Skip to Content

Group assertion attribute mapping for ADFS for SAP Cloud Platform trust settings

Hi

Currently configuring SAP Cloud Platform Trust settings (for a sub-account) but cannot get the group assertion attributes to come through automatically. I can see the AD groups come through in the SAML trace however the correct security role is not being assigned. Additionally, when we configure additional group settings in ADFS I get the following error which basically stops access to all services in the sub-account which is really annoying.

HTTP Status 500 - An internal application error occurred. Request: 793462237

I successfully login with my AD credentials but after that when re-directing to the service (e.g. Portal Service) it comes up with the above message.

There are a large amount of groups coming through from AD but cannot seem to authenticate properly.

Any help in mapping the assertion attributes and the group mapping would be appreciated. I've carried out this config many times with SCI and other iDP's but not with ADFS so need a little help!

Thanks & Kind Regards

Phil Cooley

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • Best Answer
    Mar 05 at 11:39 AM

    Hi

    I did resolve this so thought I would update the post with the answer. The AD groups must be entered in brackets with a $ at the end to distinguish the AD group from others passed in.

    You can see from the below that the AD group that needs to match the SAPCP security group has brackets and a $ sign. Also needs to be set to "regular expression".

    Hope this helps others!

    Thanks

    Phil Cooley


    Add comment
    10|10000 characters needed characters exceeded

  • Feb 26, 2018 at 11:47 AM

    Hi Phil,

    I have found the below link that describes how to configure the user attributes.

    https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/d361407d36c5443298a909acbbd96ec4.html?q=assertion%20attribute

    I hope this solves the issue you are having,

    Best regards,

    Gerald Fletcher

    Add comment
    10|10000 characters needed characters exceeded