SAP Knowledge Base Article - Preview

2283766 - HCPms Trust Management configured to use SAML2 native IdP(Identity Provider) is not working.

Symptom

  • Fiori client fails to connect using SAML2 Native IdP (Identity Provider).
  • Fiori client  succeeds when using  SAP IdP.
  • HCPms HTTP log shows an HTTP 403 Error:
    10.108.119.16 (199.76.27.101) - - [22/Feb/2016:13:43:52 +0000] GET /favicon.ico HTTP/1.1 403 134 24 mobile-xxxxxxxxxx.us1.hana.ondemand.com:443
  • html5 app log shows:
    2016-02-19T18:07:50,866+0000#4149787290#ERROR#Authentication failed. Reason: Service Provider does not match specified audience in the SAML2Assertion.
    2016-02-19T18:09:03,915+0000#3626450359#ERROR#Authentication failed. Reason: Service Provider does not match specified audience in the SAML2Assertion.
    2016-02-19T18:10:13,173+0000#1715283892#ERROR#Authentication failed. Reason: No RelayState cookie found in the request. SAML 2.0 authentication failed.

 For more details on SAML2 setup see Configure Trust to the SAML Identity Provider in Reference  Section below.


Read more...

Environment

Hana Cloud Platform mobile service (HCPms)

Product

SAP Mobile Platform 3.0 ; SAP Mobile Services 1.0, Neo environment

Keywords

HCPms SAML2 native IDP identity provider , KBA , MOB-CLD , Cloud Platform Mobile Services , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.