on 01-08-2016 9:17 AM
Heya
I'm currently trying to protect a fiori app/launchpad via SAML2. The IdP is available in the public internet where the Gateway is an internal system.
When I call the Launchpad, I get redirected to the IdP and after successful logon I get directed back to Fiori. However I won't be logged in, because the backend channel verificaton for the SAML token fails. I surprised me to see, that the GW is trying to validate the token at the IdP directly, I was under the impression that with SAML2 this is not necessary anymore.
And it causes a problem, because the GW does not have internet connectivity. I'd have to provide proxy settings somehow. But I have no idea how and where to do this.
Then I found sth. about Enhanced client proxy, but this also doesn't sound like what I need. Isn't there a way to deactivate the backend channel validation of the token? Simply disabling the Artifact resolution Service won't do the trick.
Well the issue was, that I followed a guide that explained how to use http-Artifact binding. In this context the SAML Service provider needs to check back with the IdP.
When I switched to the http-Redirect binding I could solve my issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.