/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- Issue #1: Using the company's URL: https://<company domain>/
- Should ask for Active Directory (AD) Logon
- After entering AD logon, it prompts for Fiori Launchpad Logon Screen and is asking for a Fiori Logon which it shouldn't as it is an Active Directory Logon
- Should ask for Active Directory (AD) Logon
- Issue #2: Business Case that makes this issue complicated:
- Reasoning for this is that the business unit, does not want to give a Fiori Launchpad FLP username/password to the users, and relies strictly on Active Directory Logon via SAML2
- It was expected that each user should only use Active Directory (AD) and SAML2 authentication versus using a Fiori Launchpad Logon username/password per business requirements
- Reasoning for this is that the business unit, does not want to give a Fiori Launchpad FLP username/password to the users, and relies strictly on Active Directory Logon via SAML2
- Issue #3: When using Fiori Launchpad for the first time, these Active Directory User will be asked for a Fiori Launchpad Username/password which they do not have so accessing Fiori Launchpad via SAML is failing for them as it is showing an AD (Active Directory) logon or popup screen to logon to authenticate against the backend
- Issue #4: When using Fiori Launchpad without SAP SAML2, Fiori Launchpad works without issue
- Issue #5: Using Fiori Launchpad with BASIC Authentication, It works without issue and it only fails with SAML2
- Issue #6: It appears that the Fiori Launchpad Framework with some internal network configuration with an Active Directory and/or ADFS system calls multiple authentication by SAML2 to occur for a complete processing of the loop and may fail at least 1 time in SAML which halts the entire process
- Issue #7: The error on the trace or HAR trace shows a call to the following URL several times:
-----Trace------
https://mobile.<company domain>/sap/bc/ui2/start_up?so=*&action=*&systemAliasesFormat=object&sap-language=EN&sap-client=100&shellType=FLP&depth=0&sap-cache-id=D8E55B9C919B8BDFBE5D1F504124DEE4
Note: The above trace will show multiple calls to the same /sap/bc/ui2/start_up and there would be multiple SAML2 successes and most likely 1 hard failure to stop the process- Question: Why is the system when logging in SAML calling this URL above several times then to fail eventually for SAML?
- Request: When failed, a logon popup is shown, and the bypassing the 2nd popup is needed.
Read more...
Environment
- SAP Private Cloud 2023
- S/4HANA 2023 and others
Product
SAP S/4HANA Cloud Private Edition 2023
Keywords
Fiori Launchpad SAML2, Fiori Launchpad Active Directory, Fiori Launchpad SAML2 not working, Fiori Launchpad Logon Screen, Fiori Launchpad Active Directory Logon Screen, Fiori Launchpad AD, FLP SAML2, FLP AD, FLP multiple logons, Fiori Launchpad multiple start_up, multiple start_up calls, /sap/bc/ui2/start_up, , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , CA-FLP-FE-AI , Application iframe communication in FLP and Work Zone , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)