cancel
Showing results for 
Search instead for 
Did you mean: 

SAML2 service not accessible

marlosdamasceno
Participant

Hi there!

I am trying to access an oData service of Hybris Marketing in the following URL, using Chrome as browser (it is a GET).

https://myxxxxxx-api.s4hana.ondemand.com/sap/opu/odata/sap/CUAN_IMPORT_SRV/$metadata


That URL changes automatically to:

https://asmxxxxxx.accounts.ondemand.com/saml2/idp/sso/asmxxxxxx.accounts.ondemand.com


This new URL ask for log on. However, if I try to log on with a communication user it gives me a log on error message.

Moreover, I tried with a business user, however I am getting the following error after the log on.

SAML2 service not accessible

What has happened?

Calling of URL https://myxxxxxx.s4hana.ondemand.co was terminated during SAML2 processing

  • No RelayState mapping found for RelayState value oucqqrwteteoeswboredyozuctoweqdstrdtazw

  • Does someone know why this is happening? Why I cannot access the oData URL in Chrome? I have tried in the Postman, but without success either.

    Here are some links that I based to do this oData, that maybe helpful finding the issue..

    Import of Data Using OData Service CUAN_IMPORT_SRV

    Import Using OData Service CUAN_IMPORT_SRV pg 26

    Facebook Pages, Google+, and Twitter pg 21

    Optimizing Performance During OData Service Calls

    Set up the communication user on the SAP Hybris Marketing Cloud system

    Similar issue

    Thanks in advance

    Marlos Damasceno

    abhimanyu_sharma
    Contributor

    Hi did you get resolution for this ? I am also getting the same issue

    0 Kudos

    Same here, I'm still having that problem 😞

    Any solution for this?

    lenastodal
    Product and Topic Expert
    Product and Topic Expert
    0 Kudos

    Thanks for coming to SAP Community for answers. Please post your question as a new question here: https://answers.sap.com/questions/ask.html
    Since you're new in asking questions here, check out our tutorial about asking and answering questions (if you haven't already), as it provides tips for preparing questions more effectively, that draw responses from our members. Please note, that your post here won't be answered.

    former_member226
    Employee
    Employee
    0 Kudos

    Please put "saml2=disabled" at the end of URL and then try to log in using your communication user. This should solve you issue.

    jarvikash
    Member
    0 Kudos

    i'm facing this isuue for the whole please help me

    Accepted Solutions (1)

    Accepted Solutions (1)

    former_member226
    Employee
    Employee

    Hi,

    Can you please put "saml2=disabled" at the end of URL and then try to log in using your communication user?

    https://my30XXXXX.s4hana.ondemand.com/sap/opu/odata/sap/CUAN_IMPORT_SRV/$metadata?saml2=disabled

    Thanks

    Saurabh

    marlosdamasceno
    Participant
    0 Kudos

    Hi Saurabh,

    Thanks for the answer it works! It is possible to use with -api and without it. Moreover, the is the user name instead the user id that is used to log in.

    Do you know why this saml2=disable must be at the end of the URL?

    Best regards

    Marlos Damasceno

    former_member226
    Employee
    Employee
    0 Kudos

    Hi Marios,

    Actually if you do not use "saml2=disbaled" then system actually route network to IDP and hence trying to authenticate via IDP and not by marketing cloud.Hence the SAML2 error you face since the trust is not established. Moreover only business user are mapped at IDP not technical.

    But when making you call via browser for APIs you have to use saml2=disabled and then only it gives you marketing authentication pop up and not the one from IDP. So basically with this additional param you are bypassing IDP.

    Hope it clarifies your doubt!

    Thanks

    Saurabh

    marlosdamasceno
    Participant
    0 Kudos

    Thanks a million Saurabh, it does clarifies!

    Best regards,

    Marlos Damasceno

    0 Kudos

    Hi Saurabh,

    I have tried using the "saml2=disbaled" clause but after that I receive the following error message every time:


    {"fault":{"faultstring":"Unsupported Encoding \"br\"","detail":{"errorcode":"protocol.http.UnsupportedEncoding"}}}


    Do you know how can I solve this problem also?


    Best Regards,


    Mihai Dipsan

    former_member226
    Employee
    Employee
    0 Kudos

    Hi,

    You are passing wrong string. What you are passing "saml2=disbaled"" where are what you need to pass is: saml2=disabled".

    Thanks

    Saurabh

    0 Kudos

    Hi,

    sorry, it was a typo, I tried with disabled. I receive the error above.

    Best Regards,

    Mihai

    former_member226
    Employee
    Employee
    0 Kudos

    can you pls post the whole URL being fired? Also kindly make sure you try in "Private Window" or new browser so that IDP cookies are not shared within the session.

    0 Kudos

    thank you very much for your answers Saurabh, I just figured that I find myself in a bit different constellation.

    By calling the OData API directly from Hybris it works (with the additional clause saml2=disable).

    However in my case I want to implement the API in SAP API Management (I am using the best practice proposed by SAP in SAP API Business Hub) and that's why I receive the above error.

    It's strange because when I call the API from SAP API Management the only thing being changed is the domain. But the API Management domain should successfully replace the Hybris domain (it's basically just a mapping after all).

    But unfortunately it doesn't work. I get the above error.

    Would you happen to know what exactly causes this behaviour in SAP API Management or where should I address the problem?

    I tested a whole bunch of Hybris API's this way and it seems the problem happens every time, no matter which API I choose.

    Best Regards,

    Mihai

    former_member226
    Employee
    Employee
    0 Kudos

    Hi Mihai,

    Sorry but I am not very much familiar with set up of API management. Hence can you pls reach out to SAP Support team to get it clarified? Also pls do post the fix on here in the same thread so that everyone is aware of it.

    Many Thanks!

    Saurabh

    ElijahM
    Active Contributor
    0 Kudos

    A few years later but I stumbled across this issue while looking to fix a similar situation for another customer. The issue of {"fault":{"faultstring":"Unsupported Encoding \"br\"","detail":{"errorcode":"protocol.http.UnsupportedEncoding"}}}

    is caused by Brotil encoded response which is not supported in API Management. The fix is to send a request with header Accept-Encoding with value gzip,deflate. You can additionally create a policy within API management Assign Message to automatically force this header as well.

    Regards,
    Elijah

    Answers (1)

    Answers (1)

    Mahmoud_Mansy
    Newcomer
    0 Kudos

    I Have the same issue! Did you find please the solution ?