Set up SAML SSO between XSA and external Identity Provider (such as: AzureAD, or Identity Authentication Service ...etc) following KBA 2569903 - How to configure SAML authentication on HANA XSA
Due to business needs, need to stop external Identity Provider user get created automatically in XSA thus manually unticked option "Create shadow users during login". Then manually created user in XSA, such as via: XSA Cockpit -> User Management -> New User/Migrate SAP HANA User, and assign relevant role collection.
When log into XSA application such as HANA Cockpit using external Identity Provider user/password, then notice SSO fails with following message shown in browser address bar, even though you are sure the authenticated Subject in SAMLResponse is exactly the same ID as the user you manually created in XSA.
- SAP HANA Extended Application Services, Advanced model - XSA
bad request, /uaa-security/saml/SSO/alias/XSA-saml, , KBA , BC-XS-SEC , UAA and Security for HANA XSA engine , BC-XS-RT , OP Runtime / XS Controller , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.