Our middle tier application is using SAML authentication to Hana for the second hop (the authentication from the middle tier to Hana).
If we pass the saml assertion/token as the password in the connection string, it will login using saml usually...
However, if the user who is logging in with a SAML assertion can login using Kerberos, then it will ignore the assertion we pass and login using Kerberos.
This is problematic because we don't want to login as the service user for the middle tier in this case. We can fix this issue by disabling Kerberos login for our service user, however there are times when we don't use SAML that we do want to login as the service user.
So the question is: how can we skip the attempt to login with Kerberos. Is there another parameter to pass to specify SAML only. I've looked at alot of documentation but can't find this.
Thanks.