Hello everybody

I've tried to implement Identity Federation from our corporate Active Directory through ADFS (IdP) to SAP ABAP Backend with FIORI Frontend on it.

My sources were:

https://blogs.sap.com/2018/01/26/fiori-launchpadsso-made-easy-by-saml-2.0-with-adfs/

https://help.sap.com/viewer/f118a8960caf41808bd374e28a834f58/7.5.9/de-DE/f4a4aa9a3f9e47e09f5cc2eeb01...

But after selecting the right AD behind ADFS and authenticate with my Mail-Adress and Password, I still get the FIORI Launchpad Logonscreen https://dns-alias:8001/fiori

Edit:
Error in SM21 of AS ABAP:

SAML: Path "/fiori", Code 222, Class SAML, Number 011, Text: Error during Login for external ID "": Error during SAML 2.0 Login

I suggest that the problem lies within NameID configuration, which is set this way:

SAML2 --> Trusted Providers --> Identity Federation --> NameID format: Unspecified / Persistent Users

Details: User ID Source: Assertion Subject NameID / User ID Mapping Mode: E-Mail

Did anyone else try to setup Identity Federation to AS ABAP based on mail adress?

I also tried to maintain mapping entry in table USREXTID between my mail and my SAP user jmeyer and switched the User ID Mapping Mode in SAML2 to Assigning to USREXTID-Table, Type SA ... without success!