Customize SAP HANA Connections to Enable SAML Encryption

Version 1

    The HANA driver you use for SAML SSO with SAP HANA cannot encrypt the SAML assertion (it can encrypt passwords). This leaves SAML authentication vulnerable to eavesdropping. To address this, you can enable encryption for the SAML connections. This configuration change requires that SSL be enabled in HANA.


    You can enable encryption for the SAML connections in Tableau Server using a TDC file.


    Create a TDC File

    To enable encryption for SAML you need to customize the SAP HANA data source connection. To customize the connection, you create a .tdc file, specify the customization and set its value in the file, and then save the .tdc file in the appropriate directory.


    A .tdc file is an .xml file that applies to a single data source and contains vendor and driver names for the data source provider. For the SAP HANA data source connector, the vendor and driver name is saphana.


    Important: Tableau does not test or support .tdc files. Use these files sparingly as tools to explore or occasionally address issues with your data connection. Creating and maintaining .tdc files require careful editing, and Tableau does not support sharing these files.


    To create and save a .tdc file with the correct customization and value

    1. Open text editor such as Notepad.
    2. Copy the following .tdc file content, and then paste it into the new text file.
      <connection-customization class='saphana' enabled='true' version='9.0'>
        <vendor name='saphana' />
        <driver name='saphana' />
          <customization name='odbc-connect-string-extras' value='encrypt=true;' />
    3. Save the text file in a safe place with a .tdc extension, then copy it into one of the following folders on each Tableau Server node that is running VizQL Server or Backgrounder:

      • \Program Files\Tableau\Tableau Server\<version>\bin
        Example: C:\Program Files\Tableau\Tableau Server\9.1\bin
      • \ProgramData\Tableau\Tableau Server\data\tabsvc\vizqlserver\Datasources
        Example: C:\ProgramData\Tableau\Tableau Server\data\tabsvc\vizqlserver\Datasources

    : You need to restart Tableau Server to enable the change.