Skip to Content
author's profile photo Former Member
Former Member

Need help on SAP SSO with SAML & SSO2

Dear expert,

We met an SSO issue on launchpad.

Here is our scenario and SSO structure. We use fiori launchpad to display all SAP apps.

1. When an user visit launchpad URL, URL will redirect user to identity provider (IDP) for SAML authentication.

2. Then IDP authenticate with SAML2.0 token back to gateway.

3. Gateway accept the SAML2.0 token and issue SSO2 logon ticket.

4. Use logon ticket to backend ABAP ERP system for transaction apps.

5. Use logon ticket to HANA system for factsheet.

Now the first step above is OK as SAML token can be authenticated back to gateway. But after that, the basic form authentication pop-up for user credential on both backend system and HANA, which should not. We found out that launchpad was stucked with error message "/sap/es/ina/GetServerInfo HTTP/1.1 401 Unauthorized" at ERP backend service "GetServerInfo". By checking the cookies, we found out that after SAML token accepted by gateway, gateway did not issue any MYSAPSSO2 ticket.

However, when we disabled SAML and use form authentication for launchpad, SSO2 logon ticket works perfectly among GW, ERP and HANA. So, there should be no issue configuration regarding SSO2 logon ticket in SAP GUI.

here is the system information:

GW: NW740 SP5

ERP: ECC6 on NW740 SP5

HANA: v70

Please kindly help us out on this issue. Please ask if other information is needed. thanks.

Best regards,

Xian' an

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Feb 26, 2014 at 04:58 AM

    hi

    issue has been resolved. We found the root casuse is that in service provider the legacy system issue logon ticket is not enabled. after enable it, SAML with SSO2 work successfully.

    Best regards,

    Xan' an

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Dear Xan' an

      We have exactly same issue...

      In our case backed system is SAP BO, as soon as we enable SAML2 in Fiori (GW) SSO from Fiori to BO stops working ..

      I am sorry I am not able to understand your following statement.... Could you please let me know exactly done or needs to be done to fix it ?

      "We found the root casuse is that in service provider the legacy system issue logon ticket is not enabled. after enable it, SAML with SSO2 work successfully"

      Regards,

      Kunal Salunkhe

  • author's profile photo Former Member
    Former Member
    Posted on Feb 25, 2014 at 06:58 PM

    This discussion thread belongs to the SAP NetWeaver Gateway space. For generic SSO related queries where portal is not involved the correct space is SAP NetWeaver Application Server. This space is for NetWeaver Single Sign-On (NWSSO, the separately purchasable product) topics only.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 25, 2014 at 11:46 PM

    Hi Xian'an,

    Have you checked the SAP Help for the SAML configuration?

    https://help.sap.com/saphelp_gateway20sp05/helpdata/en/c9/5f3f6b39724a4a91dcdfd05745e8e7/frameset.htm

    Peter

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.