cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kapsel-Logon with Basic Autentication and SAML IDP

christoffer_fuss
Participant

on ‎06-04-2018 4:25 PM

0 Kudos

Hello,

I configured a SAP Cloud Identity tenant as my default Identity Provider. When I use SAML in the security configuration and put the following lines to my registration context

"auth": [
{
"type": "saml2.web.post",
"config": {
"saml2.web.post.authchallengeheader.name": "com.sap.cloud.security.login",
"saml2.web.post.finish.endpoint.uri": "/SAMLAuthLauncher",
"saml2.web.post.finish.endpoint.redirectparam": "finishEndpointParam"
}

I am redirectd to my IDP and onboarding is using fine.

If I use "BASIC" in security configuration I can login with my S-userid but not with my user P-userid of my IDP. Is this possible to change this?

The reason for that is that I dont wanna use the login screen of my SAML IDP and design my own login page.

Best Regards,

Chris

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

verreydthans
Participant
‎02-04-2019 2:13 PM
0 Kudos

Hi,

I've the same issue here, working with SCPms and basic authentication. I'm trying to setup the authentication with newly created P-users in SAP IAS.

Following this guide, I can use my P-user to access the SCPms Cockpit, so that's looking good... https://blogs.sap.com/2017/06/19/how-to-grant-access-to-cloud-platform-mobile-services-cockpit-to-us...

But when I try to logon to the SCPms application (windows offline UI5 app in my case), I'm not able to login.
I'm able to login with my S-user for the SCIM "https://mobile-***.eu3.hana.ondemand.com/" but not with my P-users.

If someone has an idea... always welcome! 🙂

Regards,
Hans

Show replies
Show replies
christoffer_fuss
Participant
‎02-04-2019 2:29 PM

H Hans,

you just need to open an incident to component BC-NEO-SEC-IAM to change the basic authentication from SAP default IDP to your custom IDP 😉

Best regards,

Chris

marcus_schiffer
Active Participant
‎09-07-2018 1:07 PM
0 Kudos

Hi,

I have a similar issue: We want to call an app on the SCP with a hana xs destination with basic auth. s-user is working fine in this scenario. P-user does not. How did you solve your problem ?

Show replies
Show replies
christoffer_fuss
Participant
‎09-07-2018 1:20 PM
0 Kudos

Hi Marcus,

We used a little trick. We just created one hana trial account which gives us a P-user which is stored on default SAP IDP. This P-User works with Basic Auth and can act as a technial user. The user is valid forever without forced password changes.

SAP is using the same trick 🙂

Hope this helps.

Best Regards,

Chris

marcus_schiffer
Active Participant
‎09-07-2018 2:09 PM
0 Kudos

Hello Christoffer,

Thanks a lot !

I was trying different approaches for hours now.

susansun01
Advisor
Advisor
‎06-05-2018 7:35 AM
0 Kudos

Firstly, S user ids are managed by SAP default ID service.

P user ids in this case are managed by your own tenant.

Based on your description, the "Basic" method is using default SAP ID service. So only S users can logon.

"SAML" method is using your tenant. So P users in your tenant can logon.

Show replies
Show replies
christoffer_fuss
Participant
‎06-05-2018 7:49 AM
0 Kudos

How can I achieve this that my P-user of my IDP is stored/used for my application?

christoffer_fuss
Participant
‎06-05-2018 5:55 PM
0 Kudos

Hi Susan, thanks for help.

I am using SCPms and a Cloud Identity tenant account as my IDP. But as described here this IDP can not be used for BASIC authentication, only SAML.

So I have to use SAML as authentication method, there is really no other way?

christoffer_fuss
Participant
‎06-06-2018 8:28 AM
0 Kudos

Thanks again for the answer. I know that I can change these things. But what I cant change is the "Forgot Password" process and the user "registration process". I want to use the SCIM REST API to implemdent this for myself.

Is this possible? Is there no other way to logon the IDP user to my application without using the default logon screen of the IDP?

former_member276237
Participant
‎06-04-2018 4:29 PM
0 Kudos

Hi Chris,

Why can't you login using a P user? Do you get an error message or something?

Fardin

Show replies
Show replies
christoffer_fuss
Participant
‎06-04-2018 4:32 PM
0 Kudos

Yes I get a "404 error" when I try to logon with my P-User and Basic Authentication.

Ask a Question