Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NW 7.4 ABAP IdP initiated SSO only required

Former Member

‎11-17-2014 4:37 PM

0 Kudos

Hi all,

I have NW 7.4 SP6 gateway. In saml2 tcode I configured gateway system as services provider. I also created trusted provider (compny has commercial IdP) by importing metadata, Sp metadata was sent to IdP support team

We need IdP initiated SSO only. But when testing direct link to gateway application I'm still being sent to IdP link to authenticate before proceeding, it looks like SP-initiated SSO is also activated and I don't know how to disable it. In 7.3 java there were radio buttons "Supported SSO types" as "SP initiated" and "IdP initiated", and now I don't see those

this is ABAP

I studies the link http://scn.sap.com/thread/3497854 and seemingly I'm doing everything correctly, but it still does not work as expected

any thought/information please?

thanks in advance,

regards, Elena

4 REPLIES 4

martin_voros
Active Contributor

‎11-17-2014 10:09 PM

0 Kudos

Hi,

the post mentioned by you has a link for SAML2 trace app (more info here). Any results from there?

Cheers

Former Member
In response to martin_voros

‎11-18-2014 4:28 PM

0 Kudos

Hi Martin, thanks

yes, I ran the trace and I see saml token is created, my test user ID mapped correctly, but at the end I see strange message:

<Testuser1> " SAML20 SP (client 010 😞 Current request method is POST, request method as read by OUC cookie is     . Request URL from OUC cookie:    . Form fields from OUC cookie:    "

and then

<No user> "SAML20 SP (client 010 😞 SAML2 session exist in client: 010, no policy specified "

so SSO does not work a all - either way

thanks

martin_voros
Active Contributor
In response to martin_voros

‎11-19-2014 1:12 AM

0 Kudos

Hi,

I can see where that trace is being created. The issue seems to be that you have blank values there. Could you activate security audit (transaction SM19) for this user and see what gets logged there. I can see that code write to security audit log and you might get more meaningful message there. Also do you see in trace message that starts with " IdP initiated SSO"? From brief look at code your message gets written to trace after user was successfully authenticated.

Cheers

Former Member
In response to martin_voros

‎10-12-2015 10:40 AM

0 Kudos

Hi Elena,

How did you resolve this issue?

Regards,