on 09-10-2014 3:22 PM
Hi experts,
We're attempting to set-up a SAML based authentication between our IDP and SAP portal. However, we're running into an issue where the SAML assertions are created under a load-balanced virtual name (virtual.domain.com) while the SAML configuration in the portal is only picking up the local server name (server.domain.com).
The mismatch of names is causing authentication to fail. We've also noticed that once SAML configuration is complete in the NWA, the Endpoint URL values are NOT adjustable.
So we're stuck at the moment to understand how to configure the portal to use the 'virual.domain.com' address in the SAML config to resolve the authentication errors?
Has anyone seen this before and how were you able to resolve?
Thank you!
Tim
This can be fixed by:
1. Setting ProxyPreserveHost on on Proxy end. As per:
http://wiki.scn.sap.com/wiki/display/BSP/Using+Proxies
Rule 1: The Host: header must be preserved by proxy. The proxy must not in any way change the Host: header.
The Web Dispatcher will always preserve the Host: header, and works correctly on this aspect. The Apache proxy can not in the version 1.x preserve the Host: header, and can not be used with the WebAS together. Only from Apache version 2+ is it possible to configure an Apache so that the Host: header is forwarded unchanged. For this, set the configuration option ProxyPreserveHost.
2. Configure SAML2 by accessing the reverse proxy URL with host/port that would be used by IDP/ end users, as per wiki link shared in first response above.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
you need to configure your reverse proxy to correctly propagate the actual host and port accessed by the client.
Please check following wiki page:
Although it is written for ABAP, most of the settings (especially the reverse proxy ones) apply to Portal too.
Best regards
Vasil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.