on 05-18-2018 9:14 AM
Hello everybody
I've tried to implement Identity Federation from our corporate Active Directory through ADFS (IdP) to SAP ABAP Backend with FIORI Frontend on it.
My sources were:
https://blogs.sap.com/2018/01/26/fiori-launchpadsso-made-easy-by-saml-2.0-with-adfs/
But after selecting the right AD behind ADFS and authenticate with my Mail-Adress and Password, I still get the FIORI Launchpad Logonscreen https://dns-alias:8001/fiori
Edit:
Error in SM21 of AS ABAP:
SAML: Path "/fiori", Code 222, Class SAML, Number 011, Text: Error during Login for external ID "": Error during SAML 2.0 Login
I suggest that the problem lies within NameID configuration, which is set this way:
SAML2 --> Trusted Providers --> Identity Federation --> NameID format: Unspecified / Persistent Users
Details: User ID Source: Assertion Subject NameID / User ID Mapping Mode: E-Mail
Did anyone else try to setup Identity Federation to AS ABAP based on mail adress?
I also tried to maintain mapping entry in table USREXTID between my mail and my SAP user jmeyer and switched the User ID Mapping Mode in SAML2 to Assigning to USREXTID-Table, Type SA ... without success!
maybe this is the solution, as I also have 1024 length certificates on SP side in STRUST, but a 2048 length certificate from ADFS.
https://archive.sap.com/discussions/message/16392110#16392110
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.