/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- Microsoft Entra ID (formerly known as Azure) has OpenID Connect (OIDC) configured as the corporate identity provider and SAP Cloud Identity Services (IAS) is configured as the proxy for application authentication.
- During Corporate Identity Provider validation, an expected claim is missing in "Step 2 - Token".
- In the IAS troubleshooting log, the entry for action="receiveJwtToken" is also missing the claim.
- In this KBA, we will use the 'upn' claim as an example of the missing claim.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Read more...
Environment
- SAP Cloud Identity Services
- Microsoft Entra ID
Product
Identity Authentication 1.0
Keywords
attribute, id_token, access_token, profile scope, corporate IDP, user mapping, subject name identifier , KBA , BC-IAM-OID , OIDC/OAUTH2 component in SAP Cloud Identity Services , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)