SAP Knowledge Base Article - Preview

2885979 - SSO Service failed - Firewall & Proxy Recommendations for FSM

Symptom

SSO Login Fails

  • Users are unable to log in via SSO, even if their credentials are valid
  • The system redirects users back to the login page repeatedly without proceeding

Error Messages

  • "Unauthorized" or "Access Denied": Indicates that the domain attempting to authenticate is not allowed by the Identity Provider (IdP) or Service Provider (SP)
  • "Domain not recognized": Suggests that the domain associated with the user's email is not approved for SSO
  • "Invalid SSO Configuration": Occurs when a domain required for SSO redirection or API calls is blocked or unrecognized

Redirection Issues

  • Instead of reaching the login page or dashboard, users are stuck on a blank screen or a loop of redirects
  • The SSO authentication URL may fail to load because the domain is blocked or unlisted

Unsuccessful API Calls

  • SSO systems often rely on API calls to verify and retrieve user credentials. If the domain isn’t whitelisted:
    • Token validation or session initialization fails
    • Federation metadata might not load
    • Security assertion markup language (SAML) or OAuth flows might be interrupted

Email Domain Not Recognized

  • For email-based SSO, login fails with messages like:
    • "Email domain not whitelisted for this service."
    • "Your domain is not configured for SSO."

Debug Logs (For Administrators)

  • Logs in the SSO system might show errors such as:
    • 403 Forbidden
    • Unable to establish a connection to the identity provider
    • The requested resource is blocked
    • Invalid entity ID or callback URL

 


Read more...

Environment

SAP Field Service Management

Product

SAP Field Service Management 1.0

Keywords

Allowlist, outbound email communication, SAP FSM, sso, login, fsm, whitelist, domain, login error, sso fail, sap ecc, ios, android, windows, sap b1, microsoft dynamics, email configuration, firewall, proxy server, webhook, system requirements , KBA , CEC-SRV-FSM-ADM , FSM System Administration , CEC-SRV-FSM-IOS , FSM Mobile - iOS , CEC-SRV-FSM-ADR , FSM Mobile - Android , CEC-SRV-FSM-WIN , FSM Mobile - Windows , CEC-SRV-FSM-PD , FSM Planning and Dispatching , CEC-SRV-FSM-SH , FSM Shell Host , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.