3234112 - Single-sign-on to HANA Cockpit 2 with SAML is failed due to authorization error

• Following error is raised when you log on to HANA Cockpit with SAML SSO.
  
• cockpit-persistence-svc.log shows following error:
  Servlet.service() for servlet [com.sap.hana.cockpit.persistence.api.groups.GroupsForUserGet] in context with path [] threw exception
  java.lang.IllegalStateException: {"message":{"key":"PERSIST_USER_NOT_ENABLED","defaultText":"The user ID that you provided has not been added in the cockpit. Contact your cockpit administrator and ask to be added to the cockpit.","attributes":{"at":"com.sap.hana.cockpit.persistence.model.GroupManager.getUsersGroups() Line 197"}}}
                                        
• You have logged on with SAML SSO. However, XS UAA shows empty or wrong "currently resolved authorities"/"SAML groups" when you access to "User info" with following link.
  https://<cockpit_FQDN>:3<instance#>32/uaa-security/support.jsp
  
  For example, if the cockpit is running on yourserver.company.com instance 01, the URL is
  https://yourserver.company.com:30132/uaa-security/support.jsp 
  ******
  ...
  currently resolved authorities []
  SAML groups []
  ...
  ******
  

HANA Cockpit 2.0
IDP

SSO, You're not authorized to open the SAP HANA Cockpit, Ask the cockpit administrator to launch the cockpit manager tool and provide you with authorization. , KBA , HAN-CPT-CPT2-SEC , SAP HANA Cockpit 2 (Security) , HAN-DB-SEC , SAP HANA Security & User Management , How To