SAP Knowledge Base Article - Preview

2865450 - 401 – Unauthorized when using SAML SSO functionality on backoffice with Azure AD as IDP


Using the 'Login with Single Sign On' in the backoffice allows a user to login for the first time after authenticating through the Identity Provider (IDP) and for some time thereafter without the need to re-authenticate.

In the case where Azure Active Directory (Azure AD) is used, the user will be met with a 401 - Unauthorized error upon accessing the backoffice in the same way after 2 hours.



The issue requires the use of Spring SAML and was only observed when Azure AD was used as the IDP, although it could potentially happen with other IDPs.


SAP Commerce 1811 ; SAP Commerce 1905 ; SAP Hybris Commerce 1808 ; SAP Hybris Commerce 6.0 ; SAP Hybris Commerce 6.1 ; SAP Hybris Commerce 6.2 ; SAP Hybris Commerce 6.3 ; SAP Hybris Commerce 6.4 ; SAP Hybris Commerce 6.5 ; SAP Hybris Commerce 6.6 ; SAP Hybris Commerce 6.7


  • samlsinglesignon
  • /samlsinglesignon/saml
  • SAMLResponse
  • sign on
  • IssueInstant
  • Authentication Instant
, KBA , CEC-COM-ADM-BO , Backoffice , CEC-COM-CPS , SAP Commerce , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.