cancel
Showing results for 
Search instead for 
Did you mean: 

SAML based SSO not creating the MYSAPSSO2 cookie.

former_member186439
Participant
0 Kudos

We have setup web single sign-on between an AS ABAP system and a Microsoft ADFS system.  ADFS is the Identity Provider (IP) and SAP is the Service Provider (SP).  This is working great for opening up web content on the SAP system such as the Fiori Launchpad.

However, even though we have the profile parameters for SSO set (​login/accept_sso2_ticket=1 and login/create_sso2_ticket=2), the MYSAPSSO2 cookie is not being created.  This becomes a problem downstream when we try to run an OData services from JavaScript.  The OData services wants to re-authenticate.

This behavior only happens when we invoke the web content directly from the Browser.  If we start the Fiori Launchpad from the SAP GUI using the /uid/flp transactions, the logon ticket (MYSAPSSO2) gets created and the OData call works fine without re-authentication.

I can find in the Help documentation ( http://help.sap.com/saphelp_nw70ehp2/helpdata/en/46/631b92250b4fc1855686b4ce0f2f33/content.htm?frame...
&node_id=22&show_children=false ) where it says...

"You can configure SAP NetWeaver Application Server (AS) ABAP as a SAML 2.0 service provider. SAP applications can take part in cross-domain SSO. The AS ABAP can also issue logon tickets while operating as a service provider, enabling you to integrate legacy systems in your landscape."

That is what I'm trying to figure out.  Why is my AS ABAP system while operating as a service provider not issuing logon tickets?

Accepted Solutions (1)

Accepted Solutions (1)

former_member182254
Active Participant
0 Kudos
former_member186439
Participant
0 Kudos

Dimitar,

Thanks much!  That was the correct answer.

I expect other people will run into this if they start working with Fiori applications and the Fiori Launchpad.

You can see the positive result below.

Thanks again.

Answers (0)