/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
After a successful authentication to the Identity Provider (IDP), user is redirected back to SAP but gets an "401 Not authorized" error screen, a logon screen, or a logon popup.
On a Security Diagnostic Tool trace, errors such as below are found:
- Federation error: Format '<format>' is not supported for user assignment.
- Federation error: No user with email '<username>' found.
- User source <email_address> is longer than maximum length of a user name: 12 characters.
- Federation error: <email_address> does not exist in client <client_number>.
There's a requirement to understand how the Name ID configuration interacts between ABAP server side (transaction SAML2) and IDP.
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Read more...
Environment
- SAP NetWeaver
- ABAP platform
Product
Keywords
SAML2, Federation, Name ID, NameID, Format is not supported for user assignment, No user with email found, User source is longer than maximum length of a user name: 12 characters, email does not exist in client, 401, Not Authorized, logon screen, User Id Source, Assertion Subject Name Id, Assertion Attribute , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-IAM-IDS , Identity Authentication Service , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)