cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Universal ID : SSO issue via Intranet

leonard123
Member

on ‎06-16-2022 2:50 AM

0 Kudos

Hi all,

I am having issue logging into SAP Support in office intranet (wired/wireless). No issue with home network and phone hot spot.

At the SAP universal ID screen, once I key my ID, it gets stuck and does not go into the screen which allows me to key in my password: screenshot

I have raised to my internal IT helpdesk, but they are unable to resolve the issue.

Question : Does anyone have the same issue and is able to resolve it? Or are there any logs we can capture to forward to the network and security team to check?

Regards,

Leonard

Show replies
Show replies
herbert_asendorf
Explorer
‎01-26-2023 9:40 AM
0 Kudos

We have the identical problem in our company (many users affected) and I think it started happening a couple of months ago but due to homeoffice regulations It might have been there even for longer.

When I am in the office and my notebook is connected to our company's network (wired/wireless) I cannot log it to the SAP support launchpad (SAP ONE Support Launchpad) or SAP for ME(SAP for Me - Your digital companion along your whole SAP customer journey).
Same as described above, the login screen where I enter my username is shown.
However, after entering my SAP Universal ID (E-Mail-Adresss) the screen to enter the password never comes up.
Tried Google Crome and Microsoft Edge - same behavior in both browsers.

As far as I am aware of, it only affects colleagues whose accounts have been switched to SAP Universal ID login.

Colleagues who still use the S00... Users do not have that problem.

To add one detail - when I am connected to our company's network via VPN, regardless of access from home or via a mobile hotspot, this problem does not come up.
So my workaround in office is to disconnect from the company network, setup a hotspot with my mobile, connects to the company network via VPN and then be able to use both the company systems and the SAP Support functions.
But the mobile network performance in our office is not really exciting, so that solution is anything but great. .

I also think it must be linked to some network setup within the company network which is blocking that second page to be shown. But so for no hint for things to check.

Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

herbert_asendorf
Explorer
‎05-23-2023 12:47 PM
0 Kudos

Yesterday, the problem came up again with one change in detail.

When I am connected to my company's network then the login is not possible.
It does no longer matter whether I am at home and use the VPN connection to be connected to my company's network or if I am in the office directly connected to the company network.

So in order to access SAP4me or the support launchpad, I have to completely disconnect from the company's network. (close VPN or use a mobile hotspot).

I have opened a ticket to the UID support via https://go.support.sap.com/contactus/#email and also created an HAR file according to the documentation in https://blogs.sap.com/2022/12/12/how-to-import-har-file/

However, i would like to point out that the description on how to create an HAR file does only show the process when you use the Google Crome Browser, which is a "non-standard" tool in my company.
We are supposed to use Microsoft Edge exclusively.
I recently got a new company notebook, and it would have been good not to have to install Chrome in order to be able to create the HAR file.

Regards, Herbert

Show replies
Show replies
SebastianSchuck
Active Participant
‎05-23-2023 4:55 PM
0 Kudos

Hey Herbert,

Universal ID switched to MtCaptcha as Captcha solution a few days ago. That resolved the issue some had with ReCaptcha but introduced new issues for people like yourself. The Universal ID team is trying to resolve the situation as soon as possible.

For instructions how to capture a HAR with Edge have a look at https://userapps.support.sap.com/sap/support/knowledge/en/3290099

Best,
Sebastian Schuck

herbert_asendorf
Explorer
‎05-24-2023 8:13 AM
0 Kudos

Hi Sebastian,

we were already suspecting something like this.
A colleague of mine showed me a login screen including a picture with an embedded code which was displayed on his computer during login to SAP universal ID.
So far, I have never seen this screen - neither when connected to my company network nor when logging in from outside.
As we are both in the same company network and we both have a company set up PC I still do not get why it is working for him and not for me.
Is there any way for me to go back from SAP universal ID to the previous authorization concept? It is really annoying to spend so much time trying to do something which should "just work".

Regards Herbert

SebastianSchuck
Active Participant
‎05-24-2023 10:15 AM
0 Kudos

Hey Herbert,

sorry for the inconvenience but there is no way to switch back to Recaptcha. Could you follow me at the community so I can reach out to you via the SAP community messaging system? Otherwise, we'll have to wait for your information to pass through the support.

Best,
Sebastian

herbert_asendorf
Explorer
‎05-24-2023 12:28 PM
0 Kudos

Actually, I thought of going back from SAP Unversal ID to the "old" login procedure - not sure how it is called.
It seems, that creating the SAP universal ID was a step into the wild....
So this announcement could almost be seen as a threat 😉

Not sure how the SAP community messaging system works - never used it.

I received a response following up on my reported issue from yesterday and have sent a response including the HAR-file.
Still waiting for a reaction to that.

herbert_asendorf
Explorer
‎01-31-2023 9:52 AM
0 Kudos

I did register a SAP incident for that purpose and got a similar response from there.(create a network trace file..)
Today I tried to reproduce this issue and create the network trace file but accidentially stumbled accross a "solution" which is working so well, that I cannot reproduce the problem any more - at least not today.


During login, I somehow ended up in the page https://accounts.sap.com/
Contrary to the login via the "normal" way, I was able to enter both username and password at the same time in this page.
And after this, any attempt to open the Support Portal skipped the authentication steps via the SAP Universal ID and I could access it without any problem.
This was browser - dependent.
So I had to authenticate via https://accounts.sap.com/ both in Edge and Chrome, but then no more issues came up.... not even after a restart of the computer....

Show replies
Show replies
SebastianSchuck
Active Participant
‎01-31-2023 7:21 PM
0 Kudos

Please note that accounts.sap.com is the domain of the SAP Identity Service (IAS) while account.sap.com (without an s) is the domain of SAP Universal ID. I would also prefer for UID to use a less easy to confuse domain. So please try to reproduce the issue with account.sap.com .

Your support ticket did already reach the right people and the whole Universal ID team appreciates your and other end-users help to resolve those kind of blockers on the road to a better user experience.

As mentioned you may be fine using the SAP Identity Service as it has fewer security requirements, being a legacy service. But as it's planned to shift more and more services over time to Universal ID you will not get around using it long term wise. And it would be great to resolve these kind of issues in advance.

So thanks again for your cooperation and patients.

Cheers,
Sebastian

herbert_asendorf
Explorer
‎02-02-2023 9:36 AM

Thanks Sebastian for explaining this difference and also making it clear that this "solution" is not going to work forever.

My problem is that due a relatively high percentage of "home office" I cannot reproduce this issue every day (as mentioned - I never faced this issue at home). (Next onsite day is next week)

However, as you explicitely mentioned it, the Google ReCaptcha functionality might be a trace to follow.
I realized, that when I am at home and try to log into SAP UID I have to go through this "PuzzleSolving" very often.
Pretty annoying about it is that I often have to solve a couple in a row, which also happens in cases where it is clear that the previous one cannot have been wrong.
And I never had this ReCaptcha popup coming up when I was logged into our company network.

So I might be, that the SAP UID login page tries to open a ReCaptcha-Page but our company network setup somehow prevents this from happening. (Which I am thankful for, if I am being honest, see above...)
That would be the cases, where the page seems to be loading something which never comes up.
Consequently, the (very limited) couple of cases, where I was able to login to the SAP UID in our company's network would have been a situation when the ReCaptcha - Function was skipped.

Does that make any sense to you?

SebastianSchuck
Active Participant
‎02-05-2023 6:40 PM
0 Kudos

Hey Herbert,

the UID team is aware that ReCaptcha can cause issues like these and tends to be rather annoying for some end-users. All I can tell you right now is that the team is looking into a solution to replace ReCaptcha.

Would still be great if you could provide the support with a network trace from inside your company's network. Just to ensure it's really down to ReCaptcha. And not something else the team needs to take care off.

Thanks for your cooperation,
Sebastian

herbert_asendorf
Explorer
‎02-06-2023 8:30 AM

Hey Sebastian,

thanks for re-confirming the ReCaptcha functionality as the potential root cause.
I will be in in the office tomorrow and try to reproduce the case there once more.
Today I am working from home and when I was using the support portal, no authorization procedure was requested from me and also the login to account.sap.com did not require special authentication.
However when I was explicitely logging off in account.sap.com I was able to activate the login procedure again.
I tried multiple times to log in and log off and every time I had to solve at least one puzzle.
What was interesting to me in that login procedure, that it always required the password entry twice.

First, I had to enter my username.
Second the password
Third ReCapacha - Solving (im my 4 Tests I always had to enter it but most of the times only once).
Fourth: Re-Enter the password

So this login procedure does not seem to behave identically to the situation when I am forwarded to the UID service by the system as a follow up to trying to open the SAP support launchpad. (https://launchpad.support.sap.com/).
There I do not even get to the page where I enter the password and from what I remember, I never had to enter the password twice when I used the function from home. Instead, directly after the username, the reCaptcha popup was shown, and only after that was I able to enter the password.

SebastianSchuck
Active Participant
‎02-06-2023 10:27 AM
0 Kudos

Thanks for the report. That's indeed an odd behavior and sounds like something got miss-configured. You should never have to enter your password twice during a normal login flow. I'll open a bug ticket to have it investigated.

Cheers,
Sebastian

herbert_asendorf
Explorer
‎02-07-2023 10:04 AM

Tried again today (in company network).

Login possble with SAP UID, both via the SAP Support launchpad and with the direct authentication https://account.sap.com.

The ReCaptcha screen was never displayed.

So I can confirm that if ReCaptcha is not active, I don't have a problem using the login procedure in my company network, but also I cannot create the trace file now.

SebastianSchuck
Active Participant
‎01-29-2023 5:51 AM
0 Kudos

Hey,

SAP Universal ID (UID) is using some more security mechanism (like Google ReCaptcha) than SAP Identity Service due to higher security requirements. Those can cause conflicts with some of SAP partner's security solutions. The SAP UID team tries to resolve those conflicts asap after they are made aware of the issues. However that can be technically rather "tricky" and sometimes takes longer than all parties involved would like.

If you run into these kind of issues please reach out to the UID support via https://go.support.sap.com/contactus/#email . The SAP UID team appreciates end-users providing network traces (HAR) with their reports. As with these kind of network setup related issues the team tends to have a hard time reproducing the issue. See https://blogs.sap.com/2022/12/12/how-to-import-har-file/ for instructions how to capture a HAR.

Best,
Sebastian

Show replies
Show replies
Ask a Question
Top Q&A Solution Author
View all