Stretching access to training material in SAP Learning Hub

In this post I will explain how to access SAP Learning Hub (LH) training material PDFs that are not part of your subscription. You’ll need to have a valid LH solution subscription to be able to access training material not part of your subscription.

For those not familiar with LH: it provides access to a wide range of SAP training materials. This including the PDFs of the SAP education courses, like BC400. SAP is not providing these training materials for free. You need a LH subscription to access them. The price SAP asks for is high, but you get more than just PDFs: additional learning content, e-books, e-learnings or SAP system access. Albeit most people might book LH first of all because of the training course PDFs.

Subscriptions

Regarding the subscription, SAP Learning Hub is offered in several editions. Each one represents a subscription you have to buy. The solution editions are cheaper than the full LH subscription called professional edition that comes with all trainings.

Depending on the edition bought, you get access to different learning content (and PDFs). A functional consultant interested in FI related learning can book the solution edition for FI and gets access to different content than a developer that booked the solution edition digital platforms. Of course, it is possible to book the professional edition and get access to all available LH content. Why not only subscribe to the professional edition in the first place? Price.

Learning content

The content of each (solution) edition varies, giving you access to different trainings and material. If you are not interested in content for developers and not in FI content, you can save real money. Don’t buy the professional edition, go for the solution edition and save 1.2760 €. But, if you need access to several training contents that are not part of the same solution edition, you’ll have to go for the professional edition. To get a good overview of what is included in each edition, SAP provides an Excel file (yes, Excel and yes, activate macros).

The Excel file helps you to find a training, identify the delivery type (e-learning, e-book, etc.) and the technical course name. Let’s take for instance a course that is part of the professional edition, but not of the solution edition digital platform: AC522: Cost Object Controlling for Make-to-Order, Production Industries.

The course’s e-book is available in several languages (DE, EN, ES, RU) and is listed as available in the professional edition, but not in the edition for digital platforms.

Content access

Another view on the available courses in each edition is the LH search. LH allows to search for courses, independent if your subscription allows to access the course or not. By default, the filter is set to ensure that only courses you are allowed to access are show. For instance, searching for BC400 gives me several results.

And I can open the content and – if I want to – start the training.

Searching for ac522 with the filter for my LH subscription gives me no results. Of course, I am not allowed to access the course. It is not part of my subscription.

Clearing the LH subscription filter, thereby enabling the search for all available courses in LH, the search results for the course AC522 will be displayed.

Selecting the first tile gives me an error. This is how it should be.

Stretching content access

Enough high level talking, let’s do some sophisticated “hacking”. Let’s see how easy it is to access learning PDFs that are not part of your LH subscription. First, open the e-book of a course that is part of your LH subscription. I take BC400. Open the e-book.

Click the link. A new popup will open and start loading the PDF.

Open the browser developer tools (F12 or Ctrl+Shift+I) and open the tab Sources. This will reveal the HTML source as well as the PDF source.

Expanding the main node shows the complete path to the PDF.

Right click the file name BC400_DE_Col18.pdf and open the PDF in a new tab.

This opens the PDF in a new tab, without all the LH overhead.

This shows you also the actual URL to access the PDF: https://saplearninghub.plateau.com/icontent_e/CUSTOM_eu/sap/self-managed/PDF/BC400_DE_Col18.pdf

The last part of the URL is the technical name of the PDF: BC400_DE_Col18. This matches exactly the technical course information of the LH Excel file. Remember the values? For BC400:

For AC522:

For the AC522 course, the technical file name is: AC522_EN_Col15.pdf. Combine this with the URL of the BC400 course gives:

https://saplearninghub.plateau.com/icontent_e/CUSTOM_eu/sap/self-managed/PDF/AC522_EN_Col15.pdf

Calling this URL in the browser loads the following document:

Note: if this won’t work directly, first access a PDF you are allowed to access. You need to be signed in to the plateau service.

Congratulations. You just accessed the e-book of a course that is not part of your LH subscription. It is not just a teaser PDF. It is 152 pages with course content.

File access

Does this work with all PDF trainings listed in the Excel file? Basically yes. This seems to be the base URL of a folder where PDFs are stored. https://saplearninghub.plateau.com/icontent_e/CUSTOM_eu/sap/self-managed/PDF/

The file name of PDFs can be taken from the Excel file.

Combining these two pieces of information and you get a URL list. Example:

https://saplearninghub.plateau.com/icontent_e/CUSTOM_eu/sap/self-managed/PDF/ADM900_EN_Col19.pdf
https://saplearninghub.plateau.com/icontent_e/CUSTOM_eu/sap/self-managed/PDF/ADM910_EN_Col20.pdf
https://saplearninghub.plateau.com/icontent_e/CUSTOM_eu/sap/self-managed/PDF/ADM945_EN_Col23.pdf

And so on. There are hundreds of e-books listed in the Excel. Using wget or curl it is possible automate the download these. I did this once last August and to my surprise, it worked. I sent the requests one after another, no waiting, no different IP address. I did a bulk download of the files. Downloading 70+ GB of PDFs? No problem. No firewall, no logic blocking you, no one asking questions, no monitoring. Not all links worked, seems some files are removed, not available and returned 404. Even so, no blocking, nothing. The PDFs do not contain a watermark (at least I did not find one), I guess it is the same PDF file for everyone accessing it.

Summary

I reported my findings to SAP in August. 5 months later there is no permission check in place, or an update from SAP. Maybe it is not seen as an urgent issue, or the root cause is by design, taking longer than 5 months to fix. Honestly, besides wondering if the concept of role-based permissions reached all areas at SAP yet (we are only in the year 2023, they still have years until this gets important), I don’t think it is a high security risk at all. Personally, I think the PDF content should be made available for free. The only additional access you get is download PDFs from trainings that are not part of your subscription. Yes, you can save money by buying a cheaper solution subscription instead of the more expensive professional subscription. I doubt that there are many LH customers that go for a more expensive subscription just because one training is missing.

As a shareholder I somehow expect that SAP does a little bit more regarding security when it comes to offering a commercial service. For a company that wants customers to go buy and use their cloud solutions, offering basic security like role-based permissions or even basic authentication would be nice. At least you need to have a valid LH subscription in the first place to be able to download the PDFs.

Remember: LH is not just about the PDFs, it is also about e-learnings, webinars, groups and access to learning systems. You should by a subscription not only for the PDFs.

If I’d be a SuccessFactors customer that stores training material there, I’d ask SAP if the missing permission check is something to worry about for my own trainings.