Hi Experts,
I am working on integrating a non SAP application as a service provider application.
The requirement is that the user browser the URL of third party application which redirects the user to SAP netweaver login screen,now the user enters the credentials and is redirected to the third party application.
I did the configuration at SAP netweaver NWA end by following the document and uploading the metadata of the trusted provided http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/006381ca-cda8-2f10-a2b1-cd351eb04dad?QuickLink=index&…
I downloaded the metadata xml file and provided the same to third party developer.Now when i browse the URL of third party application below error is thrown and no redirection occurs:
SAML Fail what(SAMLresp) msg(Received insecure request for identity provider "-sap-idp" which is not allowed.) SC1(urn:oasis:names:tc:SAML:2.0:status:Requester) subcode()
If i change the assertion consumer endpoint to urn:oasis:names:tc:SAML:2.0:bindings:SOAP, Now when i browse the URL of third party application,it gets redirected to some SAP Netweaver java server URL and below error is thrown
SAML2 Identity Provider - An error ocurred | |
Error Type: |
|
Error Message: | Cannot send SAML2 message to end point "https://thirdparty/protected/saml?o=S" of service provider "https://thirdparty/protected/saml?o=B" because it uses the unknown binding "urn:oasis:names:tc:SAML:2.0:bindings:SOAP". |
SAML:
<sp:AuthnRequest xmlns:sp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://javaserver/saml2/idp/sso" ID="N9yzR4jJ_gDLqe85IlzUL1sYS" IssueInstant="2015-08-19T17:49:08Z" ProviderName=" IDP Sync Server" Version="2.0" > <sa:Issuer xmlns:sa="urn:oasis:names:tc:SAML:2.0:assertion">https:/thirdparty/protected/saml?o=B</sa:Issuer></sp:AuthnRequest>
Please provide your expert advice as what could be the issue in the SSO setup.
Regards
Radhika