Activating the ClickJacking-Framing-Protection service

Published by Tobias Hofmann on

1 min read

When you start the transaction SAML2 in your SAP NetWeaver ABAP system, you might geht the error message:

ERROR: ICF-Service für ClickJacking-Framing-Protection ist inaktiv (termination: ERROR_MESSAGE_STATE)

/sap/bc/webdynpro/sap/saml2?sap-client=xxx

The solution can be found in SAP Note 2389051. Activate the ICF node UICS and its child whitelist: /sap/public/bc/uics

Activate the node with sub nodes.

This will activate both services.

Go back to your browser with the HTTP 500 error and reload the page. Now the SAML 2.0 configuration wizard will launch.

Alternative activation option

You may also activate this ICF node using an alternative approach. Instead of activating it in the SICF transaction, you can use a transaction for activating special ICF services. More information at SAP Help.

Transaction SICF_INST
Technical name: UICS_BASIC

When you run this transaction with the technical name UICS_BASIC, the ICF node will be activated.

Result:

Let the world know
Categories: BasisSAP
Tags:

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

1 Comment

Emre · November 25, 2021 at 13:02

Dear Sir,

I confronted “Clickjacking Vulnerable”. When i try to solve this, i read your article. In first OSS Note is about S4 HANA Systems (So I passed this)
In second way (Alternative Solution) When I run SICF_INST and Technical name: UICS_BASIC, i got Error “Application is not in table ICFINSTACT ”

Is is about SAP Application version?

Reply

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

SAP Technology

Wait, that’s possible?

6 min read At the ABAPConf 2025 community day on 3rd June 2025 I gave a presentation with the title “Wait, that’s possible?”. In this post I’ll explain in more detail the reasoning behind the Read more…

SAP

Released: SAP Development Tech Radar 2025.6

1 min readThe SAP Development Tech Radar 2025.6 is released and available here. Changes The following technologies were added: SAP Business Client (NWBC) AMDP Business Configuration Maintenance SM30 SAP List Viewer (ALV) SAPscript JCO, standalone Read more…

SAP

Update sites and URLs, forget about links and references

6 min readI was searching for some UI information regarding S/4HANA. I ended up finding this SAP Help site: Overview of UI Technologies and Key Features. It is for release 2023 FPS03. Until the next Read more…