Skip to Content

SAML help needed

We are trying to configure SAML as a method to authenticate into the portal. I've gone through the documentation and the various blogs, and configured everything. The SAML authentication server is a custom written .net application.

It seems like its very close to working, but I don't really know how to troubleshoot the process any further. Here is what we are seeing:

1) The user connects to a URL on the SAML authentication server

2) The authentication server adds a 'TARGET=' and a 'SAMLart=' to the query string and redirects to http://portalserver/saml/receiver

3) The portal validates the artifact (if the SAMLart is malformed, an error is thrown)

4) Portal redirects to the specified TARGET

5) The webservice specified in the HTTP Destination is not called

6) User gets the basic authentication portal login screen

I'm not seeing anything helpful in the default, application or security trace files. Any ideas on how to track down the issue are welcome. Thanks!

-jon

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

5 Answers

  • Posted on Aug 13, 2008 at 04:23 PM

    I've configured the SAML SSO Demo application and still seeing the same results. The portal is just not calling the responder web service (specified as an HTTP Destination). Any ideas on how to troubleshoot, am I missing some part of the configuration? I've tried this on two different portal installations here, both fairly up-to-date on support packs (SP 14+).

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 14, 2008 at 06:13 PM

    OK - its always something simple. In this case, my problem was that the TARGET url was just 'http://portalserver/irj', when the portal redirected to the index.html page, the SAMLart was dropped from the querystring. Its working as advertised now.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 25, 2010 at 03:15 AM

    Hi Jon,

    I have an error when testing the SAP SAML SSO demo.

    https://ssvtcrd1.wwy.wrigley.net:50001/saml/receiver?TARGET=http%3A%2F%2FSSVTCRD1.wwy.wrigley.net%3A50000%2Firj%2Fportal%2F&SAMLart=AAH7boOW79mDzbpq7B35WtLF4MP0r54bvryLUYVnF%2FsEDmQzAAAAAAAA

    i didn't change the default setting when setting up the demo environment.

    above the the URL showed in broswer. looks lile it didn't redirect to the http://ssvtcrd1.wwy.wrigley.net:50000/irj/portal/ i want.

    what change in your opinion should be done? inbound? outbound?

    Looking forward to your reply.

    Eric

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 25, 2010 at 08:18 AM

    Now I can be redirected to the destination URL .

    But when i am redirected to the destination URL, it always been poped up and I need to logon with user/password as the anthutication.

    I want to know if it is designed as demo as the right result? or is there some config i need to do for the demo.

    Thanks

    Eric

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jun 10, 2010 at 12:19 PM

    hi jon

    we too are facing the same problem , when authentication on Identity Provider is done, the TARGET url is called but with logon screen appearing . ie. User is not able to go into portal page without SSO.

    Following things need to know

    1. I have maintain the SAMLLoginModule to the login module the "basic" template

    2. Do i need to maintain SAMLLoginModule for every template ie.basic, form, client_cert, ticket etc.

    3. Why Logon Page is being displayed when i have maintain the same userid on Identity Provider and SAP J2EE engine.

    Pls help..

    Regards

    Pravesh

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.