cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help on SAP SSO with SAML & SSO2

Go to solution
Former Member

on ‎02-25-2014 9:34 AM

0 Kudos

Dear expert,

We met an SSO issue on launchpad.

Here is our scenario and SSO structure. We use fiori launchpad to display all SAP apps.

1. When  an user visit launchpad URL, URL will redirect user to identity provider (IDP) for SAML authentication.

2. Then IDP authenticate with SAML2.0 token back to gateway.

3. Gateway accept the SAML2.0 token and issue SSO2 logon ticket.

4. Use logon ticket to backend ABAP ERP system for transaction apps.

5. Use logon ticket to HANA system for factsheet.

Now the first step above is OK as SAML token can be authenticated back to gateway. But after that, the basic form authentication pop-up for user credential on both backend system and HANA, which should not. We found out that launchpad was stucked with error message "/sap/es/ina/GetServerInfo HTTP/1.1 401 Unauthorized" at ERP backend service "GetServerInfo". By checking the cookies, we found out that after SAML token accepted by gateway, gateway did not issue any MYSAPSSO2 ticket.

However, when we disabled SAML and use form authentication for launchpad, SSO2 logon ticket works perfectly among GW, ERP and HANA.  So, there should be no issue configuration regarding SSO2 logon ticket in SAP GUI.

here is the system information:

GW: NW740 SP5

ERP: ECC6 on NW740 SP5

HANA: v70

Please kindly help us out on this issue. Please ask if other information is needed. thanks.

Best regards,

Xian' an

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-26-2014 4:58 AM

hi

issue has been resolved. We found the root casuse is that in service provider the legacy system issue logon ticket is not enabled. after enable it, SAML with SSO2 work successfully.

Best regards,

Xan' an

Show replies
Show replies
Former Member
‎08-19-2016 11:24 AM
0 Kudos

Dear Xan' an

We have exactly same issue...

In our case backed system is SAP BO,  as soon as we enable SAML2 in Fiori (GW) SSO from Fiori to BO stops working ..

I am sorry I am not able to understand your following statement....   Could you please let me know exactly done or needs to be done to fix it ?

"We found the root casuse is that in service provider the legacy system issue logon ticket is not enabled. after enable it, SAML with SSO2 work successfully"

Regards,

Kunal Salunkhe

Answers (2)

Answers (2)

peterng
Advisor
Advisor
‎02-25-2014 11:46 PM
0 Kudos

Hi Xian'an,

Have you checked the SAP Help for the SAML configuration?

https://help.sap.com/saphelp_gateway20sp05/helpdata/en/c9/5f3f6b39724a4a91dcdfd05745e8e7/frameset.ht...

Peter

Show replies
Show replies
Former Member
‎02-26-2014 4:59 AM
0 Kudos

Yes, we have checked the steps details and we are using front channel communication method.

Former Member
‎02-25-2014 6:58 PM
0 Kudos

This discussion thread belongs to the space. For generic SSO related queries where portal is not involved the correct space is . This space is for NetWeaver Single Sign-On (NWSSO, the separately purchasable product) topics only.

Show replies
Show replies
Ask a Question