cancel
Showing results for 
Search instead for 
Did you mean: 

SAML based SSO in context of NWBC 4.0 Desktop

0 Kudos

I setup NWBC to SSO via SAML2 (OKTA as - Identity provider) with the help of my infrastructure team.

 

The web html version of NWBC via IE works absolutely fine including HTTP & HTTPS (with suggestions from Samuli kaski on this forum)

However, the NWBC 4.0 PL12 desktop version, is having issues. When I try the SAP system's SICF service URL, https://<ABAP AS>:44301/nwbc in the connection settings, the NWBC screen goes through the SAML/IDP authentication succesfully and then just hangs with a blank screen. Confirmed via fiddler

Set the trace level to VERBOSE and couldnt find anything that made sense to me in the trace files. I also setup the parameter AllowTemporaryConnections to True in the NwbcOptions.xml.template file on my client side.

I checked the note # 1378659 - NWBC known issues & what to check when opening a ticket

The NWBC 4.0 PL12 is the latest version, backened SAP_BASIS version is at NW 7.31 SP09 & Windows version is Windows 7

Any suggestions on this issue? Thanks in advnace.

Thanks

Dhee

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos
0 Kudos

Thanks Samuli, the note you suggested, solved the problem. Appreciate your help.

Do you have any suggestions for the NWBC SSO via the portal redirect app as discussed -

I have the same symptom, once I click on the connection in NWBC, it goes to the portal signs me in and just hangs at a blank page. However, if I cancel out of that and click on the connection again, it works.

Former Member
0 Kudos

What is the AS JAVA version including SP level?

Former Member
0 Kudos

Also do a Fiddler trace and see what is logged in defaultTrace.

Answers (2)

Answers (2)

0 Kudos

Hi Dhee,

We are working to enable SSO on SAP NWBC Desktop version through SAML 2.0.

Configured SAP ABAP as SP and OKTA is our Identify provider. Below are the configuration steps taken already? But still when we try to login through OKTA to NWBC Web version SSO is not working. It lands us again to the authentication page.

SAP ABAP on 731 SP07 release.

Steps Taken:

  • Activated all required SICF SAML services.
  • Enabled SAML transaction in ABAP Server.
  • Uploaded metadata.xml file generated from OKTA in SAP and vice versa but still no luck.

Please let me know if we are missing any configuration steps to be taken care from SP end?

Thanks in Advance

Sandeep

0 Kudos

Hi Sandeep, 

Try changing the Logon Data procedure in SICF for the NWBC service and try it.

Thanks
Dhee

0 Kudos

Thanks Dhee for your quick response.

The Logon Data procedure for the NWBC service is already set to the option mentioned.

Regards

Sandeep

0 Kudos

Were you able to trace it? post the trace log and thay may help.

Have you chosen all logon procedures in the screenshot I posted.

Check the endpoint path in the SAML settings are matching the same as OKTA.

Dhee


0 Kudos

Dhee,

I have not chosen "all logon procedures" option in sicf settings and also verified endpoint path in SAML are matching with OKTA.

Trace files are big , is it possible i can sent it over to your id separately.Please let me know your address i can forward to.

Thanks for your help

Sandeep

0 Kudos

Please find the Trace logs for NWBC and few observations that i made.

1. When trying to login through NWBC desktop , after manual authentication the screen goes blank.

2. Through Web version once login it generates (CX_NWB===CP) dump which may be also related to SAP Note 1888486 mentioned in this post already.Let me know if there is any other alternative to fix this issue.

Thanks for your help

Sandeep

=========> Loaded assembly: UIAutomationProvider, Version=3.0.0.0, Culture=neutral, PublicKeyToken=

10:19:08.218 [main]           UiUtil.EnsureCompletelyVisible {

10:19:08.219 [main]           UiUtil.EnsureCompletelyVisible {

10:19:08.219 [main]           } // UiUtil.EnsureCompletelyVisible => 449,118,550,605 => 449,118,550,605

10:19:08.219 [main]           } // UiUtil.EnsureCompletelyVisible [ /e 1.0ms ] =>  => 449,118,550,605

10:19:08.221 [main]           LogonShadow.CreateShadowWindows {

10:19:08.226 [main]           CanvasWindow.OnDeactivated: [ShellWindow: <null>] {

10:19:08.227 [main] .         ActiveWindow: b0b9c HwndWrapper[NWBC.exe;main;75eaa5c6-009e-4977-ac9b-59de11f8c4ce] - SAP NetWeaver Business Client

10:19:08.227 [main]           OnRefreshShadow: Deactivated {

10:19:08.227 [main]           } // CanvasWindow.OnRefreshShadow

10:19:08.227 [main]           } // CanvasWindow.OnDeactivated [ /e 1.0ms ]

10:19:08.241 [main]           } // LogonShadow.CreateShadowWindows [ /u 15.6ms /e 20.0ms ]

10:19:08.288 [main]           LoginScreen.SetWindowRegions {

10:19:08.290 [main]           } // LoginScreen.SetWindowRegions [ /e 2.0ms ]

10:19:08.290 [main]           SetWindowRegions : width=550 height=605 maximized=False

10:19:08.301 [main]           LoginScreen.OnLoginProcessStarted [main->main] {

10:19:08.301 [main] .         {11} LoginScreen.OnLoginProcessStarted [main->main]: set_Result:

10:19:08.301 [main] .         NotifyFinished

10:19:08.301 [main]           } // <>c__DisplayClassb.<BeginRun>b__a

10:19:08.317 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=about:blank {

10:19:08.317 [main]           } // LoginControl.OnLogonNavigate

10:19:08.327 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=about:blank {

10:19:08.328 [main]           } // LoginControl.CheckLogonComplete [ /e 1.0ms ] => Not Logged In.

10:19:08.329 [main]           LoginControl.OnLogonPageLoaded: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=about:blank {

10:19:08.331 [main]           } // LoginControl.OnLogonPageLoaded [ /e 2.0ms ]

10:19:08.344 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:08.346 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:08.348 [main] .         HTML/canvas delta size: 0x0

10:19:08.348 [main]           } // LoginScreen.<AdjustWindowSize>b__7 [ /e 2.0ms ]

10:19:08.348 [main] .         {12} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:08.348 [main] .         NotifyFinished

10:19:08.348 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /e 4.0ms ]

10:19:08.609 [main]           CookieStore.Add: URL=http://sid.org.net:8000/sap/bc/nwbc/TicketIssuer?required_abap_runtime_version=3.1.0&preferred_abap_... {

10:19:08.613 [main] .         ADDED new cookie: sap-login-XSRF_ECD[43]=20150...3d%3d (, domain sid.org.net, path /sap/bc/nwbc/TicketIssuer, httpOnly=True, secure: False, id: Browser #Internal)

10:19:08.613 [main]           } // CookieStore.Add [ /e 4.0ms ]

10:19:08.629 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=http://sid.org.net:8000/sap/bc/nwbc/TicketIssuer?required_abap_runtime_version=3.1.0&preferred_abap_... {

10:19:08.629 [main]           } // LoginControl.OnLogonNavigate

10:19:08.650 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=http://sid.org.net:8000/sap/bc/nwbc/TicketIssuer?required_abap_runtime_version=3.1.0&preferred_abap_... {

10:19:08.650 [main]           } // LoginControl.CheckLogonComplete => Not Logged In.

10:19:08.650 [main]           LoginControl.OnLogonPageLoaded: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=http://sid.org.net:8000/sap/bc/nwbc/TicketIssuer?required_abap_runtime_version=3.1.0&preferred_abap_... {

10:19:08.652 [main]           } // LoginControl.OnLogonPageLoaded [ /e 2.0ms ]

10:19:08.656 [main]           LoginControl.OnSubmitLogonData: URL=https://sid.org.net/sap/bc/nwbc/TicketIssuer?required_abap_runtime_version=3.1.0&preferred_abap_runt... Flags=64 TargetFrameName=<null> PostData=

Cancel=False {

10:19:08.656 [main]           } // LoginControl.OnSubmitLogonData [ /e 1.0ms ]

10:19:08.669 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:08.669 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:08.669 [main] .         HTML/canvas delta size: 0x0

10:19:08.669 [main]           } // LoginScreen.<AdjustWindowSize>b__7

10:19:08.669 [main] .         {13} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:08.670 [main] .         NotifyFinished

10:19:08.670 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /e 1.0ms ]

10:19:09.562 [7]             CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:09.563 [7] .           ADDED new cookie: oucqqvqvwazotuucoreduoaazvoyfwadeuaezzd[383]=POST%23xZA...%253D%253D (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:09.563 [7]             } // CookieStore.Add [ /e 1.0ms ]

10:19:09.563 [7]             CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:09.563 [7] .           ADDED new cookie: sap-usercontext[30]=sap-language=EN&sap-client=130 (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:09.563 [7]             } // CookieStore.Add

10:19:09.948 [7]             CookieStore.Add: URL=https://org.idp.com/login/login.htm?fromURI=/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAM... {

10:19:09.948 [7] .           ADDED new cookie: sid[0]=<empty cookie> (, EXPIRED, domain org.idp.com, path /, httpOnly=False, secure: False, expire date: 1/1/1970 12:00:10 AM, id: Browser #Internal)

10:19:09.948 [7]             } // CookieStore.Add

10:19:09.949 [7]             CookieStore.Add: URL=https://org.idp.com/login/login.htm?fromURI=/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAM... {

10:19:09.949 [7] .           ADDED new cookie: JSESSIONID[32]=3EBBEBC531B02D65C181B382FF86B981 (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:09.949 [7]             } // CookieStore.Add

10:19:10.065 [main]           CookieStore.Add: URL=https://org.idp.com/login/login.htm?fromURI=/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAM... {

10:19:10.065 [main] .         SKIP identical cookie: sid=

10:19:10.065 [main]           } // CookieStore.Add [ /e 1.0ms ]

10:19:10.065 [main]           CookieStore.Add: URL=https://org.idp.com/login/login.htm?fromURI=/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAM... {

10:19:10.065 [main] .         OVERWRITING Cookie: JSESSIONID[32]=3EBBEBC531B02D65C181B382FF86B981 (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:10.065 [main] .                      with: JSESSIONID[32]=3DBB5B2EE60BD7A5CDD1663F7E96F8C1 (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:10.065 [main]           } // CookieStore.Add

10:19:10.066 [main]           CookieStore.Add: URL=https://org.idp.com/login/login.htm?fromURI=/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAM... {

10:19:10.066 [main] .         ADDED new cookie: t[6]=spring (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:10.066 [main]           } // CookieStore.Add

10:19:10.066 [main]           CookieStore.Add: URL=https://org.idp.com/login/login.htm?fromURI=/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAM... {

10:19:10.066 [main] .         SKIP identical cookie: sid=

10:19:10.066 [main]           } // CookieStore.Add

10:19:10.122 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://org.idp.com/login/login.htm?fromURI=%2Fapp%2Ftemplate_saml_2_0%2Fk2rdb74tXNHJAQQAUNDL%2Fsso%... {

10:19:10.122 [main]           } // LoginControl.OnLogonNavigate

10:19:10.192 [main]           LoginControl.OnSubmitLogonData: URL=https://idp.org.net/IWA/ Flags=64 TargetFrameName=<null> PostData= Headers=Content-Type: application/x-www-form-urlencoded

Cancel=False {

10:19:10.192 [main]           } // LoginControl.OnSubmitLogonData

10:19:10.198 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://org.idp.com/login/login.htm?fromURI=%2Fapp%2Ftemplate_saml_2_0%2Fk2rdb74tXNHJAQQAUNDL%2Fsso%... {

10:19:10.199 [main]           } // LoginControl.CheckLogonComplete [ /e 1.0ms ] => Not Logged In.

10:19:10.200 [main]           LoginControl.OnLogonResponse: URL=https://org.idp.com/login/login.htm?fromURI=%2Fapp%2Ftemplate_saml_2_0%2Fk2rdb74tXNHJAQQAUNDL%2Fsso%... {

10:19:10.201 [main]           } // LoginControl.OnLogonResponse [ /e 1.0ms ]

10:19:10.201 [main]           LoginControl.OnLogonResponse: URL=https://org.idp.com/login/login.htm?fromURI=%2Fapp%2Ftemplate_saml_2_0%2Fk2rdb74tXNHJAQQAUNDL%2Fsso%... {

10:19:10.204 [main]           } // LoginControl.OnLogonResponse [ /e 3.0ms ]

10:19:10.223 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:10.224 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:10.224 [main] .         HTML/canvas delta size: 0x-523

10:19:10.224 [main]           } // LoginScreen.<AdjustWindowSize>b__7

10:19:10.224 [main] .         {14} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:10.224 [main] .         NotifyFinished

10:19:10.224 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /e 1.0ms ]

10:19:10.277 [main]           CookieStore.Add: URL=https://idp.org.net/IWA/ {

10:19:10.277 [main] .         ADDED new cookie: ASP.NET_SessionId[24]=fqln...dx2e (, domain idp.org.net, path /, httpOnly=True, secure: False, id: Browser #Internal)

10:19:10.277 [main]           } // CookieStore.Add

10:19:10.312 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://idp.org.net/IWA/ {

10:19:10.312 [main]           } // LoginControl.OnLogonNavigate

10:19:10.326 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://idp.org.net/IWA/ {

10:19:10.326 [main]           } // LoginControl.CheckLogonComplete => Not Logged In.

10:19:10.327 [main]           LoginControl.OnLogonResponse: URL=https://idp.org.net/IWA/ {

10:19:10.329 [main]           } // LoginControl.OnLogonResponse [ /e 2.0ms ]

10:19:10.329 [main]           LoginControl.OnLogonResponse: URL=https://idp.org.net/IWA/ {

10:19:10.329 [main]           } // LoginControl.OnLogonResponse

10:19:10.331 [main]           LoginControl.OnSubmitLogonData: URL=https://org.idp.com/login/sso_iwa_auth Flags=64 TargetFrameName=<null> PostData=48, 49 Headers=Content-Type: application/x-www-form-urlencoded

Cancel=False {

10:19:10.331 [main]           } // LoginControl.OnSubmitLogonData [ /e 1.0ms ]

10:19:10.340 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:10.340 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:10.341 [main] .         HTML/canvas delta size: -16x-576

10:19:10.341 [main]           } // LoginScreen.<AdjustWindowSize>b__7 [ /e 1.0ms ]

10:19:10.341 [main] .         {15} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:10.341 [main] .         NotifyFinished

10:19:10.341 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /e 1.0ms ]

10:19:11.247 [7]             CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:11.248 [7] .           SKIP identical cookie: sid=

10:19:11.248 [7]             } // CookieStore.Add [ /e 1.0ms ]

10:19:11.248 [7]             CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:11.248 [7] .           OVERWRITING Cookie: JSESSIONID[32]=3DBB5B2EE60BD7A5CDD1663F7E96F8C1 (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:11.248 [7] .                        with: JSESSIONID[32]=C42F5B0881BBDB2635B1A5334517B733 (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:11.248 [7]             } // CookieStore.Add

10:19:11.248 [7]             CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:11.248 [7] .           SKIP identical cookie: t=spring

10:19:11.248 [7]             } // CookieStore.Add

10:19:11.248 [7]             CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:11.248 [7] .           OVERWRITING Cookie: sid[0]=<empty cookie> (, EXPIRED, domain org.idp.com, path /, httpOnly=False, secure: False, expire date: 1/1/1970 12:00:10 AM, id: Browser #Internal)

10:19:11.248 [7] .                        with: sid[25]=s01Ci...jP-uQ (, domain org.idp.com, path /, httpOnly=False, secure: True, id: Browser #Internal)

10:19:11.248 [7]             } // CookieStore.Add

10:19:11.441 [main]           CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:11.442 [main] .         OVERWRITING Cookie: JSESSIONID[32]=C42F5B0881BBDB2635B1A5334517B733 (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:11.442 [main] .                      with: JSESSIONID[32]=29CA480C5F24A96476E6E826F78EA3D9 (, domain org.idp.com, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:11.442 [main]           } // CookieStore.Add [ /e 1.0ms ]

10:19:11.442 [main]           CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:11.442 [main] .         SKIP identical cookie: t=spring

10:19:11.442 [main]           } // CookieStore.Add

10:19:11.442 [main]           CookieStore.Add: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT/Crl3... {

10:19:11.443 [main] .         SKIP identical cookie: sid=s01CieulyTWR0en6CM1jjP-uQ

10:19:11.443 [main]           } // CookieStore.Add [ /u 15.6ms /e 1.0ms ]

10:19:11.453 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT%2FCr... {

10:19:11.453 [main]           } // LoginControl.OnLogonNavigate

10:19:11.516 [main]           LoginControl.OnSubmitLogonData: URL=http://sid.org.net:8000/sap/bc/nwbc/saml2/sp/acs/130 Flags=64 TargetFrameName=<null> PostData= 53, 1el=False {

10:19:11.516 [main]           } // LoginControl.OnSubmitLogonData [ /e 3.0ms ]

10:19:11.526 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT%2FCr... {

10:19:11.529 [main]           } // LoginControl.CheckLogonComplete [ /e 3.0ms ] => Not Logged In.

10:19:11.539 [main]           LoginControl.OnLogonResponse: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT%2FCr... {

10:19:11.542 [main]           } // LoginControl.OnLogonResponse [ /e 3.0ms ]

10:19:11.542 [main]           LoginControl.OnLogonResponse: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT%2FCr... {

10:19:11.543 [main]           } // LoginControl.OnLogonResponse [ /e 1.0ms ]

10:19:11.543 [main]           LoginControl.OnLogonResponse: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT%2FCr... {

10:19:11.544 [main]           } // LoginControl.OnLogonResponse [ /e 1.0ms ]

10:19:11.545 [main]           LoginControl.OnLogonResponse: URL=https://org.idp.com/app/template_saml_2_0/k2rdb74tXNHJAQQAUNDL/sso/saml?SAMLRequest=fZFRb4JAEIT%2FCr... {

10:19:11.546 [main]           } // LoginControl.OnLogonResponse [ /e 1.0ms ]

10:19:11.559 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:11.559 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:11.560 [main] .         HTML/canvas delta size: -16x-576

10:19:11.560 [main]           } // LoginScreen.<AdjustWindowSize>b__7 [ /e 1.0ms ]

10:19:11.560 [main] .         {16} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:11.560 [main] .         NotifyFinished

10:19:11.560 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /e 1.0ms ]

10:19:11.763 [main]           CookieStore.Add: URL=http://sid.org.net:8000/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:11.764 [main] .         ADDED new cookie: sap-login-XSRF_ECD[43]=20150...3d%3d (, domain sid.org.net, path /sap/bc/nwbc/saml2/sp/acs/130, httpOnly=True, secure: False, id: Browser #Internal)

10:19:11.764 [main]           } // CookieStore.Add [ /e 1.0ms ]

10:19:11.771 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=http://sid.org.net:8000/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:11.771 [main]           } // LoginControl.OnLogonNavigate

10:19:11.782 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=http://sid.org.net:8000/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:11.783 [main]           } // LoginControl.CheckLogonComplete [ /e 1.0ms ] => Not Logged In.

10:19:11.783 [main]           LoginControl.OnLogonResponse: URL=http://sid.org.net:8000/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:11.785 [main]           } // LoginControl.OnLogonResponse [ /e 2.0ms ]

10:19:11.785 [main]           LoginControl.OnLogonResponse: URL=http://sid.org.net:8000/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:11.785 [main]           } // LoginControl.OnLogonResponse

10:19:11.785 [main]           LoginControl.OnLogonResponse: URL=http://sid.org.net:8000/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:11.786 [main]           } // LoginControl.OnLogonResponse [ /u 15.6ms /e 1.0ms ]

10:19:11.786 [main]           LoginControl.OnLogonResponse: URL=http://sid.org.net:8000/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:11.786 [main]           } // LoginControl.OnLogonResponse

10:19:11.792 [main]           LoginControl.OnSubmitLogonData: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 Flags=64 TargetFrameName=<null> PostData=115,

10:19:11.793 [main]           } // LoginControl.OnSubmitLogonData [ /e 5.0ms ]

10:19:11.802 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:11.802 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:11.802 [main] .         HTML/canvas delta size: 0x0

10:19:11.802 [main]           } // LoginScreen.<AdjustWindowSize>b__7

10:19:11.802 [main] .         {17} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:11.803 [main] .         NotifyFinished

10:19:11.803 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /e 1.0ms ]

10:19:12.502 [main]           CookieStore.Add: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:12.502 [main] .         OVERWRITING Cookie: sap-login-XSRF_ECD[43]=20150...3d%3d (, domain sid.org.net, path /sap/bc/nwbc/saml2/sp/acs/130, httpOnly=True, secure: False, id: Browser #Internal)

10:19:12.502 [main] .                      with: sap-login-XSRF_ECD[43]=20150...3d%3d (, domain sid.org.net, path /sap/bc/nwbc/saml2/sp/acs/130, httpOnly=True, secure: False, id: Browser #Internal)

10:19:12.502 [main]           } // CookieStore.Add

10:19:12.514 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:12.514 [main]           } // LoginControl.OnLogonNavigate

10:19:12.635 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:12.640 [main]           } // LoginControl.CheckLogonComplete [ /e 5.0ms ] => Not Logged In.

10:19:12.641 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:12.644 [main]           } // LoginControl.OnLogonResponse [ /u 15.6ms /e 3.0ms ]

10:19:12.644 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:12.647 [main]           } // LoginControl.OnLogonResponse [ /e 3.0ms ]

10:19:12.647 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:12.650 [main]           } // LoginControl.OnLogonResponse [ /e 3.0ms ]

10:19:12.650 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:12.653 [main]           } // LoginControl.OnLogonResponse [ /e 3.0ms ]

10:19:12.654 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:12.657 [main]           } // LoginControl.OnLogonResponse [ /e 3.0ms ]

10:19:12.737 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:12.737 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:12.748 [main]           LoginScreen.SetWindowRegions {

10:19:12.749 [main]           } // LoginScreen.SetWindowRegions [ /e 1.0ms ]

10:19:12.749 [main]           SetWindowRegions : width=563 height=605 maximized=False

10:19:12.751 [main]           BrowserWrapper.ResizeChildren {

10:19:12.751 [main] .         BrowserWrapper: hwnd=A0EB6, new size={Width=561, Height=576}

10:19:12.751 [main] .         Resizing child #0

10:19:12.752 [main] .         Child: hwnd=80E98, current size={Width=548, Height=576}

10:19:12.754 [main]           } // BrowserWrapper.ResizeChildren [ /u 15.6ms /e 3.0ms ]

10:19:12.780 [main] .         HTML/canvas delta size: 13x0

10:19:12.780 [main]           } // LoginScreen.<AdjustWindowSize>b__7 [ /u 15.6ms /e 43.0ms ] =>  NewWidth=563

10:19:12.781 [main] .         {18} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:12.781 [main] .         NotifyFinished

10:19:12.781 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /u 15.6ms /e 44.0ms ]

10:19:20.244 [main]           Closing balloon tooltip {

10:19:20.261 [main]           } // NwbcTrayIcon.<InitTrayIcon>b__1 [ /e 17.0ms ]

10:19:21.488 [main]           LoginControl.OnSubmitLogonData: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 Flags=320 TargetFrameName=<null> PostData=70, Headers=Content-Type: application/x-www-form-urlencoded

Cancel=False {

10:19:21.489 [main]           } // LoginControl.OnSubmitLogonData [ /e 5.0ms ]

10:19:22.330 [9]             CookieStore.Add: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.330 [9] .           OVERWRITING Cookie: sap-login-XSRF_ECD[43]=20150...3d%3d (, domain sid.org.net, path /sap/bc/nwbc/saml2/sp/acs/130, httpOnly=True, secure: False, id: Browser #Internal)

10:19:22.330 [9] .                        with: sap-login-XSRF_ECD[1]=0 (, EXPIRED, domain sid.org.net, path /sap/bc/nwbc/saml2/sp/acs/130, httpOnly=False, secure: False, expire date: 1/1/1980 12:00:01 AM, id: Browser #Internal)

10:19:22.330 [9]             } // CookieStore.Add

10:19:22.330 [9]             CookieStore.Add: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.331 [9] .           ADDED new cookie: MYSAPSSO2[620]=AjQxMDMBAB...cJvQ%3d%3d (, domain .dolby.net, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:22.331 [9]             } // CookieStore.Add [ /e 1.0ms ]

10:19:22.331 [9]             CookieStore.Add: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.331 [9] .           ADDED new cookie: SAP_SESSIONID_ECD_130[46]=UCKvDaJBUdkDBOyr4ckjloLC4C6orBHkiZ0AUFapNEw%3d (, domain sid.org.net, path /, httpOnly=False, secure: False, id: Browser #Internal)

10:19:22.331 [9]             } // CookieStore.Add

10:19:22.530 [main]           CookieStore.Add: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.530 [main] .         ADDED new cookie: sap-contextid[1]=0 (, EXPIRED, domain sid.org.net, path /sap/bc/nwbc/saml2/sp/acs/130, httpOnly=False, secure: False, expire date: 1/1/1980 12:00:01 AM, id: Browser #Internal)

10:19:22.530 [main]           } // CookieStore.Add

10:19:22.575 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.575 [main]           } // LoginControl.OnLogonNavigate

10:19:22.590 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.591 [main]           } // LoginControl.CheckLogonComplete [ /e 1.0ms ] => Not Logged In.

10:19:22.591 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.592 [main]           } // LoginControl.OnLogonResponse [ /e 1.0ms ]

10:19:22.593 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.594 [main]           } // LoginControl.OnLogonResponse [ /e 2.0ms ]

10:19:22.594 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.594 [main]           } // LoginControl.OnLogonResponse

10:19:22.594 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.595 [main]           } // LoginControl.OnLogonResponse [ /e 1.0ms ]

10:19:22.595 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.595 [main]           } // LoginControl.OnLogonResponse

10:19:22.595 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130?sap-system-login=X&sap-system-login-cookie=X&sap-co... {

10:19:22.595 [main]           } // LoginControl.OnLogonResponse

10:19:22.600 [main]           LoginControl.OnSubmitLogonData: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 Flags=64 TargetFrameName=<null> PostData=115,  Cancel=False {

10:19:22.600 [main]           } // LoginControl.OnSubmitLogonData [ /e 3.0ms ]

10:19:22.609 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:22.609 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:22.610 [main] .         HTML/canvas delta size: 0x0

10:19:22.610 [main]           } // LoginScreen.<AdjustWindowSize>b__7 [ /e 1.0ms ]

10:19:22.610 [main] .         {19} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:22.610 [main] .         NotifyFinished

10:19:22.610 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /e 1.0ms ]

10:19:28.637 [main]           LoginControl.OnLogonNavigateError: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.641 [main] E         Login.OnLogonNavigateError => StatusCode =  500

10:19:28.643 [main]           } // LoginControl.OnLogonNavigateError [ /e 6.0ms ]

10:19:28.656 [main]           LoginControl.OnLogonNavigate: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.656 [main]           } // LoginControl.OnLogonNavigate

10:19:28.663 [main]           LoginControl.CheckLogonComplete: sender=com.sap.nw.nwbc.browser_com.implementation.controls.InternalBrowser URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.663 [main]           } // LoginControl.CheckLogonComplete => Not Logged In.

10:19:28.664 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.671 [main]           } // LoginControl.OnLogonResponse [ /e 7.0ms ]

10:19:28.671 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.671 [main]           } // LoginControl.OnLogonResponse

10:19:28.671 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.671 [main]           } // LoginControl.OnLogonResponse

10:19:28.672 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.672 [main]           } // LoginControl.OnLogonResponse

10:19:28.672 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.672 [main]           } // LoginControl.OnLogonResponse

10:19:28.673 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.673 [main]           } // LoginControl.OnLogonResponse

10:19:28.673 [main]           LoginControl.OnLogonResponse: URL=https://sid.org.net/sap/bc/nwbc/saml2/sp/acs/130 {

10:19:28.673 [main]           } // LoginControl.OnLogonResponse

10:19:28.680 [main]           LoginScreen.AdjustWindowSize [main->main] {

10:19:28.680 [main]           LoginScreen.<AdjustWindowSize>b__7 {

10:19:28.689 [main]           LoginScreen.SetWindowRegions {

10:19:28.690 [main]           } // LoginScreen.SetWindowRegions [ /e 1.0ms ]

10:19:28.690 [main]           SetWindowRegions : width=563 height=744 maximized=False

10:19:28.720 [main] .         HTML/canvas delta size: -33x139

10:19:28.720 [main]           } // LoginScreen.<AdjustWindowSize>b__7 [ /k 31.2ms /e 40.0ms ] =>  NewHeight=744

10:19:28.720 [main] .         {20} LoginScreen.AdjustWindowSize [main->main]: set_Result:

10:19:28.720 [main] .         NotifyFinished

10:19:28.720 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /k 31.2ms /e 40.0ms ]

10:19:59.375 [main]           WM_EXITSIZEMOVE {

10:19:59.375 [main]           LoginScreen.SetWindowRegions {

10:19:59.377 [main]           } // LoginScreen.SetWindowRegions [ /e 2.0ms ]

10:19:59.377 [main]           SetWindowRegions : width=563 height=744 maximized=False

10:19:59.386 [main]           } // LoginScreen.WndProc [ /k 15.6ms /e 11.0ms ]

10:19:59.404 [main]           LoginScreen.WndProc [main->main] {

10:19:59.405 [main] .         {21} LoginScreen.WndProc [main->main]: set_Result:

10:19:59.405 [main] .         NotifyFinished

10:19:59.405 [main]           } // <>c__DisplayClassb.<BeginRun>b__a [ /e 1.0ms ]

0 Kudos

I would suggest implementing the note as that's what solved my issue..

0 Kudos

I did implemented this note but still no luck getting the same dump and also i can see below error in system logs generated.

SAML: Path "/sap/bc/nwbc/saml2/sp/acs/130", Code 222, Class SAML, Number 011, Text: Error when logging on for external ID "": Error during SAML 2.0 logon

Former Member
0 Kudos

Hi Sandeep,

Did you ever resolve your error? Error when logging on for external ID ""

-Brian

0 Kudos

Hi Brian,

Yes , i did resolved this error by entering correct Default application path in SAML2 transaction for the requested application.

- Sandeep

0 Kudos

Hi Samuli,

Sorry for the late reply. I missed your message somehow. We are at NW 7.31 SP08 AS Java.  I did do a fiddler trace

Via IE browser it works as expected and launches the HTML NWBC version.

Via NWBC -

http://<as abap hostname>:<icm port>/nwbc/TicketIssuer?required_abap_runtime_version=3.1.0&preferred_abap_runtime_version=3.5.0&nwbc_runtime_version=4.0&sap-nwbc-supportbits=0F&NWBC_avoidCache=173818189&sap-user=<username>&sap-client=300&sap-language=EN

This is the first URL it hits from NWBC. That is the only difference, rest all is similar to how it is in aIE browser.

No errors or trace in defaulttrace of the portal.

Former Member
0 Kudos

Hi Dhee,

   I am working on the NWBC SSO project with OKTA as identity provider.

    I am new for this OKTA tool. Please guide me with some steps on OKTA and as well as steps on SAP ABAP side.

Appreciate your help on this..

Thank you,

Suresh

0 Kudos

Hi Suresh,

At our company, I do not maintain the OKTA, but I did work with the admin who maintained it. What exactly are you looking to do? Is it for NWBC Client version or web version?

You have to enable SAML 2.0 on the AS ABAP so it acts as the service provider and generate the metadata.xml file and import it on the OKTA IP settings. Not sure where exaclty that is done.

Once that is done, request for a metadata.xml file from OKTA identiry provider and import it into the AS ABAP under SAML2 Config and Trusted procviders. You would also need to provide the OKTA with the NWBC URL that you will be calling so the SAML insertion takes place.

This is the high level setup. However, if you are having specific questions, let me know and I will try to answer.

Enable the SAML2 service in SICF under /sap/bc/webdynpro/sap/saml2

Procedure

.Start the SAML 2.0 configuration application (transaction SAML2).

If you have never configured your system for SAML 2.0, the system displays the following message:

Client <client_number> is not configured to support SAML 2.0.

Choose the Enable SAML 2.0 Support pushbutton.

Enter a name for the provider.

Continue through the configuration wizard and enter data as desired.

For more information, see Configuring AS ABAP as a Service Provider.

Choose the Finish pushbutton.

Activate the necessary Internet Communication Framework (ICF) services.

To use the service provider, you must manually activate the following two ICF services:

•/default_host/sap/public/bc/sec/saml2

•/default_host/sap/public/bc/sec/cdc_ext_service


Thanks

Dhee