Symptom
After a successful logon using NWBC Desktop Client and SAML2.0 authentication method, a call to a new transaction will trigger a logon screen.
In the SAML2 trace which can be collected with the Security Diagnostic tool, it is possible to check that, for each new transaction called, a new "Incoming HTTP request" is received.
After that, the NetWeaver ABAP (Service Provider) sends a new "AuthenticationRequest" to the Identity Provider (IdP), but there is not Response sent back to the Service Provider.
Some URLs that trigger new requests are:
- /sap/bc/nwbc/~api/GetAssociatedApps
- /sap/bc/nwbc/~api/GetAssociatedLinks
Read more...
Environment
- SAP enhancement package 2 for SAP NetWeaver 7.0
- SAP NetWeaver 7.3
- SAP enhancement package 1 for SAP NetWeaver 7.3
- SAP NetWeaver 7.4
- SAP NetWeaver 7.5 and higher
Product
Keywords
legacy systems logon ticket Incoming HTTP request , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.