Symptom
- Screen keeps spinning on when trying to login via SSO;
- Screen enter in a back and forth behavior between IdP login screen and SuccessFactor's;
- Customer/Partner are encountering difficulty during SSO implementation;
- SSO is not working correctly and customer/partner requests assistance with SSO Setup;
Environment
SAP SuccessFactors HXM Suite
Reproducing the Issue
- Access the IdP-Initiated login URL;
- Type your credentials and attempt to login;
- The authentication process behaves as following:
- the screen keep spinning on in a endless loop, or;
- it enter in a back and forth behavior between IdP and SuccessFactor's screens.
Cause
Customer's Identity Provider is using the SHA-256 algorithm — not supported — to encrypt the SAML Assertion Response when sending it to SuccessFactors.
Resolution
SuccessFactors Provisioning doesn't work with the SHA-256 encryption algorithm.
Please kindly access your IdP settings and ensure it's using the SHA-1 algorithm instead. SuccessFactors will always work with this one.
Important: some IdPs take a considerable time to effect the algorithm change, hence, you may wait a couple of minutes for the cache to refresh the settings.
Please, also check the KBA 2957157 - When SSO BizX will upgrade the certificate based on SHA1?
Keywords
IdP, SSO, SSO configuration, spinning, spinning screen, back & forth screen, SSO issue. , KBA , LOD-SF-PLT-SEL , SSO Errors & Logs , How To