on 06-04-2018 4:25 PM
Hello,
I configured a SAP Cloud Identity tenant as my default Identity Provider. When I use SAML in the security configuration and put the following lines to my registration context
"auth": [
{
"type": "saml2.web.post",
"config": {
"saml2.web.post.authchallengeheader.name": "com.sap.cloud.security.login",
"saml2.web.post.finish.endpoint.uri": "/SAMLAuthLauncher",
"saml2.web.post.finish.endpoint.redirectparam": "finishEndpointParam"
}
I am redirectd to my IDP and onboarding is using fine.
If I use "BASIC" in security configuration I can login with my S-userid but not with my user P-userid of my IDP. Is this possible to change this?
The reason for that is that I dont wanna use the login screen of my SAML IDP and design my own login page.
Best Regards,
Chris
Hi,
I've the same issue here, working with SCPms and basic authentication. I'm trying to setup the authentication with newly created P-users in SAP IAS.
Following this guide, I can use my P-user to access the SCPms Cockpit, so that's looking good... https://blogs.sap.com/2017/06/19/how-to-grant-access-to-cloud-platform-mobile-services-cockpit-to-us...
But when I try to logon to the SCPms application (windows offline UI5 app in my case), I'm not able to login.
I'm able to login with my S-user for the SCIM "https://mobile-***.eu3.hana.ondemand.com/" but not with my P-users.
If someone has an idea... always welcome! 🙂
Regards,
Hans
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
H Hans,
you just need to open an incident to component BC-NEO-SEC-IAM to change the basic authentication from SAP default IDP to your custom IDP 😉
Best regards,
Chris
Hi,
I have a similar issue: We want to call an app on the SCP with a hana xs destination with basic auth. s-user is working fine in this scenario. P-user does not. How did you solve your problem ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marcus,
We used a little trick. We just created one hana trial account which gives us a P-user which is stored on default SAP IDP. This P-User works with Basic Auth and can act as a technial user. The user is valid forever without forced password changes.
SAP is using the same trick 🙂
Hope this helps.
Best Regards,
Chris
Firstly, S user ids are managed by SAP default ID service.
P user ids in this case are managed by your own tenant.
Based on your description, the "Basic" method is using default SAP ID service. So only S users can logon.
"SAML" method is using your tenant. So P users in your tenant can logon.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It depends on what you use.
For SMP you simply modify the URL of the authentication server in your authentication provider. See this: https://help.sap.com/viewer/313e7789125149b3b5bb6f1c7e1ea322/3.0.13/en-US/7c2e00df7006101487af870517...
For SCPms, there are two ways:
If the purpose is only regarding the logon screen, maybe you can consider customizing the cloud identity logon page itself.
Thanks again for the answer. I know that I can change these things. But what I cant change is the "Forgot Password" process and the user "registration process". I want to use the SCIM REST API to implemdent this for myself.
Is this possible? Is there no other way to logon the IDP user to my application without using the default logon screen of the IDP?
Hi Chris,
Why can't you login using a P user? Do you get an error message or something?
Fardin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.