cancel
Showing results for 
Search instead for 
Did you mean: 

SSO FSM / Connect to SAP IAS - metadata URL missing information

DAcker
Contributor
0 Kudos
816

Hello experts,
I have issues configuring SSO for our FSM test system. I followed the SAP documentation.

https://help.sap.com/docs/SAP_FIELD_SERVICE_MANAGEMENT/fsm_federated_authentication/sap-ias-saml-int...

However, the point "1. Enter Metadata file into SAP FSM Admin Application" is refering to this documentation section.
https://help.sap.com/docs/SAP_FIELD_SERVICE_MANAGEMENT/fsm_federated_authentication/configure-cloud-...

I dont find the following xpath for the Login URL in our FSM metadata: "/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"]/@Location"

The documenation states this metadata URL:
https://auth.coresuite.com/api/oauth2/v1/saml/<account-name>/metadata


Opening this in the browser shows the following result.

If I use the link within the FSM system SAML Configuration, see screenshot, I get this URL with cluster 'de' instead of 'auth'. But this is not working either (error 404 not found).

https://de.coresuite.com/api/oauth2/v1/saml/<account-name>/metadata

All in all, I struggle with the Login URL and signing certificate in SAML Configuration in FSM.
Is this an issue that SAML needs to be first activated somehow to the account? Why is the metadatafile not containing the respective xpaths ...?

Thanks very much for support or tips!

Best regards,
Deborah

Accepted Solutions (0)

Answers (3)

Answers (3)

karthikj2
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Deborah,

I recently configured Single Sign-On for SAP FSM Application through IAS as proxy and authentication via AD.

In FSM SAML configuration : As you provide URL for "Identity Metadata URL" and click "Parse Remaining Values", automatically Issuer / Login URL / Metadata Certificate will be populated. Ensure to select correct Client ID. Choose SAML Configuration in FSM Account to enable SSO.

Download the "Metadata API" from FSM -> Save in xml format -> Upload in IAS for SAP FSM SAML Configuration.

Refer to this link for more information : https://help.sap.com/docs/SAP_FIELD_SERVICE_MANAGEMENT/fsm_federated_authentication/sap-ias-saml-int...

Regards,

Karthik J

 

nsax
Employee
Employee
0 Kudos

Hi Deborah,

Thank you for your feedback, we are aware of the issue and are currently reviewing the documentation.
The future proposed setup will be configuring IAS to FSM with OpenID - a step by step guide is being reviewed at this moment.

With publishing the OpenID documentation also the existing SAML documentation will be reviewed.

Best Regards
Nicolas

DAcker
Contributor
0 Kudos

Hi Nicolas,
thanks for your quick feedback!
Do you approx. know when the new OpenID authentication method will be deployed?

Or whats the timeline for the revised SAML documentation?

If it so not that long, I will wait. Otherwise I have to have a look, how I can proceed...

Best regards,
Deborah

DAcker
Contributor
0 Kudos

Who can help for the SSO setup with SAML?

r_barabas
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Deborah

You're trying to add the FSM metadata to the FSM configuration. This is missing the point.

To establish a relationship of trust, the idea is to add the FSM metadata to the IAS configuration, and then add the IAS metadata to the FSM configuration.

To paint a picture, it's like exchanging phone numbers. You need to save the other persons number to your phone book. And vice versa.

Best regards

Raphael Barabas

DAcker
Contributor
0 Kudos

Hi Rapahael,

I fundamentally understand the principle. I already configured SSO for other SAP cloud solutions. However, the documentation for FSM is so bad, that SSO for FSM can not be setup only with the documentation.

I manually saved the metadata file to an XML file with the following link.

https://auth.coresuite.com/api/oauth2/v1/saml/account-name/metadata


If I upload this XML-file into IAS the Home URL is missing. Therefore I suspect that the FSM metadatafile is not complete, missses some information...

Nevertheless, if I download the metadata file from IAS, I dont found an option to upload this in FSM SAML Configuration.

Therefore, this is a bit strange...
It is mentioned in the SAP documentation to use an empty new account. But we only have 1 test system and 1 productive system. I can only chose and try with our only test system.

Can you recommend a blog post? Or do you have tips where to upload the XML file in FSM? Where to get the right metadatafile from FSM?
Thanks a lot.
BR, Deborah

DAcker
Contributor
0 Kudos

Hi r.barabas ,

do you know what it wrong / missing here?
Do you have a tipp?

Best regards,
Deborah