on 03-29-2020 10:45 AM
Hello SAP CP Cloud Foundry SAML Experts,
I've successfully setup my SAP Cloud Platform Cloud Foundry Trial Environment to use my Azure Active Directory (Azure AD) for the authentication of users. Now I want also to try Azure AD B2C. I've configured my tenant according to the guide Register a SAML application in Azure AD B2C. It works just fine using the Neo environment. But unfortunately in Cloud Foundry I get the following error message when I try to authenticate:
Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Requester, status message is Invalid signature.
Looking forward for your input.
Best regards
Gregor
CC: iinside mariusobert hobruche
Hi Gregor,
hope you are doing good! Long time no see!
I checked out your scenario with a B2C tenant on my side and my CF Trial account. After some edits in the manifest file of the registered app in the B2C tenant I was able to successfully federate the CF subaccount with my tenant. Here is a short summary of what I did in the app manifest (in Azure Portal under <Your B2C tenant> -> App registrations (preview) -> <Your app> -> Manifest):
{
"url":"https://4457e38dtrial.authentication.eu10.hana.ondemand.com/saml/SSO/alias/4457e38dtrial.aws-live-eu10",
"type":"Web"
}
Hope this helps to get setup working. Otherwise let me know and we can setup a short call 😉
Best regards
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Martin,
great to get a reply from you. I'm doing great. Hope you like your new position at Microsoft :-).
I've already got this entries in my Azure AD B2C App Manifest. The bit strange thing is that in my S-User but also My P-User Trial the URL for the authentication is https://<User>trial-01.authentication.eu10.hana.ondemand.com instead of https://<User>trial.authentication.eu10.hana.ondemand.com.
Looking forward to talk to you directly.
CU
Gregor
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.