on 02-25-2014 9:34 AM
Dear expert,
We met an SSO issue on launchpad.
Here is our scenario and SSO structure. We use fiori launchpad to display all SAP apps.
1. When an user visit launchpad URL, URL will redirect user to identity provider (IDP) for SAML authentication.
2. Then IDP authenticate with SAML2.0 token back to gateway.
3. Gateway accept the SAML2.0 token and issue SSO2 logon ticket.
4. Use logon ticket to backend ABAP ERP system for transaction apps.
5. Use logon ticket to HANA system for factsheet.
Now the first step above is OK as SAML token can be authenticated back to gateway. But after that, the basic form authentication pop-up for user credential on both backend system and HANA, which should not. We found out that launchpad was stucked with error message "/sap/es/ina/GetServerInfo HTTP/1.1 401 Unauthorized" at ERP backend service "GetServerInfo". By checking the cookies, we found out that after SAML token accepted by gateway, gateway did not issue any MYSAPSSO2 ticket.
However, when we disabled SAML and use form authentication for launchpad, SSO2 logon ticket works perfectly among GW, ERP and HANA. So, there should be no issue configuration regarding SSO2 logon ticket in SAP GUI.
here is the system information:
GW: NW740 SP5
ERP: ECC6 on NW740 SP5
HANA: v70
Please kindly help us out on this issue. Please ask if other information is needed. thanks.
Best regards,
Xian' an
hi
issue has been resolved. We found the root casuse is that in service provider the legacy system issue logon ticket is not enabled. after enable it, SAML with SSO2 work successfully.
Best regards,
Xan' an
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Xan' an
We have exactly same issue...
In our case backed system is SAP BO, as soon as we enable SAML2 in Fiori (GW) SSO from Fiori to BO stops working ..
I am sorry I am not able to understand your following statement.... Could you please let me know exactly done or needs to be done to fix it ?
"We found the root casuse is that in service provider the legacy system issue logon ticket is not enabled. after enable it, SAML with SSO2 work successfully"
Regards,
Kunal Salunkhe
Hi Xian'an,
Have you checked the SAP Help for the SAML configuration?
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.