Skip to Content
author's profile photo Former Member
Former Member

The SAML authentication doesn't work as expected with cordova


we're currently developing a sapui5 app on the SAP Cloud Platform.

In order to retrieve most of the information needed we're using an Java Server as middleware which is configured as a destination for our app.

Both app and destination are secured via the Cloud IDP using SAML.

On the web app loading the data with a POST Request using a JSONModel works perfectly fine.

In the Cordova app on the other hand side it throws an parsing error since the idp saml form is html and not valid JSON.

The registration of this app follows roughly the method of this blog:

Our app startup process in short:

var appId = "com.datatrain.mieterservices";

var context = {
    "serverHost": "",
    "https": true,
    "serverPort": "443",

    "auth": [ {
        "type": "",
        "config": { }
    } ],

    "custom": {
        "hiddenFields": ["farmId", "resourcePath", "securityConfig", "serverPort", "https"],
        "disablePasscode": true

sap.Logon.init(logonSuccessCallback, logonErrorCallback, appId, context);

function onSapLogonSuccessCallback() {
    sap.Logon.performSAMLAuth(function() {

        sap.ui.getCore().attachInit(function() {
            new sap.m.Shell({
                app: new sap.ui.core.ComponentContainer({
                    height : "100%",
                    name : "ourName"

    }, alert, context, appId);

As Logon.init already calls the ID, performSAMLAuth simply checks the Session and then calls the successcallback, here the sapui5 core init function. This is tested and works.

Still the first call to JSONModel.loadData will fail in the cordova app while working in the web app.

Running this snippet through the console showed different responses from the server:

var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
    console.log("READYSTATE " + xhr.readyState);
};"POST", '', true);

This is the result in the webapp and the cordova app are added as .txt files as they would have taken some space. (webappresult.txt, cordovaappresponse.txt)

In short: in the web app request it returns <expected data> and in the cordova app it returns <idp saml form html>.

Any ideas where this different results come from are highly appreciated.

Regards, Mino Böckmann

Add comment
10|10000 characters needed characters exceeded

0 Answers