Currently configuring SAP Cloud Platform Trust settings (for a sub-account) but cannot get the group assertion attributes to come through automatically. I can see the AD groups come through in the SAML trace however the correct security role is not being assigned. Additionally, when we configure additional group settings in ADFS I get the following error which basically stops access to all services in the sub-account which is really annoying.
I successfully login with my AD credentials but after that when re-directing to the service (e.g. Portal Service) it comes up with the above message.
There are a large amount of groups coming through from AD but cannot seem to authenticate properly.
Any help in mapping the assertion attributes and the group mapping would be appreciated. I've carried out this config many times with SCI and other iDP's but not with ADFS so need a little help!
Thanks & Kind Regards