAME.Edit",
"description" : "edit" },
{
"name" : "$XSAPPNAME.Delete",
"description" : "delete" }
],
"attributes" : [ {
"name" : "Country",
"description" : "Country",
"valueType" : "string" },
{
"name" : "CostCenter",
"description" : "CostCenter",
"valueType" : "int" }
],
"role-templates": [ {
"name" : "Viewer",
"description" : "View all books",
"scope-references" : [
"$XSAPPNAME.Display" ],
"attribute-references": [ "Country" ]
},
{
"name" : "Editor",
"description" : "Edit, delete books",
"scope-references" : [
"$XSAPPNAME.Edit",
"$XSAPPNAME.Delete" ],
"attribute-references" : [
"Country",
"CostCenter"]
}
]
}
// Get the user values ready for your env. XS_APPLICATIONUSER
or $env.user.value
Setup you @sap/hana-client call
With the connection.session.XS_APPLICATIONUSER = <JWT TOKEN>;
Dont forget to setup sap-jwt/py-jwt
library for validation of the jwt token
Just set
USE_SAP_PY_JWT = true
You are done!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With