SAP Knowledge Base Article - Preview

2518470 - A previously working Fiori Client SAML authentication suddenly started to fail with error code 407 and 403

Symptom

  • Fiori Client is setup properly with SAP Authenticator for SSO with following this guide: Mobile Single Sign-On for SAP Fiori with SAP Authenticator.
  • Suddenly it starts to not work.
  • After opening the Fiori Client and pushing the "Login with Authenticator" button, the Authenticator is opening and then it falls back to the Fiori Client logon screen.

Fiori Client logs show:

SMP_LOGGER ERROR [SMP_LOGGER] Failed to get setting. Status code0 text: Gateway not supported for settings

The URL of the SAML2 IdP is giving the following error:

SAML2 Identity Provider - An error ocurred 
Error Type: com.sap.security.saml2.idp.core.exception.IdPFatalExceptionImpl 
Error Message: The received SAML2 message could not be parsed.

  • If the authentication method is changed to BASIC, then the scenario works fine.

SAML-Tracer browser add-on shows the below error messages:

HTTP/?.? 407 Proxy Authentication Required (Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.)
HTTP/?.? 403 Forbidden




Read more...

Environment

  • SAP Fiori Launchpad
  • SAP Fiori Mobile
  • SAP Fiori Client
  • SAP Authenticator
  • SAP Gateway

Product

SAP Fiori 1.0 ; SAP Fiori Client 1.11 for Android ; SAP Fiori Client 1.11 for Windows Phone ; SAP Fiori Client 1.11 for iOS ; SAP NetWeaver 7.5

Keywords

fiori, client, launchpad, authenticator, gateway, auth, authentication, saml, saml2, proxy, SMP_LOGGER ERROR [SMP_LOGGER] Failed to get setting. Status code0 text: Gateway not supported for settings, The URL of the SAML2 IdP is giving the following error: SAML2 Identity Provider - An error occurred Error Type: com.sap.security.saml2.idp.core.exception.IdPFatalExceptionImpl Error Message: The received SAML2 message could not be parsed, If the authentication method is changed to BASIC, then the scenario works fine, SAML-Tracer browser add-on shows the below error messages, HTTP/?.? 407 Proxy Authentication Required (Forefront TMG requires authorization to fulfill the request, Access to the Web Proxy filter is denied.), HTTP/?.? 403 Forbidden; SAML2 Identity Provider - An error ocurred , KBA , MOB-FC , SAP Fiori Client Native Mobile Application , CA-UI2-INT-BE , Please use CA-FLP-ABA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , MOB-FM , Fiori Mobile , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.