on 2023 Nov 28 10:30 AM
Hello experts,
I have issues configuring SSO for our FSM test system. I followed the SAP documentation.
However, the point "1. Enter Metadata file into SAP FSM Admin Application" is refering to this documentation section.
https://help.sap.com/docs/SAP_FIELD_SERVICE_MANAGEMENT/fsm_federated_authentication/configure-cloud-...
I dont find the following xpath for the Login URL in our FSM metadata: "/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"]/@Location"
The documenation states this metadata URL:
https://auth.coresuite.com/api/oauth2/v1/saml/<account-name>/metadata
Opening this in the browser shows the following result.
If I use the link within the FSM system SAML Configuration, see screenshot, I get this URL with cluster 'de' instead of 'auth'. But this is not working either (error 404 not found).
https://de.coresuite.com/api/oauth2/v1/saml/<account-name>/metadata
All in all, I struggle with the Login URL and signing certificate in SAML Configuration in FSM.
Is this an issue that SAML needs to be first activated somehow to the account? Why is the metadatafile not containing the respective xpaths ...?
Thanks very much for support or tips!
Best regards,
Deborah
Request clarification before answering.
Hi Deborah,
I recently configured Single Sign-On for SAP FSM Application through IAS as proxy and authentication via AD.
In FSM SAML configuration : As you provide URL for "Identity Metadata URL" and click "Parse Remaining Values", automatically Issuer / Login URL / Metadata Certificate will be populated. Ensure to select correct Client ID. Choose SAML Configuration in FSM Account to enable SSO.
Download the "Metadata API" from FSM -> Save in xml format -> Upload in IAS for SAP FSM SAML Configuration.
Refer to this link for more information : https://help.sap.com/docs/SAP_FIELD_SERVICE_MANAGEMENT/fsm_federated_authentication/sap-ias-saml-int...
Regards,
Karthik J
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Deborah,
Thank you for your feedback, we are aware of the issue and are currently reviewing the documentation.
The future proposed setup will be configuring IAS to FSM with OpenID - a step by step guide is being reviewed at this moment.
With publishing the OpenID documentation also the existing SAML documentation will be reviewed.
Best Regards
Nicolas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Deborah
You're trying to add the FSM metadata to the FSM configuration. This is missing the point.
To establish a relationship of trust, the idea is to add the FSM metadata to the IAS configuration, and then add the IAS metadata to the FSM configuration.
To paint a picture, it's like exchanging phone numbers. You need to save the other persons number to your phone book. And vice versa.
Best regards
Raphael Barabas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rapahael,
I fundamentally understand the principle. I already configured SSO for other SAP cloud solutions. However, the documentation for FSM is so bad, that SSO for FSM can not be setup only with the documentation.
I manually saved the metadata file to an
XML file with the following link.
https://auth.coresuite.com/api/oauth2/v1/saml/account-name/metadata
If I upload this XML-file into IAS the Home URL is missing. Therefore I
suspect that the FSM metadatafile is not complete, missses some information...
Nevertheless, if I download the metadata
file from IAS, I dont found an option to upload this in FSM SAML Configuration.
Therefore, this is a bit strange...
It is mentioned in the SAP documentation to use an empty new account. But we
only have 1 test system and 1 productive system. I can only chose and try with
our only test system.
Can you recommend a blog post? Or do you have tips where to upload the XML
file in FSM? Where to get the right metadatafile from FSM?
Thanks a lot.
BR, Deborah
User | Count |
---|---|
9 | |
5 | |
4 | |
4 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.