SAP Knowledge Base Article - Public

2874083 - Enable SuccessFactors Learning third-party cookie mechanism - What does it mean - [Learning]


We keep receiving "Failed to authenticate the SAML response" in our iOS devices when we go from BizX to Learning instance.


SAP SuccessFactors Learning

Reproducing the Issue

Logon to SuccessFactors application on any Mobile/Apple Devices (iPhone, iPad, Macs)>Learning Module->A message pops up with error message "Failed to authenticate the SAML response"


This happens when the cookies setting at the browser level is not enabled.


Solution 1: Follow the KBA 2185696 > Close the current application session > Log into the Learning system and check it again.

--If you cannot modify those two settings as explained in the KBA above for security concerns or company policy or if its not iOS device, please follow the solution below--

Solution 2: Enable the "Enable SuccessFactors Learning third-party cookie mechanism" setting, which should be done at the BizX provisioning level.

FAQs on Solution 2


Q: What does it mean to have the following setting checked in Provisioning - "Enable SuccessFactors Learning third-party cookie mechanism"?


  • Some websites use third-party content providers (communicating from one webpage/site with the help of another webpage/site). A third-party content provider can track you across websites to advertise products and services. SAP SuccesFactors do use cookies to store session information (to constantly validate the user sessions and store values for faster page/data processing) but not for any advertising purpose, so no need to worry on that.
  • BizX and Learning are two different sites that works with each other by communicating with cookies and other internal logic so we expect the browser setting to enable 3rd party cookie communication.
  • But this has recently become an issue as browsers are disabling third party cookie by default. This means that every user has to change their browser default setting and some companies consider this a security/privacy risk. It is actually a privacy thing and not a security risk.
  • To avoid depending on browser settings we introduced a setting at the Provisioning side called "Enable SuccessFactors Learning third-party cookie mechanism" to handle the things differently than how it works with the setting to avoid the "Failed to Authenticate SAML Response" issue. 
  • How the above mentioned is achieved: we force the user to initially visit an Learning page in a main BizX window outside of an Iframe (usually Learning is loaded into the BizX via an IFrame). In that case any follow up persistence of Learning cookies even in an Iframe will no longer be considered 3rd party. So, this is what that Provisioning setting would do.

Q: Any possible implications on security or accessing SuccessFactors Learning via single sign-on?

A: No security or access issues would be caused by using that setting. It is explained above.

Q:  Do we need to schedule any background job after enabling the suggested setting?

A: No, there wont be any background job required to run to enable this for everyone

Q: Will the setting take place with immediate effect once enabled?

A: Yes, this would take immediate effect. After this is enabled, we would just need to request user to clear cookie and cache.


See Also

2185696 - Failed to Authenticate SAML Response - LMS from BizX - Safari Browser


Failed to authenticate the SAML response, Enable SuccessFactors Learning third-party cookie mechanism, 3rd party cookie , KBA , LOD-SF-LMS-MOB , Mobile Application Issues Only , LOD-SF-LMS-ADM , System Admin, Global Variables, References , Problem


SAP SuccessFactors Learning all versions