We have configured an HR Portal (SAP Fiori) for many SAP-Users. For authentification we use SSO with SAML 2.0
When a user is not able to log on SAP Fiori launchpad, we make an active saml-trace to check the status in saml response to get the reason.
So far so good.
Because we don't want to make a trace for every SAP-User or to switch on the trace all the time (performance problem), who is not able to access the sap fiori launchpad, is there a possibility to save the saml response in a table or a log file or to read the saml response when SAP-User will access to sap fiori launchpad?
I have checked the possibility to extend the handler method "CL_HTTP_EXT_SAML20" of sicf-Service "saml2", but i have realized, that this method will not be called when calling the launchpad URL.
I would be happy if anybody has an idea to solve the problem.
Thanks,
Best regards,
Danny
1 Answer
-
Posted on Jul 17, 2020 at 11:17 AM
Hi Danny,
I'm helping my clients quite often to implement SAML authentication for their SAP NetWeaver ABAP systems. But I needed the sec_diag_tool only for the troubleshooting during setup. When a SAML authentication works with a given identity provider it works for all users. Of course you need to make sure in advance that the attribute you use for mapping from the i.e. NameID assertion is available in the SAP Users master data. But that is a topic for Central User Administration (CUA) or an Identity Management solution.
Maybe you can describe what issues you're thinking about.
Best regards
GregorAdd a comment
Add a comment