/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
I need to set up SSO authentication for my environment using a specific corporate identifier, such as an Employee ID or Email address, that is sent as a custom attribute in the SAML token. This is required when the standard SAML "Subject" (NameID) does not match the unique Username format in my SAP Fieldglass user profiles.
Read more...
Environment
SSO authentication fails if the Identity Provider (IdP) places the user's unique identifier in a custom attribute while SAP Fieldglass is still configured to look in the default SAML Subject (NameID). If the Attribute Name defined in the Configuration Manager does not exactly match the XML tag sent in the SAML assertion, the system cannot identify the user, resulting in a "User is not authorized" failure.
Product
Keywords
attribute mapping, SAML identity, NameID, user identification, service provider details, SSO configuration, login history, configuration manager , KBA , BNS-FG-INT-SSO , Integration - SSO Setup , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)