The weeks after I wrote my thoughts down about SAP Cloud Platform (SCP) and what should change were quite interesting. Triggered by the official end of SCP Neo trial I wrote down what I think is missing in SAP’s SCP offering. My two blogs laid out the overall idea: ease Read more…
Szenario A trust between the SAML 2.0 IdP and SP is created. A user tries to log on for the first time to NetWeaver ABAP and after successfully logging in at the IdP, logging at the SP fails. The SAMLResponse is validated without errors, the NetWeaver ABAP system cannot create Read more…
Szenario Users are able to logon to NetWeaver ABAP via SAML 2.0 and get their user created automatically. A user information is now changed in the IdP and the corresponding information in NetWeaver must now be updated the next time the user logs on. Problem Updating the user information in Read more…
Szenario A trust between the SAML 2.0 IdP and SP is created. A user tries to log on to NetWeaver and after successfully logging in at the IdP, the SP is denying access. Problem An error in the BAdI create_user_to_federate is thrown. Exception type CX_SY_REF_IS_INITIAL. Trace Use the diag tool Read more…
Szenario A trust between the SAML 2.0 IdP and SP is created. A user tries to log on to NetWeaver and after successfully logging in at the IdP, the SP is denying access. Problem Using the diag tool to get a trace of the SAML 2.0 logon. The incoming request Read more…
SAP provides a nice trace tool for troubleshooting login errors with SAML 2.0: Sec Diag Tool. It is a WebDynpro ABAP application. Make sure to activate the necessary ICF services first before running the tool. URL: /sap/bc/webdynpro/sap/sec_diag_tool/ In NPL: https://vhcalnplci:44300/sap/bc/webdynpro/sap/sec_diag_tool/ With the tool you can start a SAML2 trace. When Read more…
In the SAML 2.0 SSO logon with automatic user creation scenario, the user is created in the SAP system by a BADI. The user information send by the SAML 2.0 IdP is contained in the SAML response. In my previous blog I have shown how the user profile is configured Read more…
When you try to develop a Fiori app with the SAP Fiori tools for VS Code you get the error “btoa is not defined”. This error is caused by another SAP extension: mobile Development Kit extension for Visual Studio Code. You have to disable the MDK extension to be able Read more…
The user creation scenario is an extension to the “simple” SAML 2.0 SSO scenario. Therefore, a pre-requisite is to have the SAML 2.0 IdP and SP configured to trust each other. A logon from IdP to SP with an existing user must work. In my case, the external Identity Provider Read more…
The ICF configuration is more complex than the standard SAML 2.0 configuration. Instead of just validating the SAML 2.0 response, the response must be validated, and a user created or update. To be able to create / update a user, the response received must be handled by a service user. Read more…