Skip to Content

SAML + SMP + 403 Forbidden

Dear Experts,

We are tying to do SAML Configurations with SMP and setup the trust between SMP and ADFS System via metadata file exchange. When I am trying to do a registration from REST Client,

The App Registration is able to redirect to our ADFS System and able to login successfully. But after login, we get error 403 forbidden.

https://SMPHOST:8081/odata/applications/latest/com.saml.logon/Connections

Screen flow as below which is redirected to ADFS:

After successful login, I get :

I am able to capture the APPCID and SMPSession via SAML Trace and If I continue to do registration on Rest client i get following error:

I have followed the below documents:

http://scn.sap.com/community/developer-center/mobility-platform/blog/2015/07/04/smp-3-security--configuration-of-saml2-authentication

WIKI GUIDE

I have also seen the OSS Note: 2163908

and I am trying to do a Fiori client with SAML and I get 403 after login success similar error. Any suggestions.

Any suggests on the 403 and unable to redirect?

Regards,

Nagesh

saml.png (62.1 kB)
pastedImage_0.png (10.5 kB)
pastedImage_1.png (13.9 kB)
Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    Mar 30, 2016 at 08:57 PM

    Check you backend server, looks like you have a sicf service that's not active, or maybe on ADFS,

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 30, 2016 at 06:25 PM

    You may try to get a FIddler trace with Fiori Client (How to Capture Fiori Client Mobile Device Traffic using Fiddler - SAP Mobility - SCN Wiki). Make sure you are using the latest SDK for a Custom Client or the latest on the App Store.

    Regards,

    Kevin

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 31, 2016 at 02:44 AM

    Hi Nagesh,

    According the trace you are getting, have you checked your browser javascript configuration?

    How to enable JavaScript in your browser and why

    Best Regards,

    Emanuel

    Add comment
    10|10000 characters needed characters exceeded