SAP Knowledge Base Article - Preview

2932216 - SAML SSO fails with error "403 - Forbidden" for all xsengine applications


  • You have enabled SAML SSO but this fails for all xsengine applications for which SAML is configured.
  • You successfully log on to the IdP but then you are forwarded to http://<hana-host>:80<instance_number>/sap/hana/xs/saml/login.xscfunc where the "403 - Forbidden" error is thrown.
  • You increase to DEBUG the trace level of component 'authentication' and examine the resulting xsengine/indexserver trace file and notice that HANA sends the normal authentication request to the IdP but there is no response back from the IdP following this request.



  • SAP HANA 1.0 SPS12
  • SAP HANA 2.0  
  • XS Engine Classic 


SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0


HANA, SAML, SSO, sap, package, CORS, xsengine, runtime configuration, IdP, 403, Forbidden , KBA , HAN-DB-SEC , SAP HANA Security & User Management , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.