Symptom
In Cloud to On-Premise(ABAP System) + Principal Propagation scenario, you are getting an error related to login.microsoftonline.com(or other SAML authentications).
For example:
- Following error is raised in Cloud Application:
"Access denied to system login.microsoftonline.com:443. In case this was a valid request, ensure to expose the system correctly in your cloud connector."
"401 Not Authorized"
- In most cases, Cloud Application only say the connection doesn't work, during further analysis you find following content in ICM trace level 2:
[Thr 140517112649472] HTTP response (rewritten) [108/90761/1]:
[Thr 140517112649472] HTTP/1.1 302 Moved temporarily
[Thr 140517112649472] content-type: text/html; charset=utf-8
[Thr 140517112649472] content-length: 0
[Thr 140517112649472] cache-control: no-cache, no-store, must-revalidate, private
[Thr 140517112649472] pragma: no-cache
[Thr 140517112649472] expires: Thu, 01 Jan 1970 00:00:00 GMT
[Thr 140517112649472] location: https://login.microsoftonline.com/XXXXX
- In traffic trace of cloud connector, login.microsoftonline.com can also be found in "Response data" section.
- In ljs_trace of cloud connector, following content could be found:
2023-08-21 05:48:14,142 +0000#DEBUG#com.sap.core.connectivity.protocol.http.handlers.HttpLocationHeaderHandler#tunnel-client-1089-6#0x8ef12eff#Location header represents unknown host: login.microsoftonline.com. The value of the header remains unchanged: https://login.microsoftonline.com/...
Read more...
Environment
Cloud to On-Premise (ABAP System) + Principal Propagation
Keywords
KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , BC-CST-IC , Internet Communication Manager , BC-MID-ICF , Internet Communication Framework , Bug Filed
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.