SAP Knowledge Base Article - Preview

3099117 - Content security policy violation


  1. Application initiated SAML where IAS acts as a proxy does not work.
  2. The application initiated SAML works fine with Firefox but fails with Chrome and Edge browser.
  3. SAML trace shows the SAML request token going to IAS but there is no re-direction to Corporate IDP.  
  4. The HTTP watch trace shows the error net::ERR_ABORTED.
  5. The Chrome network trace shows the following error Refused to send form data to '<sp url>' because it violates the following Content security Policy directive: "form-action 'self' <ias url>".
  6. Issue does not happen with Firefox happens only in Chrome and Edge.



Identity Authentication


Identity Authentication 1.0


Content Security Policy,SAML, SSO, third party, Chrome, FireFox, Edge, net::ERR_ABORTED , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.