Skip to Content
0

Acesss Fiori Launchpad through SCP Indentity Authentication

Jan 24 at 08:37 PM

132

avatar image

I have now successfully setup SCP Identity authentication.

Could you please explain why I can't access access the following Fiori Launchpad (?

Error message is "Oops Site not found Sorry about this.
Either the site doesn't exist, or you don't have sufficient privileges to access it.
For more information, please
click here"

https://flpnwc-adddcbbb0.dispatcher.hana.ondemand.com/sites/adminspace

While this app (Included in the Launchpad) is fine

https://rsacreatesurvey-adddcbbb0.dispatcher.hana.ondemand.com/index.html

I could access the Launchpad fine before the authentication was setup.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Marko Sommer
Jan 26 at 12:52 PM
1

Well delegating to a custom IAS tenant instead of SAP ID service means of course that different user information is likely conveyed via the SAML assertion to the application.

In case NameID format is defined in both scenarios configured to email, then there is a chance that the user can also be identified when authenticating with a custom tenant. But it also depends on the 'local' user config on FLP side.

I recommend to investigate the SAML assertion and escpecially have a look at the NameID information.
You may do this best with the SAML tracer - a Firefox add-on.

Share
10 |10000 characters needed characters left characters exceeded
Adam Harkus Jan 26 at 03:07 PM
0

I've worked this out now... The SAP identity provider provides a Pnumber for the users... e.g. P000001.

You simply set this up in the roles for the Service, include SAP Web IDE and Bingo!

It works fine...

However, how do we use are existing On-Premise logins. E.g. I have as SAP login of an alpha-numeric string.

Do we need to use the our own ID provider to do this?

Share
10 |10000 characters needed characters left characters exceeded
Aisurya Puhan Feb 01 at 05:49 PM
0

Hi,

Follow the details as below and it will start working :

  1. Create a Group in IDP and assign to the users in it.For ex : PortalAdmin
  2. Create a Group in SCP (Authorization->Trust->Groups) For Ex : PortalAdmin
  3. Do the mapping in Trust settings of SCP .Refer the below SS

  4. Assign the group PortalAdmin to the roles(WEB_CONTENT_EDITOR,TENANT_ADMIN) in Configure portal of Portal Service.Refer the below SS.

Logout SCP and relogin to the Portal Service it should work. :)


assertion.jpg (19.8 kB)
roles.jpg (58.3 kB)
Share
10 |10000 characters needed characters left characters exceeded