SAP Knowledge Base Article - Preview

2537200 - SAML2.0: NWBC Desktop Client prompts login screen after successful authentication

Symptom

After a successful logon using NWBC Desktop Client and SAML2.0 authentication method, a call to a new transaction will trigger a logon screen.

In the SAML2 trace which can be collected with the Security Diagnostic tool, it is possible to check that, for each new transaction called, a new "Incoming HTTP request" is received.
After that, the NetWeaver ABAP (Service Provider) sends a new "AuthenticationRequest" to the Identity Provider (IdP), but there is not Response sent back to the Service Provider.

Some URLs that trigger new requests are:

  • /sap/bc/nwbc/~api/GetAssociatedApps
  • /sap/bc/nwbc/~api/GetAssociatedLinks


Read more...

Environment

  • SAP enhancement package 2 for SAP NetWeaver 7.0
  • SAP NetWeaver 7.3
  • SAP enhancement package 1 for SAP NetWeaver 7.3
  • SAP NetWeaver 7.4
  • SAP NetWeaver 7.5 and higher

Product

SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0

Keywords

 legacy systems logon ticket Incoming HTTP request , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.