/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
We have a problem with authentication in our Signavio workplace. We are using AzureAD via Office 365 to authenticate users. When a user tries to navigate to the Signavio Collaboration Hub via our intranet, the following error message is displayed:
Could not authenticate towards Signavio
Details: getting handover from request /intra/authhandover failed. Status code: 500.
Do you have any idea on what we should do to fix this?
Resolution
There are several potential causes for this error message. In order to find the appropriate solution, please open the developer console of your browser (F12) and open the tab "Network" or "Network analysis". Then please reproduce the issue.
Within the Network analysis search for the request "/intra/authhandover". It should display the Status code 500. Now please click on this request entry and search for the 40x error message in the advanced view. Now depending on the actual error message displayed please follow the appropriate steps:
400 Azure AD access token request returned
This error message means that currently no connection between your Azure AD and our Signavio system can be established. The underlying cause here is that incorrect IDs have been provided for the authentication in the Signavio Explorer. Please compare the IDs in "Setup" → "Manage Collaboration Hub Authentication" with those generated in Azure AD .
After you have updated the IDs and clicked on the "Create/Update the Webpart/App" button, please download the app again. Please delete the app currently uploaded in your Azure AD according to this page.
401 Azure AD access token request returned
This error message means that currently no connection between your Azure AD and our Signavio system can be established. The underlying cause here is expired credentials for the connection towards Azure Active Directory.
Please perform the steps that are described on this page.
403
This message confirms that validation of the IDs (the green check mark in the "Collaboration Hub Authentication" panel) have been successful, but the user either has been deleted or has lost permission. The green check mark however is still displayed, since the IDs could be potentially valid. This is reflecting a test where Sharepoint is using a specific algorithm.
Please create a new Azure AD account for the Signavio system according to the instructions here. Afterwards, please update the IDs in the authentication pane, and download and install the app again. Please note that the current app also needs to be removed from the recycle bin (see also here).
Keywords
KBA , BPI-SIG-HUB , SAP Signavio Process Collaboration Hub , How To