UNPKG

hana-cli

Version:

HANA Developer Command Line Interface

sap-samples.github.io/hana-developer-cli-tool-example/

SAP-samples/hana-developer-cli-tool-example

134 lines (88 loc) 4.88 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# createJWT > Command: `createJWT` > Category: **Connection & Auth** > Status: Production Ready ## Description Create a JWT (JSON Web Token) provider and import its certificate into SAP HANA. This command configures JWT-based authentication by creating the provider, importing the certificate, creating a PSE (Personal Security Environment), and associating them. ### What is JWT Authentication? JWT (JSON Web Token) is a standard for securely transmitting information between parties. In SAP HANA, JWT authentication allows external identity providers (like XSUAA) to authenticate users without managing passwords in the database. ### How to Get Certificate and Issuer To obtain the certificate and issuer: 1. Get your XSUAA service key credentials 2. Find the `credentials.url` element (e.g., `https://<subdomain>.authentication.<region>.hana.ondemand.com`) 3. Add `/sap/trust/jwt` to the URL 4. Open in a browser to retrieve the certificate and issuer information ## Syntax ```bash hana-cli createJWT [name] [options] ``` ## Aliases - `cJWT` - `cjwt` - `cJwt` ## Command Diagram ```mermaid graph TD Start([hana-cli createJWT]) --> Input[JWT Provider Details] Input --> Name[Provider Name<br/>--name] Input --> Cert[Certificate<br/>--certificate] Input --> Issuer[Issuer URL<br/>--issuer] Name --> Connect[Connect to Database] Cert --> Connect Issuer --> Connect Connect --> Step1[Create Certificate<br/>from PEM] Step1 --> Step2[Create JWT Provider] Step2 --> Step3[Create PSE] Step3 --> Step4[Add Certificate to PSE] Step4 --> Step5[Set PSE Purpose to JWT] Step5 --> Complete([JWT Provider Configured]) style Start fill:#0092d1 style Complete fill:#2ecc71 ``` ## Parameters ### Positional Arguments | Parameter | Type | Description | |-----------|--------|------------------------------------------------------| | `name` | string | JWT Provider name (any descriptive value) | ### Options | Option | Alias | Type | Default | Description | |-----------------|----------|--------|---------|-----------------------------------------------------------------------------------| | `--name` | `-c` | string | - | JWT Provider name (any descriptive value, e.g., "MyApp_JWT") | | `--certificate` | `--cert` | string | - | Certificate in PEM format (can be multi-line string) | | `--issuer` | `-i` | string | - | Certificate issuer URL (e.g., `https://subdomain.authentication.region.hana.ondemand.com`) | ### Connection Parameters | Option | Alias | Type | Default | Description | |-----------|-------|---------|---------|------------------------------------------------------| | `--admin` | `-a` | boolean | `false` | Connect via admin (default-env-admin.json) | | `--conn` | - | string | - | Connection filename to override default-env.json | ### Troubleshooting | Option | Alias | Type | Default | Description | |---------------------|-----------|---------|---------|----------------------------------------------------------------------------------------------------------| | `--disableVerbose` | `--quiet` | boolean | `false` | Disable verbose output - removes all extra output that is only helpful to human readable interface | | `--debug` | `-d` | boolean | `false` | Debug hana-cli itself by adding output of LOTS of intermediate details | For a complete list of parameters and options, use: ```bash hana-cli createJWT --help ``` ## Examples ### Basic Usage ```bash hana-cli createJWT --name MyApp_JWT --issuer https://mytenant.authentication.us10.hana.ondemand.com --certificate "-----BEGIN CERTIFICATE-----\nMIIC...\n-----END CERTIFICATE-----" ``` Create a JWT provider with a name, issuer URL, and certificate. The certificate should be in PEM format. ### Using Certificate from File First, save your certificate to a file, then use command substitution: ```bash hana-cli createJWT --name MyApp_JWT --issuer https://mytenant.authentication.us10.hana.ondemand.com --certificate "$(cat mycert.pem)" ``` Load certificate content from a file. ### Interactive Mode ```bash hana-cli createJWT ``` Run without parameters to be prompted for each required value (name, certificate, issuer). ## Related Commands See the [Commands Reference](../all-commands.md) for other commands in this category. ## See Also - [Category: Connection & Auth](..) - [All Commands A-Z](../all-commands.md)