Any idea regarding what could be happening? OR what additional configuration needs to be done?
We think somewhere between Siteminder and CLM there is some information getting lost and hence the system is asking us to log in again. Do you have any clue regarding what is happening?
However, let me include the following information: checking system logs we have discovered that following issue is registered in the system when this issue is raised:
Logon policies are disabled#
Flag Initialize Login Commit Abort Details 1.
We have forwarded it to the customer's Siteminder team and this is what they have answered us:
Siteminder team cannot say for sure what is happening at SAP side.
As far as federation goes this is the flow.
User access URL at SAP side --> Sap redirects to IDP for authentication (At this point Ping Federate at our end accepts it) --> Ping federate delegates authentication service to Siteminder (You get logon prompts here) --> after auth request goes back to Ping federate --> Ping federate redirects URL to TargetURL with SAML data.
So you see authentication part is handled by IDP and finally SAML data is sent to SAP. SAP doesn't need to do any authentication of user. SAP has to trust SAML data from IDP and let user access it.
This is whole concept of federation (IDP-SP).
Siteminder doesn't need to handle sap token etc.. SAP is talking to Ping federation only. Ping uses Siteminder for authentication.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.