/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
When attempting to login via a SAML SSO, the Identity Provider (IdP) login page appears. Despite entering the correct credentials, the process falls back to Basic Authentication, prompting the user for a username and password.
The HTTP trace indicates a POST to the ACS URL, followed by a POST to the originally accessed URL. The expected SAML behavior.
The Basic Authentication prompt appears at the original URL.
The SAML trace contains the following details indicating that the IdP does not accept the requested NameID format that has been configured in the SP:
SAML20 SP (client ): Incoming Response
SAML20 Binding: POST
SAML20 IdP Name: <IdP URL>
SAML20 Status Code: urn:oasis:names:tc:SAML:2.0:status:Requester
…
SAML20 <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" />
Subsequently, the following status code indicates that the issue is on the SP side:
SAML20 SP (client 100 ): SAMLResponse status code: urn:oasis:names:tc:SAML:2.0:status:Requester
Read more...
Product
Keywords
NameID Format, SAML, SSO, Logon Credentials, Username and Password, Basic Authentication, double authentication, InvalidNameIDPolicy, IdP, Unspecified, Requester, pop-up , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)