https://community.sap.com/t5/application-development-and-automation-discussions/saml-sso-problem-using-sun-access-manager/m-p/3542248#M852164 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I got some problems when testing the SAML SSO functionality according to the document [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]</P><P></P><P>Identity Provider: SUN Access Manager 7.1 under Windows 2003</P><P>Service provider: SAP JAVA WAS 6.40 SP19</P><P></P><P>After both sides configuration I tried the SSO using the URL as follows:</P><P></P><P><EM><A href="http://sunam.test.de:8080/amserver/SAMLAwareServlet?TARGET=http://grcsuite.test.de:50000/useradmin/userAdminServlet" target="test_blank">http://sunam.test.de:8080/amserver/SAMLAwareServlet?TARGET=http://grcsuite.test.de:50000/useradmin/userAdminServlet</A></EM></P><P></P><P>In the Virtual Administrator I had already configured SAMLLoginModule at the 1.st place with the flag SUFFICIENT in the Basic template. After successfully authenticated to the Access Manager I was redirevted to the following URL where unwanted logon window (to SAP J2EE Engine) is shown again:</P><P><EM><A href="http://grcsuite.test.de:50000/logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet%3FSAMLart%3DAAESqssSVZw4qJyKxSl1v50iaxCefD2mKLU6HZUPKHLfu9txxFn6ZDAx" target="test_blank">http://grcsuite.test.de:50000/logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet%3FSAMLart%3DAAESqssSVZw4qJyKxSl1v50iaxCefD2mKLU6HZUPKHLfu9txxFn6ZDAx</A></EM></P><P></P><P>Could anybody give me some hints, why the SSO fails or how to debug the problem? If needed, I could provide more info about my system configuration.</P><P></P><P>THX,</P><P></P><P>Bin</P></BODY></HTML> Fri, 14 Mar 2008 16:16:54 GMT Former Member 2008-03-14T16:16:54Z https://community.sap.com/t5/application-development-and-automation-discussions/saml-sso-problem-using-sun-access-manager/m-p/3542248#M852164 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I got some problems when testing the SAML SSO functionality according to the document [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]</P><P></P><P>Identity Provider: SUN Access Manager 7.1 under Windows 2003</P><P>Service provider: SAP JAVA WAS 6.40 SP19</P><P></P><P>After both sides configuration I tried the SSO using the URL as follows:</P><P></P><P><EM><A href="http://sunam.test.de:8080/amserver/SAMLAwareServlet?TARGET=http://grcsuite.test.de:50000/useradmin/userAdminServlet" target="test_blank">http://sunam.test.de:8080/amserver/SAMLAwareServlet?TARGET=http://grcsuite.test.de:50000/useradmin/userAdminServlet</A></EM></P><P></P><P>In the Virtual Administrator I had already configured SAMLLoginModule at the 1.st place with the flag SUFFICIENT in the Basic template. After successfully authenticated to the Access Manager I was redirevted to the following URL where unwanted logon window (to SAP J2EE Engine) is shown again:</P><P><EM><A href="http://grcsuite.test.de:50000/logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet%3FSAMLart%3DAAESqssSVZw4qJyKxSl1v50iaxCefD2mKLU6HZUPKHLfu9txxFn6ZDAx" target="test_blank">http://grcsuite.test.de:50000/logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet%3FSAMLart%3DAAESqssSVZw4qJyKxSl1v50iaxCefD2mKLU6HZUPKHLfu9txxFn6ZDAx</A></EM></P><P></P><P>Could anybody give me some hints, why the SSO fails or how to debug the problem? If needed, I could provide more info about my system configuration.</P><P></P><P>THX,</P><P></P><P>Bin</P></BODY></HTML> Fri, 14 Mar 2008 16:16:54 GMT https://community.sap.com/t5/application-development-and-automation-discussions/saml-sso-problem-using-sun-access-manager/m-p/3542248#M852164 Former Member 2008-03-14T16:16:54Z https://community.sap.com/t5/application-development-and-automation-discussions/saml-sso-problem-using-sun-access-manager/m-p/3542249#M852165 <HTML><HEAD></HEAD><BODY><P>I traced that Sun AM had sent the SAML assertion to SAP, and according to the assertion I would guess the problem is regarding the NameIdentifier. Intentially when I created SAP as the trusted partner in Sun AM I had configured to use the class provided from [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]: to generate the required NameIdentifier, which in this case should be <STRONG>binwang</STRONG> instead of <STRONG>id=binwang,ou=user,dc=sample,dc=com</STRONG>.Any idea how to solve this problem here?</P><P></P><P>&lt;saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="</P><P>sba84ca9dad01f929deba8796d887bd3bfaf8972501" Issuer="sunam.test.de:8080" IssueInstant="2008-03-16T19:08:08Z"&gt;</P><P></P><P> &lt;saml:Conditions NotBefore="2008-03-16T19:05:08Z" NotOnOrAfter="2008-03-16T19:15:08Z" &gt;</P><P></P><P> &lt;/saml:Conditions&gt;</P><P></P><P> &lt;saml:AuthenticationStatement AuthenticationMethod="urn:com:sun:identity:DataStore" </P><P>AuthenticationInstant="2008-03-16T19:08:06Z"&gt;</P><P></P><P> &lt;saml:Subject&gt;</P><P></P><P> &lt;saml:NameIdentifier NameQualifier="dc=sample,dc=com"&gt;id=binwang,ou=user,dc=sample,dc=com</P><P></P><P> &lt;/saml:NameIdentifier&gt;</P><P></P><P> &lt;saml:SubjectConfirmation&gt;</P><P></P><P> &lt;saml:ConfirmationMethod&gt;urn:oasis:names:tc:SAML:1.0:cm:artifact-01</P><P></P><P> &lt;/saml:ConfirmationMethod&gt;</P><P></P><P> &lt;/saml:SubjectConfirmation&gt;</P><P></P><P> &lt;/saml:Subject&gt;</P><P></P><P> &lt;saml:SubjectLocality IPAddress="192.168.164.130" /&gt;</P><P></P><P> &lt;/saml:AuthenticationStatement&gt;+</P><P></P><P>&lt;/saml:Assertion&gt;</P></BODY></HTML> Mon, 17 Mar 2008 16:32:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/saml-sso-problem-using-sun-access-manager/m-p/3542249#M852165 Former Member 2008-03-17T16:32:16Z