on 10-18-2019 12:33 AM
Hello,
I've configured my AS JAVA application to use SAML2 with the goal of creating a logon ticket to be passed to my AS ABAP application (CRM in the browser).
The problem I'm running into is this (steps in order):
1) The SAML authentication is sent and a SAML response is received from the Identity Provider.
2) Upon receipt of the SAML response, the SAML2LoginModule is configured to take two attributes (R3User & SAP Client) and put those into a logon ticket to be sent to the ABAP application. This step fails.
3) in the JAVA log, two entries related to the SAML2LoginModule are found.
a) the first log entry says, LOGIN FAILED, details = Authentication Challenge due to missing credentials
b) the second log entry says: LOGIN OK, details - Consumed signed Assertion, and attributes and value equal correct SAP client and correct R3User ID that exists in the AS ABAP system.
So, what is confusing is that two SAML2 log entries say seemingly opposing things. The first fails with 'missing credentials' message and the second entry is OK with the expected SAML attributes being passed.
Further, when checking if a logon ticket is created, I do see that MYSAPSSO is both sent and received by the browser.
So, not sure what to change with regards to the SAML configuration to get this to successfully log the user into the AS ABAP system through the browser?
Any help, direction is appreciated.
Hi,
Setup is same as above with NW 750 JAVA SAML 2.0 SSO with ADFS
We are having similar error SAML 2.0LoginModule : Authentication challenge due to missing credentials .
We are using one non-prod ADFS sever for DEV/TEST/Sandbox SAP systems .
DEV system works with out issue but TST system errors out as above and all Idp setting in NW Java 750 is same
on DEV and TST SAP Systems
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.