SAP Netweaver SAML 2 configuration

When we tries to Configure SAML2 in SAP Netweaver server, using t-code SAML2. It prompts for login. We logged in as BCUSER with password. After login it doesn't load any webpage. We are getting 500 SAP Internal Server Error.

SAP Managed Tags:
SAP NetWeaver

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (0)

Answers (2)

Is there any short dump generated? Error 500 suggest it.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Or any entries in the system log (transaction SM21)?

Same user can be logged into portal. When those services are accessed as localhost. But we cant able to log into user in host name./address.

It seems short dump occurs in log when we are tring to login with host name.

sys-log-for-host.png

Are those entries created every time you simulate the issue?

If yes, please provide the ST22 dump exported as a text file.

I tried to attach the dump file. But cant able to upload.

Getting error : This attachment is not permitted because the file type is invalid.

We are trying to upload .txt file

hmmm I believe it should accept ".txt"... maybe try to "zip" it, then?

hmmm is this a duplicated thread?

https://answers.sap.com/questions/567170/saml-configuration-in-sap-netweaver.html

Hi,

We tried to upload it as zip. Since it is not allowed format to attach in this thread.

Hi... Maybe it did not work, then? I do not see any file at this thread or to your last comment...

Hi,

Please look into above comments, I wasn't able to attach any form of files except images. Then how do we upload log files to you?

Hi,

Then you could attach images showing the dump, but we would require at least the first 5 - 10 "screens", depending on the size of your SAP GUI window. So, you would need to take the screenshot of the beginning of the dump, press "page down", take the next screenshot, and so on (and this is why I suggested to attach the dump as a text file, as it would be much easier 🙂 ).

PS: trying to attach a dummy/test text file to this response, just to test it...

test.txt

Hi,

We tried to upload images, even it is also fails when there are more images.

It seems there is an issue on uploading SAP Netweaver SAML Metadata file. We tried with ADFS FederationMetadata.xml file. But it keep on shows alert as "Error when uploading; the file name is invalid or the file is too large" . It seems nothing wrong with the file we had uploaded. We also changed profile parameter for maximum file size allowed to be uploaded.

icm/HTTP/max_request_size_KB = 102400

Is there any log in which we can check , what is the actual issue in SAP Netweaver SAML Configuration.

-Jake

saml-metadata-upload.png

Hi,

It seems that the issue has shifted, now, right?

At the opening of this question, it was mentioned that you could not perform any action. That you received a "500" error right after logging in.

Now it seems that you can login, but you receive an error at a later stage...

Does the system log (transaction SM21) still shows an error? Dumps on ST22?

Maybe an error at the ICM trace file (dev_icm)?

It would be important to confirm that the entry on SM21/ST22/dev_icm occurs at every issue simulation, so you know you have the correct starting point for the analysis.

Regards,

Isaías

Hi,

As I mentioned earlier, we can't access the SAP server in WEB UI using hostname. It is accessible only through localhost. For any hostname, it responds as 500 - internal server error. We will keep posted about the log details.

Hi,

Please find the screenshots of log traces obtained, while the issue occurs.

sm21-log.png

st22-log.png

dev-icm.png

Hi,

Those SM21 entries indicate that shortdumps were raised.

You can see them at the transaction ST22.

These dumps indicate that incomplete/incorrect logon data was sent, or that there is something wrong with the user ID (e.g., password has expired).

In addition, these dumps usually occur when an RFC call (not HTTP call) was made to the system...

So, maybe this is not related to the issue, but you can still check the dumps to confirm it.

Hi,

We are logged into the SAP System as administrator rights.

Ex : SAP* user in SAP Logon system and SAP Web UI.

Are you really using "SAP*"? You should not use "SAP*" for normal basis (or business) processes... Have you tried with a "normal user" that has the required authorizations?

Hi,

Can we use DDIC user to make such operation. I guess our problem doesn't rely on which user , we are using. Please understand our use case. We are having trouble while configure SAML SSO in SAP Netweaver 7.2.

No, you should not use DDIC either... "SAP*" and "DDIC" are special users that must be used only on the special occasions when they are needed.

Can we get any other default Admin user in SAP Netweaver ? Is it BCUser?

Such user must be created manually, and the relevant authorizations must be given.

If you want full administrator rights, then create a user with "SAP_ALL" and "SAP_NEW" authorizations.

We had created a new role, but it is not listed when we are trying to create users in SU01.

Did you generate the profile of the role?

At transaction PFCG, open the role in change mode, acess the "Authorizations" tab, click on "change authorization data", access the menu "Authorizations" -> "generate".

Hi,

we can able to see the message, profile is generated.

Then I do not know why you would not see the profile in SU01. Notice that it would show at the "roles" column...

But, it is not visible at the SU01 user creation Tcode. Can you please look into the issue?

Hello jake martin,

Go to transaction SICF and Activate SAML2 web service

Ref: https://blogs.sap.com/2018/01/26/fiori-launchpadsso-made-easy-by-saml-2.0-with-adfs/

-Yogesh

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

We had activated SAML service in SICF

Ask a Question

Top Q&A Solution Author

User

Count