Hi All,
I am trying to configure Single Sign-on with ADFS for SAP System.
What I have done so far is:
====================
1) Run t-code SAML2 on SAP system and downloaded Service Provider(SAP system) Metadata file and ADFS team has been uploaded in ADFS server.
2) Imported ADFS Metadata file + Digital Certificate in SAP system and done configuration as per guide lines.
SAML 2.0 at SAP Gateway and MSFT ADFS - SAP.com
How to access application:
====================
1) Once I access the URL: https://<SAPFioriHostName>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html
2) Our request routing to ADFS Federation Portal https://federation-sts-stage.xxxx.com/adfs/ls/ and got the ADFS Portal Sign On screen.
3) My request redirected to URL: https://<SAPFioriHostName>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html after providing ADFS User ID/Password.
But here, we are getting SAP Fiori login page, means, SSO is not working between ADFS and SAP system.
I have enabled SAML2 trace on my SAP system and got the below errors:
SAML20 SP (client 100 ): Exception raised:
SAML20 CX_SAML20_CORE: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1. Long text: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1. Diagnosis System Response Status 401 was returned. Access denied. Procedure Contact the administrator of the entity, to which access was attempted. The logon data prevent communication. Use an HTTP destination and configure the logon data and the SSL client values as needed. Procedure for System Administration
SAML20 at CL_SAML20_ABSTRACT_PROFILE->SOAP_SEND(Line 160)
SAML20 at CL_SAML20_ARTIFACT->RESOLVE_ARTIFACT(Line 61)
SAML20 at CL_SAML20_ABSTRACT_MSG->PARSE_MESSAGE(Line 216)
SAML20 at CL_SAML20_RESPONSE->CREATE_FROM_MSG(Line 46)
SAML20 at CL_SAML20_ABSTRACT_PROFILE->CREATE_MSG_OBJECT(Line 46)
SAML20 at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 32)
SAML20 at CL_HTTP_SAML20->PROCESS_LOGON(Line 340)
SAML20 at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 61)
SAML20 at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2393)
Thanks,
Nagaraju