2854951 - SAML2.0: More than one user with email found

Symptom

When performing a SAML 2.0 authentication it fails and you are redirected to a logon screen or you will receive an authentication popup.
Usually, it happens for some users and not all of them.

In SAML 2.0 traces system raises the following exception:

To collect the SAML 2.0 traces access the Security Diagnostic Tool in the AS ABAP system by calling the URL below:

http(s)://<host>:<port>/sap/bc/webdynpro/sap/sec_diag_tool?sap-client=<XXX>

Press the start button, reproduce the scenario and press the stop button.

More information regarding the Security Diagnostic Tool for ABAP can be found here.

*Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP Netweaver Application Server for ABAP

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0

Keywords

SAML20, SAML 2.0, SAML2, ADFS, SP, More than one user with email, More than one user with email found, CL_SAML20_FEDERATION->MAP_USERSOURCE_TO_USER_ID, Mehr als einen Benutzer mit E-Mail, TOO_MANY_MAPPING_VARIANTS, SAML2_EMAIL_ATTRIBUTE_MAPPING , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.