SAP Knowledge Base Article - Public

2907180 - User with SAML User Mapping value in upper case is still able to log on to SAP Analytics Cloud (SAC) after changing Name ID sent by IdP to mixed-case

Symptom

  • User with SAML User Mapping value in upper case is still able to log on to SAP Analytics Cloud (SAC) after changing Name ID sent by IdP to mixed-case
  • According to SAP KBA 2487567, Custom SAML logon to SAP Analytics Cloud is case-sensitive, which means that users can log on only if their SAML User Mapping value is a case-sensitive match to the NameID that's sent by your SAML Identity Provider.

Environment

  • SAP Analytics Cloud (Enterprise) 2020.2.10

Reproducing the Issue

  1. Enable Custom IDP on SAC tenant by selecting User Attribute as Custom SAML User Mapping to match to the NameID that's sent by your SAML Identity Provider.
  2. Manually update column SAML User Mapping in Security > Users according to IdP User ID in upper case, which is sent as NameID in SAML assertion by your SAML Identity Provider.
    => All IdP users can log on to SAC successfully via SAML SSO.
  3. Change User ID of one IdP user from upper case to mixed-case and then try to log on to SAC with this user.
    => The user is still possible to log on to SAC, which is not expected.
    => In SAML assertion, the NameID is returned in mixed-case according to the change done in IdP.

Cause

This issue is currently under investigation by development.

Resolution

This issue is currently under investigation by development.

See Also

Your feedback is important to help us improve our knowledge base.

Keywords

SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, SAML, SSO, IdP, NameID, Name ID, custom, user, mapping, map, case, sensitive , upper, lower, mixed , KBA , LOD-ANA-AUT , SAC Licensing changed to SAC Authentication / Login issue , Problem

Product

SAP Analytics Cloud 1.0