cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fiori SSO Setup with the SAML2 and ADFS - No AssertionConsumerService

DieterLorenz
Active Participant

2 weeks ago

0 Kudos

We wanted to login from the internet over the Rise Load Balancer => Webdispatcher to the SAP ERP system. The Fiori SSO Setup with external access works fine in the onPremise environment. This could be also an fall back scenario if the Rise LoadBalancer/Webdispatcher did now work or could not be configured until the GoLive.

After executing the URL we getting an Fiori Login

https://vhsvwws5wd01.fra3.XXXXX.ch:44380/fiori?sap-client=100&sap-language=DE#Shell-home

DieterLorenz_0-1715684327188.png

 

Also did not work without fra3 in the subdomain

If we press F5 we getting this error message from the ADFS:

Fehlerdetails

Activity ID: d9f1072d-ed0d-4edc-931c-0080000000e1

Relying party: SAP RQ1 - RISE

Error details: MSIS3200: No AssertionConsumerService is configured on the relying party trust 'microsoft:identityserver:vhsvwrq1ci.sap.XXXXX' that is a prefix match of the AssertionConsumerService URL 'https://vhsvwws5wd01.fra3.XXXXXX.ch:44380/sap/saml2/sp/acs/100' specified by the request.

Node name: 1d31111e-35ad-426a-ae2b-24d5d7c53b24

Error time: Tue, 14 May 2024 08:16:00 GMT

Cookie: enabled

User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0

We checked the proxy config but what should we do to getting this setup running ?

Test of Reverse Proxy Configuration

For background information to this test, please read SAP Note 616900 on the topic "Using Proxies".

Test #1: Preservation of Host Header
Host Header       vhsvwrq1ci.sap.XXXX:44300
Host from Url:   vhsvwrq1ci.sap.XXXX:44300
Status:  Passed!
Test #2: HTTP Header ClientProtocol
ClientProtocol:  Not Available!
Protocol Switch:               https ==> https
Status:  Warning!

Test #3: HTTP Header X-SAP-WebDisp-AP (Access Points)
Access Points:   Not Available! HTTPURLLOC Table must be configured!
Status:  Warning!

Test #4: HTTPURLLOC
HTTPURLLOC:   HTTPURLLOC Empty!
Status:  FAILED!

Test #5: HTTPURLLOC Client 000
HTTPURLLOC:   HTTPURLLOC Empty! Not possible to run logon applications.
Status:  FAILED!

How to fill the table HTTPURLLOC ?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (0)

Ask a Question