Troubleshooting SAML 2.0 – Update a federated user

Published by Tobias Hofmann on

3 min read

Szenario

Users are able to logon to NetWeaver ABAP via SAML 2.0 and get their user created automatically. A user information is now changed in the IdP and the corresponding information in NetWeaver must now be updated the next time the user logs on.

Problem

Updating the user information in the NetWeaver ABAP fails. An exception is raised during the execution of the update_federated_user method.

The update method calls function BAPI_USER_CHANGE to update the user

CALL FUNCTION 'BAPI_USER_CHANGE'
EXPORTING
  username = iv_userid
  address = ls_addr
  addressx = ls_addrx
TABLES
  return = lt_result.

Afterwards, it checks if the update was performed successfully.

LOOP AT lt_result INTO ls_result.
IF ls_result-number = 039.
lo_trace->trace_text(
EXPORTING
if_text = |User { lv_userid } was successfully updated.| "#EC NOTEXT
).
ELSE.
lo_trace->trace_text(
EXPORTING
if_text = |User { lv_userid } was not updated. Error messages: { ls_result-message } { ls_result-message_v1 } { ls_result-message_v2 } { ls_result-message_v3 }| "#EC NOTEXT
iv_trace_severity = if_trace_constants=>gc_severity_error
).
RAISE EXCEPTION TYPE cx_saml20
EXPORTING
  c_stack = cx_saml20=>create_callstack( ).
ENDIF.
ENDLOOP.

Root Cause

In case the number value differs, an exception is raised. In a “normal” use case, a user won’t be altered between logins. In case nothing was update, the number value is 029. No change taken, means: the update also worked fine.

Solution

As the provided example class won’t work in most cases, you need to adjust the code. Change the if expression to

IF ls_result-number = 039 OR ls_result-number = 029.

Save and activate the change. Now you can log on again as the same user via SAML 2.0.

Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.