SAP Knowledge Base Article - Public

3323699 - Unable to Apply for Jobs due to Identity Provider Error - Internal Career Site powered by CSB - Recruiting Marketing

Symptom

  • Internal candidates are receiving an Identity Provider error when trying to apply for jobs.
  • Error: "Identity Provider could not process the authentication request received."

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

  • SAP SuccessFactors Recruiting Management
  • SAP SuccessFactors Recruiting Marketing

Reproducing the Issue

  1. Log in to SuccessFactors via SSO;
  2. Click on Home > Careers;
  3. It shows "You have now been authenticated..." and opens the Internal Career Site powered by CSB;
  4. Search and open a job posting;
  5. Click "Apply Now";
  6. Receiving an error "Identity Provider could not process the authentication request received. Delete your browser cache and stored cookies, and restart your browser. If you still experience issues after doing this, please contact your administrator."

Cause

Incorrect Redirect URLs in Career Site Identity Provider (IDP) configuration.

Resolution

The Redirect URLs in Career Site Identity Provider (IDP) configuration are automatically populated once you have completed the steps of Configuring IAS SAML 2.0 Integration in the Admin Center. Please follow the steps if this is the first time you have configured the feature. 

Due to Instance Refresh or errors in the IDP configuration, you may need to fill out those URLs manually. Please double check the URLs.

After manually updating the configuration, please delete your browser caches and cookies, and restart your browser.

Review Tips

Please navigate to Admin Center > Manage Data > Recruiting Career Single Sign-On Configuration.

1. There are 8 Redirect URLs and the following 7 are the same. Only "Redirect URL for Logout" is your RMK Portal URL.

   

2. The URL pattern is: https://tenantID.accounts400.ondemand.com/saml2/idp/sso/tenantID.accounts400.ondemand.com?sp=https%3A%2F%2Fcareer[n].successfactors.com%2FCompanyID

    Please double check the strings such as "https%3A%2F%2F" to make sure there are no missing characters.

3. The Service Provider (sp=) in the URL is the Recruiting Management Career Site entity. Its domain is something like "career[n].successfactors.com".

    NOTE: It is not "www.successfactors.com" or "hcm[n]preview.sapsf.com".

    You can verify the Career Site domain by exporting the Career Site metadata.

  1. Go to Admin Center > Career Site Identity Provider (IDP) Configuration;
  2. Export Metadata;
  3. Open the XML file;
  4. Search for "entityID=" and you will see a URL "https://career[n].successfactors.com/CompanyID".

4. There are also two Service URLs for logout requests. Please pay attention that it is "slo" (Single Logout).

  • Service URL for Service Provider Global Logout (Logout Request Destination): https://tenantID.accounts400.ondemand.com/saml2/idp/slo/tenantID.accounts400.ondemand.com?sp=https%3A%2F%2Fcareer[n].successfactors.com%2FCompanyID

  • Service URL for Identification Provider Global Logout (Logout Request Destination): https://tenantID.accounts400.ondemand.com/saml2/idp/slo/tenantID.accounts400.ondemand.com

Keywords

RMK, RCM, Careers, IAS, Identity Authentication Service, authentication error, IDP, Identity Provider, SAML, SSO, Single Sign On, failure, error when applying, employee , KBA , LOD-SF-RMK-ICS , Internal Career Site Builder (CSB, IAS, etc ...) , LOD-SF-RMK , Recruiting Marketing , Problem

Product

SAP SuccessFactors Recruiting all versions