/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
In step 4 of configuring custom IDP in SAC by following the steps in the SAC help guide Enable a Custom SAML Identity Provider, click the Verify Account button. The following error message pops up:
"Sorry, we've encountered an error during the account verification setup. Please try again later."
The below error can be seen in web browser HAR trace:
errorDetails: [{message: "uploadIdPMetadata failed with 500 status", bUIMessage: false, bWarning: false}]
-
- 0: {message: "uploadIdPMetadata failed with 500 status", bUIMessage: false, bWarning: false}
- bUIMessage: false
- bWarning: false
- message: "uploadIdPMetadata failed with 500 status"
- message: "uploadIdPMetadata failed with 500 status"
- stack: ""
- status: 500
- 0: {message: "uploadIdPMetadata failed with 500 status", bUIMessage: false, bWarning: false}
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental...
Environment
- SAP Analytics Cloud 2024.21
Reproducing the Issue
- Login to SAC.
- Go to System -> Administration -> Security.
- Upload SAML IDP metadata.
- Click Verify Account.
- Notice that error happens.
Cause
The error encountered during the account verification setup in SAC when configuring a custom IDP suggests a problem with the SAML IDP metadata processing. The specific error message "uploadIdPMetadata failed with 500 status" indicates that the server encountered an unexpected condition that prevented it from fulfilling the request. This is typically a server-side error, which in this context, is likely due to the format or structure of the SAML metadata provided.
- In SAML configurations, metadata files describe the settings and capabilities of an Identity Provider (IdP) or a Service Provider (SP). The
<EntitiesDescriptor>tag in the metadata file is used to encapsulate multiple<EntityDescriptor>elements, each representing a SAML entity. However, some systems, including possibly SAC, expect a single<EntityDescriptor>directly if only one IdP or SP is being configured. If the metadata file includes the<EntitiesDescriptor>tag, it might not be parsed correctly by the system expecting only a single<EntityDescriptor>.
Resolution
To fix the issue with the SAML IDP metadata, edit the metadata file by removing the <EntitiesDescriptor> tag at the beginning and the corresponding </EntitiesDescriptor> tag at the end. Ensure that the file contains only the <EntityDescriptor> tag without being enclosed within an <EntitiesDescriptor> tag.
Keywords
SAML, SSO, authentication, EPM-ODS, Cloud for Analytics, C4P, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, HCP, C4A, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJ, BOBJcloud, BOCloud., BICloud, SBOC, SAC, It seems your profile is not configured for this system,e-mail, SAC SAML is not working in SAC Production Tenant, SAC SAML is not working, SAC Production is no more accessible due to SAML, SAC SAML is not working in SAC Production Tenant. SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, sap analyst cloud, connected, failure , KBA , LOD-ANA-AUT , SAC Authentication / Login , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)