Skip to Content
author's profile photo Former Member
Former Member

SAML SSO Problem using SUN Access Manager


I got some problems when testing the SAML SSO functionality according to the document [|]

Identity Provider: SUN Access Manager 7.1 under Windows 2003

Service provider: SAP JAVA WAS 6.40 SP19

After both sides configuration I tried the SSO using the URL as follows:

In the Virtual Administrator I had already configured SAMLLoginModule at the place with the flag SUFFICIENT in the Basic template. After successfully authenticated to the Access Manager I was redirevted to the following URL where unwanted logon window (to SAP J2EE Engine) is shown again:

Could anybody give me some hints, why the SSO fails or how to debug the problem? If needed, I could provide more info about my system configuration.



Add comment
10|10000 characters needed characters exceeded

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Mar 17, 2008 at 04:32 PM

    I traced that Sun AM had sent the SAML assertion to SAP, and according to the assertion I would guess the problem is regarding the NameIdentifier. Intentially when I created SAP as the trusted partner in Sun AM I had configured to use the class provided from [|]: to generate the required NameIdentifier, which in this case should be binwang instead of id=binwang,ou=user,dc=sample,dc=com.Any idea how to solve this problem here?

    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="

    sba84ca9dad01f929deba8796d887bd3bfaf8972501" Issuer="" IssueInstant="2008-03-16T19:08:08Z">

    <saml:Conditions NotBefore="2008-03-16T19:05:08Z" NotOnOrAfter="2008-03-16T19:15:08Z" >


    <saml:AuthenticationStatement AuthenticationMethod="urn:com:sun:identity:DataStore"



    <saml:NameIdentifier NameQualifier="dc=sample,dc=com">id=binwang,ou=user,dc=sample,dc=com







    <saml:SubjectLocality IPAddress="" />



    Add comment
    10|10000 characters needed characters exceeded