SAP Knowledge Base Article - Public

2825398 - Token-Based SSO users not able to login

Symptom

Important: this KBA and it's respective instructions are dedicated only to token-based (MD5-based, SHA1-based, DES/3DES-based) SSO scenarios.

  • Some users are currently unable to login within the instance through token-based SSO method;
  • End users are being shown with the "Invalid login" page when attempting to login via SSO;
  • Users are facing issues with their token-based SSO URLs;

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

  1. Open your preferred browser;
  2. Place the login URL filled up with the proper parameters;
  3. Try to login;
  4. You won't be allowed to.

Cause

The user might be either:

  • Using a broken URL (therefore, not built correctly, with each parameter on it's proper place);
  • Using an URL which contains outdated values for some parameter (e.g. holding an username value that was changed to something else in the system for that user);
  • Using an URL that may belong to another users (as stated before, the login URL will be exclusive to each user);

Examples of parameters: username, password, tklogin_key, expire, callerharsh.

Each token-based SSO user will have their own URL to login. The URL parameters must be filled up with the proper values for each user — and those will be exclusive.

This login URL will contain different parameters, and, note that, perhaps, some of them might need a refresh or the URL itself has expired.

Resolution

Evaluate which of the above possible causes's scenario the user falls in, and correct it's URL accordingly (if needed, generate a new login URL for the affected user).

Furthermore, also ask the affected user to clear it's browser cookies and cache before attempting to login again. Such measure will help to clean up outdated values stores in the browser.

NOTE: The URL generation is responsibility of the customer administrator.

Keywords

token-based, MD5-based, SHA1-based, DES/3DES-based, username, password, tklogin_key, expire, callerharsh , KBA , LOD-SF-PLT-SEL , SSO Errors & Logs , Problem

Product

SAP SuccessFactors HCM suite all versions