on 02-11-2015 3:27 AM
when I custom my identity provider on hana cloud saml2 sso, configure my trusted identity provider ,then I met a problem:
respond with a document containing an XHTML form:
<form id="samlResponse" data-refreshParent="true"
action="https://accounts.sap.com/saml2/sp/acs/ssocircle.com" method="post">
<input type="text" name="SAMLResponse" id="SAMLResponse"
Value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVV…" />
<input type="text" name="RelayState"
value='#Scfc5e9e3-a1de-42cf-ad43-2fb5fbce23b9-WwC3wSnsxWUt_bP0Xnuu.QmG14aE44WpfPpW3zdmmEo ' />
<input type="submit" value="Continue" />
</form>
The ssocircle.com is my trusted identity provider name, now I get the following error :
and anther error is :
Hello,
Relay state cookie is used by SAML 2.0 SP (hana cloud VM in this case) to determine which is the url originally requested.
When SAML 2.0 response arrives on ACS endpoint SAML 2.0 redirects the browser to this url where the SAML 2.0 assertion is evaluated and the user is authenticated.
The name of this relay state cookie is specified in the url parameter RelayState of the SAML authentication request.
The cookie is set in the same SAML 2.0 request. When the IdP returns the response it must return the relay state cookie name as URL parameter.
You can gather http trace and check if the relay state cookie name and check if the relay state name is sent back with the SAML 2.0 response.
Could you please also tell us which is the HANA runtime that you are using in your application?
Best regards
Angel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
right now,I find my identity provider can't support Signing Certificate,so can't get Metadata,I will make it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.