Troubleshooting SAML 2.0 – Error getting number

Published by Tobias Hofmann on

3 min read

Szenario

A trust between the SAML 2.0 IdP and SP is created. A user tries to log on for the first time to NetWeaver ABAP and after successfully logging in at the IdP, logging at the SP fails. The SAMLResponse is validated without errors, the NetWeaver ABAP system cannot create a user.

Problem

The ABAP class is calling a function named NUMBER_GET_NEXT. In an empty NW system, this method will fail.

CALL FUNCTION 'NUMBER_GET_NEXT'
EXPORTING
  nr_range_nr = '01'
  object = lc_number_range_object
IMPORTING
  number = lv_number
EXCEPTIONS
OTHERS = 1.

For creating a user automatically, a number range is used to create users with an ID like SAML0000001. The ABAP code shows that lc_number_range_object is defined as lc_number_range_object TYPE inri-object VALUE ‘SAML2ID’.

If you test the function in SE37, you pass that as a parameter and get back an error message.

Ein Bild, das Screenshot enthält. Automatisch generierte Beschreibung

Error: OBJECT_NOT_FOUND

Solution

You need to create the number range for the object. Follow the steps detailed in my blog Create user in NetWeaver via SAML 2.0 – 5 – Create number range

Test

Run the function NUMBER_GET_NEXT in SE37 with the same values provided by the ABAP class.

NR_RANGE_NR: 01
OBJECT: SAML2ID
QUANTITY: 1

Result

When the ABAP Class in the BADI is now called, the function BAPI_USER_CREATE1 is called.

The generated user id is using the number from the number range.

User is created and logged on automatically.

Tx SU01

User is created with the provided data from the SAML assertions.

In the trace, you can see that the NameID is mapped to th user ID SAML0000003.

Let the world know
Categories: BasisSAPSecurity
Tags:

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

SAP

SAP Development Tech Radar

4 min read The SAP Development Tech Radar is available online. The source code is available at its GitHub repository. The information used for to place each technology on the radar is in the folder Read more…

SAP

What if … it is not the technology?

9 min read The past The SAP Community Network (SCN) [1] went through some changes in the last 20+ years. 2011 a major change was planned, went live in 2012 and did not work as Read more…

SAP

DSAG Technologietage 2024

10 min read Moin Hamburg. Ich bin nicht aus Zucker, ich bin aus Hamburg. Mehr muss man über das Wetter nicht wissen und zum Glück sind die Technologietage keine Freiluftveranstaltung. Montags bei der Anreise und Read more…