SAP Knowledge Base Article - Preview

2537200 - SAML2.0: NWBC Desktop Client prompts login screen after successful authentication

Symptom

After a successful logon using NWBC Desktop Client and SAML2.0 authentication method, a call to a new transaction will trigger a logon screen.

In the SAML2 trace which can be collected with the Security Diagnostic tool, it is possible to check that, for each new transaction called, a new "Incoming HTTP request" is received.
After that, the NetWeaver ABAP (Service Provider) sends a new "AuthenticationRequest" to the Identity Provider (IdP), but there is not Response sent back to the Service Provider.

Some URLs that trigger new requests are:

  • /sap/bc/nwbc/~api/GetAssociatedApps
  • /sap/bc/nwbc/~api/GetAssociatedLinks


Read more...

Environment

  • SAP enhancement package 2 for SAP NetWeaver 7.0
  • SAP NetWeaver 7.3
  • SAP enhancement package 1 for SAP NetWeaver 7.3
  • SAP NetWeaver 7.4
  • SAP NetWeaver 7.5 and higher

Product

SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0

Keywords

 legacy systems logon ticket Incoming HTTP request , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication and SSO , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.