SAP Knowledge Base Article - Public

2590755 - Is IdP-initiated SSO method supported in SAP Analytics Cloud?

Symptom

  • You configured your custom SAML Identity Provider according to the product's documentation. You want to deploy the application directly in your SAML IdP "launchpad" (IdP initiated)
  • Service Provided initiate works as expected. You connect to your SAP Analytics Cloud tenant and you are redirected correctly to your SAML Identity Provider.

Environment

  • SAP Analytics Cloud
  • SAP SAML 2.0 Identity Provider

Cause

SAP Analytics Cloud does not support Identity Provider initiated SSO yet, due to the missing features on the SAP Cloud Platform:

  • The ACS, central redirect node (authn.<region>.hana.ondemand) does not support IdP redirection and fails.
  • Altering the ACS endpoint in the IdP for SAC could make SSO work (Suggested by SCP documentation and Community), but will fail the SP-initiated flow and the Single Logout (SLO) as well.

Resolution

  • You can raise this requirement on the Customer Influence site for SAP Analytics Cloud
  • In some of the other IdP's a simple link can be added to your application in the IdP's launchpad (F5 for example). This will work as expected as the user is already authenticated.

See Also

 

Keywords

SAML, initiate, sp initiated, initiated, Idp, SBOC, SAC, SAP BusinessObjects Cloud, Business Objects, SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics , KBA , LOD-ANA , SAP Analytics Cloud , LOD-ANA-BI , SAP Analytics Cloud - Business Intelligence (BOC) , LOD-ANA-PL , SAP Analytics Cloud – Planning (BOC) , LOD-ANA-BR , SAP Analytics Cloud - Digital Boardroom , LOD-ANA-PR , SAP Analytics Cloud – Predictive (BOC) , Problem

Product

SAP Analytics Cloud 1.0