Symptom
After successful login, an additional login screen of IAS is visible:
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
- SAP SuccessFactors Work Zone Advanced Edition
- SAP SuccessFactors Work Zone
- SAP SuccessFactors JAM Collaboration
Reproducing the Issue
- Log into Work Zone as usual
- Observe, that after successful login, IAS login screen is visible
Cause
- The trusted iDP in the Work Zone tenant does not have the right BTP certificate.
- Hence the OAuth2SAMLBearerAsserion was failing with "SAML assertion failed validation" error, due to certificate mismatch.
Resolution
Update the certificate in the Work Zone SAML Trusted IdP by reuploading the BTP metadata file downloaded from Destinations -> Download IDP Metadata
Steps to resolve:
1. Got to the BTP Subaccount -> Destination -> click Download IDP Metadata to get the metadata XML file.
2. Then go to Work Zone Admin Console (using the fallback login as you were doing before) -> Authentication & Authorization -> SAML Trusted IdPs
3. Find the IDP matching your subaccount ->Click Action -> Edit
4. Then click Browse and select & upload the metadata downloaded from BTP.
5. Manually set the Default Name ID Format back to previous value if uploading the metadata removes it
6. Click Save
Keywords
Work Zone, IAS, Login, Double, Authentication, BTP, admin , KBA , LOD-SF-SWZ-AUT , User Authentication Issues , Problem
Product
Attachments
Pasted image.png |
Pasted image.png |
Pasted image.png |
Pasted image.png |
Pasted image.png |