Symptom
- You have established BTP <=> IAS <=> Azure IDP for user authentication.
- You've disabled Identity Federation, which means IAS only acts as a proxy to take all assertion attributes and Subject Name Identifier from the corporate IdP assertion and sends them to the application.
- "Create Shadow Users on User Logon" is enabled for IAS IDP at BTP.
- When user first login to BTP, the shadow user will be created in BTP Users menu.
However, the E-Mail attribute in BTP has the value <sub value>@user.from.sap.custom.cf, where <sub value> is the value of Azure IDP's Subject Name Identifier. - The expected behavior is that E-Mail attribute in BTP has the correct e-mail address.
Read more...
Environment
- SAP Cloud Identity Services
- Business Technology Platform
Product
BTP all versions ; SAP Cloud Identity Services all versions
Keywords
user.from.sap.custom.cf, btp, ias, azure ad, e-mail address, mail, wrong e-mail, wrong mail, oidc, saml , KBA , BC-IAM-IDS , Identity Authentication Service , BC-CP-CF-SEC-IAM , UAA, Authentication, Authorization, Trust Mgmnt , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.