Skip to Content
author's profile photo Former Member
Former Member

SAML SSO implementation issues

Hi All,

We are in the process of implementing a SAML based SSO solution between a CRM system and a portal system.

In this scenario EP system will be the Identity provider and CRM system is going to be the Resource provider.

Issue -

For the same we have done the necessary settings in VA for CRM Portal as well as EP. Now the issue that we are facing is that when we are not choosing the option of fallback mechanism in VA, we are getting an error as below -

Stack trace of log message with ID "0017A47740080030000000EB0000381A00047E216937A9E8" written to trace

[EXCEPTION]

com.sap.security.core.server.saml.jaas.exception.SAMLLoginModuleException: com.sap.engine.services.security.exceptions.BaseUnsupportedCallbackException: <--Localization failed: ResourceBundle='com.sap.engine.services.security.exceptions.SecurityResourceBundle',..

On the other hand when we choose the fallback mechanism as 'User id and Password' then we donu2019t get any error message, but the link that we want to access does ask for UID and PWD on accessing, hence the concept of SSO doesnu2019t get implemented here.

Seems we are missing something here in configurations part.

Pls. do guide us for the same.

Regards,

Shailesh

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • Best Answer
    Posted on Feb 03, 2010 at 12:54 PM

    Hi Shailesh,

    For SAML 1.x, the AS Java cannot act as an identity provider. It can act as a destination site. See [Using SAML Assertions for Single Sign-On|http://help.sap.com/saphelp_nw04/helpdata/EN/94/695b3ebd564644e10000000a114084/frameset.htm].

    For SAP NetWeaver AS Java 7.2 there is support for SAML 2.0. There are plan to support an identity provider as part of the SAP NetWeaver Identity Management solution.

    -Michael

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 25, 2010 at 08:32 AM

    Hi experts,

    I have one quesion now and will appreciate if you can give me the answers.

    I can be redirected to the destination URL .

    But when i am redirected to the destination URL, it always been poped up and I need to logon with user/password as the anthutication.

    I want to know if it is designed as demo as the right result? or is there some config i need to do for the demo.

    I am always using the default setting up for SAML SSO demo.

    Thanks

    Eric

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Nov 15, 2012 at 04:30 PM

    Hi Shailesh

    Could you please give me a hint, how you did manage to redirect un-authenticated requests from ABAP to JAVA?

    We are using Kerberos on Java for a long time now, but cannot find a practical way to include JAVA SPNEGO as authentication layer only, when using ABAP Web.

    - I don't like to communicate directly to JAVA and redirect / proxy everything from there to ABAP

    - I don't like to put a Reverse Proxy in front of both and decide their which path to go on (in dependence of SAPSSO2 cookie existance)

    - I'd like to communicate directly to ABAP, within ABAP check if already authenticated and if not => make a roundtrip to Java to fetch a SAPSSO2 cookie.

    Any suggestions?

    Martin

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.