cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error when trying to configure trusted IdP on AS ABAP (TA SAML2)

Go to solution
Colt
Active Contributor

on ‎07-11-2016 11:43 AM

0 Kudos

Hi Expert,

I try to configure an trusted IdP in the SAML 2.0 configuration of the AS ABAP (TA SAML2). The AS JAVA IDP is using a self-signed certificate, which i have exported beforehand incl. its Metadata.

I always get the error message "some certificates of the selected trusted provider where not parsed" on step Signature and Encryption. I can't finish the configuration on step Authentication Requirements due error message "new trusted provider can not be saved. certificate cannot be saved in Address Book. Cannot analyze certificate".

Already tried to put the certificate in STRUST which works but no success.

Can anyone provide me other suggestions on that?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colt
Active Contributor
‎07-11-2016 12:31 PM
0 Kudos

Ups, my SAP CryptoLib on the AS JAVA seems to be too old (2011) just updated and now try again...

Show replies
Show replies
Colt
Active Contributor
‎07-11-2016 1:30 PM
0 Kudos

Updated to latest CommonCryptoLib on all SAP Systems (ABAP + JAVA) but still the same issue... The system is an AS ABAP NW 7.31 SPS7.

I was able to setup SP and IDP trust on a different AS ABAP system w/o any issues.

please help.

former_member202592
Participant
‎07-11-2016 6:45 PM
0 Kudos

Hi Carsten,


Please notice that in order to import a certificate in the AS ABAP system you must ensure that the certificate is either binary or Base64 encoded (.cer or .crt  file extension).


Usually the "Cannot analyze certificate" error happens when trying to import an unsupported certificate format.


Cheers,

Filipe Santos

Colt
Active Contributor
‎07-11-2016 7:29 PM
0 Kudos

Hi Filipe,

I am quite sure to use Base64 always. But thanks for your suggestion, will try with Binary and let you know.

Cheers,

Carsten

former_member202592
Participant
‎07-11-2016 11:38 PM
0 Kudos

Hi Carsten,

It would be very helpful if you can provide a screenshot showing the error message, and in exactly which step and screen of the configuration you are.

Cheers,

Filipe Santos

Colt
Active Contributor
‎07-13-2016 3:51 PM
0 Kudos

Hi Filipe,

appreciate your support. Sorry for the delay, here are the screens requested:

Certificate of my IdP:

TA SAML2 after importing metadata selecting the IdP cert (Base64):

First warning at Step 6:

Error Message at the end of the process (Step 9) can't save:

Cheers,

Carsten

former_member202592
Participant
‎07-14-2016 12:50 AM
0 Kudos

Hi Carsten,

Thank you for the screenshots provided.

The issue does not seems to be related with SAML 2.0, it seems to be related with the SSF ABAP classes that are used to handle the X509 certificates.

Therefore can you check if the SAP Notes below can be implemented in your system:

1824896 - Sporadic error in methods of claass CL_ABAP_X509_CERTIFICATE

1910826 - Error in validity methods of class CL_ABAP_X509_CERTIFICATE

After implementing both SAP Notes, check if the issue is still happening.

Cheers,

Filipe Santos

Colt
Active Contributor
‎07-15-2016 7:05 AM
0 Kudos

Hi Filipe,

indeed a bug... a kernel update did the trick, thanks a lot.

It's a very old "playsystem" but i was able to update to a later kernel patch which fixed the parsing issues.

Cheers,
Carsten

Answers (0)

Ask a Question