- SAP Managed Tags:
Identity Federation: Substitution of Subject Name Identifier in Identity Authentication
Context
Existing Identity Authentication service customers is sending a SubjectNameIdentifier as part of SAML response (say EmailID for SAP FieldGlass) from their Identity Provider (IdP). To onboard another SAP Cloud Application (say SAP Ariba, which mostly needs EmployeeID ) a different SubjectNameIdentifier is needed.
We have a customer who informed that they cannot create another IdP instance because multiple IdPs against a single SAP Cloud Identity Service tenant ( https://<IAS tenant id>-accounts.ondemand.com ) is not allowed as it's designed to be a single, centralized authentication and authorization service
Solution:
Leverage attribute section of SAML Response to pass the SubjectNameIdentifier which will be substituted within IAS application.
Step 1:
Identify the attribute that will serve as the NameID for the second SAP Cloud Application (Service Provider <SP >). Ensure this attribute is included in the Corporate IdP’s SAML response within the additional attributes section.
Step 2:
Configure the corresponding IAS application for the second SP (SAP Ariba) so that it substitutes the SubjectNameIdentifier with the chosen additional attribute.
Here “IdP Proxy” is the IAS Application which is substituting the NameId
Configurations:
Config changes to be made within IAS Application corresponding to the new SP (SAP Ariba) are below:
Prerequisites:
Configuration: SAP Ariba SSO with SAP Cloud Identity Services - Identity Authentication
Identity Federation: SAP Ariba SSO with SAP Cloud Identity Services - Identity Authentication
- Use "Identity Authentication user store” = ON < Although User Data is not picked up from SAP Cloud Identity Serices User store, this is needed >
(Path: Home > Corporate Identity Providers> select the IDP> Identity Federation > Enable “Use Identity Authentication user store”)
- Subject Name Identifier > Primary Attribute
Option 1: Standard Attribute
Source = Corporate Identity Provider
Value = lastName
Option 2: Custom Attribute
Source = expression
Value = ${corporateIdP.attributeName}
( Path : Home> Application & Resources > Application > (Select the Application > Subject Name Identifier)
We configured the above explained setup in SAP Ariba Sandbox realm with trial BTP Account IAS Tenant and used mock IdP Service.
Below are the SAML 2.0 Responses captured during the POC run:
In SAML 2.0 Assertion, Attribute NameID holds the SubjectNameIdentifier value.
i) SAML Response from Corporate Identity Provider ( IdP ) to SAP Cloud Identity Service Tenant - Attribute Name "lastName" = "sghosh01" and NameID = sghosh01@example.com
ii) Within SAP Cloud Identity Service, the IAS Application substitutes NameID from "sghosh01@example.com" to "sghosh01" (the value from lastName Attribute) and sends the SAML to SAP Ariba ( SP)
In real scenarios instead of lastName Attribute another attribute like LoginName should be used to hold the Ariba User UniqueName.
Corporate IdP to SAP Cloud Identity Services tenant:
Here in SAML Tracer Summary Tab above, Subject shows the NameID attribute value.
Actual SAML 2.0 Assertion snippet showing /Response/Assertion/Subject/NameID
Full SAML 2.0 Response from Corporate IdP to SAP Cloud Identity Service here
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
Destination="https://a4fap5hd3.trial-accounts.ondemand.com/saml2/idp/acs/a4fap5hd3.trial-accounts.ondemand.com"
ID="_beaf567bc4576dbbee1a"
InResponseTo="S9ad1e6b1-c067-4b3d-9951-e9274a4870cd"
IssueInstant="2025-02-25T15:18:37.663Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
>https://saml.example.com/entityid</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_beaf567bc4576dbbee1a">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>onWCXMXqoM6jsQkG2O8wUbHI7EGz0vV8QZjMjnztI3k=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>nSs1CymnmEJn3j3ZnDXkwPLBBQS9o5tr9xhPd6bhqxD/WZDi/hC9hMuzkSNe/u5FautSmr5g27xKeDrsCNHHgndIg/aJ8WTB+ygZqgRavZ4UhUstOdfoTINdVx2KuJZAd25n90mXv4W66XzVCIwtdWWzHx8kKKJmEVgDxeeFtpsuruCsL/lzejoRj8i36XS2gXAgIRQyQcelkV0AKuVh76/8KK4RsJlD24pEx2Iqm0zQ1CifmTUlDBIoU4MP1v21bB4izjAaLHjxPwx++iO71TnOXVnUHyXHV+zvPlikpzppXXrhSjh79jkhD3Sk2/hGT0DtEnC55j2T0r0yNioB8w==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
ID="_457566a184ed44f6d110"
IssueInstant="2025-02-25T15:18:37.663Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
>https://saml.example.com/entityid</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_457566a184ed44f6d110">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>+qsXMwLPxV+MJO0kV/x5DLHKnUG9ulUoDHHdO5VJh9o=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>GT4mv2TgJ4DEcyHPeMfIk/4LLFFbetFUTUWGB1ZuI0A6tck4PV4Rwu0Kw9U+uGG3Nd5Oge23DhawAArnQItIXEqhLyoptTuJuOEF/Qt0QpyyWCUo4sU3LXeycrwovRbarmnu1s7BOTFpp+1+2g6k0v3cCSGrumzpUz8GXFaP/vsSlXF1NKH23HVoWOOZaKWKZjz7SZTxb0tTdiz/yBm2LOA1jKfUjaza08kAEMc0piLUBiVdL7tLzoRwDU292vKvmpH7UTbPDBgehL/0Q3mDhRfRr/cZBX0TFnC3wsuCMW/LUG6ODfkEo6zH1OWJ1+7nxtuy/jdBoo8EUT0yMX8eyg==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">sghosh01@example.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="S9ad1e6b1-c067-4b3d-9951-e9274a4870cd"
NotOnOrAfter="2025-02-25T15:23:37.663Z"
Recipient="https://a4fap5hd3.trial-accounts.ondemand.com/saml2/idp/acs/a4fap5hd3.trial-accounts.ondemand.com"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
NotBefore="2025-02-25T15:13:37.663Z"
NotOnOrAfter="2025-02-25T15:23:37.663Z"
>
<saml:AudienceRestriction>
<saml:Audience>https://a4fap5hd3.trial-accounts.ondemand.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
AuthnInstant="2025-02-25T15:18:37.663Z"
SessionIndex="S9ad1e6b1-c067-4b3d-9951-e9274a4870cd"
>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Attribute Name="id"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>6fd0430f0f8c32dda685969139c7afe722e87f709af377e74c9137bf4f79d39c</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>sghosh01@example.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="firstName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>sghosh01</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="lastName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>sghosh01</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>SAP Cloud Identity Services to SAP Ariba (SP)
Full SAML 2.0 Response from SAP Cloud Identity Service to SAP Ariba here
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ns3="http://www.w3.org/2000/09/xmldsig#"
xmlns:ns4="http://www.w3.org/2001/04/xmlenc#"
Destination="https://s1.ariba.com/Buyer/Main/ad/samlAuth/SSOActions?realm=GSOSandbox-SAP-T"
ID="RES-SSO-a9b4e85f-ec03-45e0-a36b-fa4157f5d0f6"
InResponseTo="_1740496689602-3985552491296040567.10.209.36.64"
IssueInstant="2025-02-25T15:18:38.982Z"
Version="2.0"
>
<ns2:Issuer>https://a4fap5hd3.trial-accounts.ondemand.com</ns2:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
xmlns:ns3="http://www.w3.org/2001/04/xmlenc#"
ID="A-a21b2fb0-bf18-42bd-ad37-9a7533f5157d"
IssueInstant="2025-02-25T15:18:38.982Z"
Version="2.0"
>
<Issuer>https://a4fap5hd3.trial-accounts.ondemand.com</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#A-a21b2fb0-bf18-42bd-ad37-9a7533f5157d">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>GzkUlGGxZsjmZo1SillqaZnWpBBSuRBQQRpCRclIYE0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>g7lHzhNUNJEdYbZdX10lNlePVVvvLO44fBUE3WYUPvANo7muFCjxZv0XsuN7xYg7XW4J2H1zo+J0C+OuIQNogOFOs6+mwpqmhDUGyodVtBsI99XtdCcMj9yxzmTdrwiwx9ru6aADxonO24OGkLyE+bU1lP6ewdByhza1lteJLVWnh4zsABJmSFRXRCedh5uA9YniO/MVgBQ6T17I4jhLDSPv76eAzNNKoC8evOGbVNnvYtaCS6kbP8FeAyaJVlyqNKf9bhKiWQV9kklu/x66JmK2JafHfxGD1diHP+lROF/PllwmC93W0TsGxWiAxmEL9B0oE3KHWUhi8ZVM5+zmMv71T9d3nUF6EgyRXA+it7t1cI41tq0s0vu6P3U3iUngHl/V+AXO21/+2Km3oUeB4uiTlHNQzsHL5bXb3f+hi2vktgqLcgDT29M2r3pA12qFJYEbPNV2+xH7k/BxUDpZ5hrYFM6Qlqa6/fq13cdU1ac8pM950VqnA3AACf5+lMPb87ocxa/OdtyuO+hEXCHAZtBpIRjHCyDhUyUmDzjJM6uz0PIDSMsUB+2yzQf+CnTsGk1R9JVzMfRz3Yx24fCYKoDNYkES1zavzcd67o54QihPZEwS2Ve8r65VckHBGxpW4eMYbQeUf13f8FiXiEr48KxCgop+uhPVrHWmnT6Gv+s=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFHjCCAwagAwIBAQIGAZSJ3i8fMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQKEwZTQVAtU0UxLjAsBgNVBAMTJWE0ZmFwNWhkMy50cmlhbC1hY2NvdW50cy5vbmRlbWFuZC5jb20wHhcNMjUwMTIxMTcxNzA3WhcNMzUwMTIxMTcxNzA3WjBOMQswCQYDVQQGEwJERTEPMA0GA1UEChMGU0FQLVNFMS4wLAYDVQQDEyVhNGZhcDVoZDMudHJpYWwtYWNjb3VudHMub25kZW1hbmQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtdY7O0URBkuG2eV+0tjH8JZWJFPVm1xdaO2DSp1Ixomz8FZ3O6i2z98tCAZu91wEEXt5/zdPnBn2t6XaLW3Lw6tj+M6qYwcYdKA/J62MY7M3ioMB1fBx7Sm0EtaF1GsAzHpvf7NxQj+JJgaBb9WcRG3T80l/YYYI1kAP7IjaO8mTKlT4IbAQW4Jzx8xvLO8d8Z5zpnYEZzl0QuxUGmolf4F+Eep6SKUv0nUIG9mKL43VAQ0TCl784Vcdck0s5cOPHMW95Jtx5CQ8DkxMWLWs2fKppONNb88XTYJ1CDmCIBAbirP9NNgKROCWJLmj3kT2phpe23NPkmDau2Uw+iSJL97L6w0W4HewTiPbEoLKqYQGXqckfNFnXZiRhkAVgAk8lg1vFoRGHFdzh7cKZSfxJOK3y7STyRz2rlqLyBT5E+p0/0JbsVlVG0Jq3A1aUnBBuMQRXh0hl9cl5RFz25SyKi5cCzB5DRqmmDY5AsGeUbVQO6jFKTGqEHKA4FyeCUm5am0uA9OpGSqMuBw6bZcdGnhhTunBRUOcT+YHwOD4Dtu3xaWm5vOlT3t9/4pbsxx43A/4y41E0JLnnbiuDDcrXzs3qaJAUIuASdRWEMbMdz2uFHfeMjhkTbZqyZz4GM6YRv8V3SXA3uBKgCIj719oF1rWuzWqyE2rgon9HpjkMA8CAwEAAYICAAAwDQYJKoZIhvcNAQELBQADggIBAIE7MSRfpDimStKhfLe5cGizly3PDhEAaTG21L9nG7VFqLOHhf+ujjFi5Ot+5FMkk1T1zBE+MwWxef/wQEf1R475DlGMG5xJCh0YfxfUtABBcmCBSAit1741aUmmMSaKAz5c5rm4PnSckeYDrv07rpjAQItGdigOj0UiGwmtkIopjhAk4mIHZc2/F9VCNmjYVwFr7PIM80lD923jODI9KNTZY2Xx5xib6lxe3B+fevHd+8D8Db+zh0TH/b7eUlbcHP6XnoxGD2g2aFC/69v2bdY7OZKxSwmmabM3YHzinxzByyz5F4nX8b5NzJLieC5M0w/wFx0yVKI6LsRnQfUYCId77Ed9CzvoroBFFv2rQj/jrp/LfKgxIiT/fuMaa+th8npiISiOZ/PZxtsfyNwfKeoDQYVHm1nITYbOsFThKLpu67813PLtzTQtHqPlEdGOHE+19Ma6/+Tq0MKrdOKVaGERrIh0y7TPNbNX/tRkKSzzoyLFlN8iceE89ctv0mxsPTeg8Us6WQpk9lP9JQcEGnP30XWq5wTZqZfCL5VMzMlBSNxRHZlr8lnzlZC0Iw6KhL6L4mRKsjtqMnUd8uuQHapuP3r+dASx1Bb1Bl7fq6KkDB0v136aELXLml4SJWvcfqS1P0o5uWgMBCt2NlW2f93+3IlNMOjHn1J29n1+G1d0</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>tdY7O0URBkuG2eV+0tjH8JZWJFPVm1xdaO2DSp1Ixomz8FZ3O6i2z98tCAZu91wEEXt5/zdPnBn2t6XaLW3Lw6tj+M6qYwcYdKA/J62MY7M3ioMB1fBx7Sm0EtaF1GsAzHpvf7NxQj+JJgaBb9WcRG3T80l/YYYI1kAP7IjaO8mTKlT4IbAQW4Jzx8xvLO8d8Z5zpnYEZzl0QuxUGmolf4F+Eep6SKUv0nUIG9mKL43VAQ0TCl784Vcdck0s5cOPHMW95Jtx5CQ8DkxMWLWs2fKppONNb88XTYJ1CDmCIBAbirP9NNgKROCWJLmj3kT2phpe23NPkmDau2Uw+iSJL97L6w0W4HewTiPbEoLKqYQGXqckfNFnXZiRhkAVgAk8lg1vFoRGHFdzh7cKZSfxJOK3y7STyRz2rlqLyBT5E+p0/0JbsVlVG0Jq3A1aUnBBuMQRXh0hl9cl5RFz25SyKi5cCzB5DRqmmDY5AsGeUbVQO6jFKTGqEHKA4FyeCUm5am0uA9OpGSqMuBw6bZcdGnhhTunBRUOcT+YHwOD4Dtu3xaWm5vOlT3t9/4pbsxx43A/4y41E0JLnnbiuDDcrXzs3qaJAUIuASdRWEMbMdz2uFHfeMjhkTbZqyZz4GM6YRv8V3SXA3uBKgCIj719oF1rWuzWqyE2rgon9HpjkMA8=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">sghosh01</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="_1740496689602-3985552491296040567.10.209.36.64"
NotOnOrAfter="2025-02-25T15:28:38.982Z"
Recipient="https://s1.ariba.com/Buyer/Main/ad/samlAuth/SSOActions?realm=GSOSandbox-SAP-T"
/>
</SubjectConfirmation>
</Subject>
<Conditions NotBefore="2025-02-25T15:13:38.982Z"
NotOnOrAfter="2025-02-25T15:28:38.982Z"
>
<AudienceRestriction>
<Audience>http://GSOSandbox-SAP-T.procurement-2.ariba.com</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement AuthnInstant="2025-02-25T15:18:38.982Z"
SessionIndex="S-SP-048aa34b-24f1-44f8-be9c-a4c11821f7f1"
SessionNotOnOrAfter="2025-02-26T03:18:38.982Z"
>
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
<AuthenticatingAuthority>https://saml.example.com/entityid</AuthenticatingAuthority>
</AuthnContext>
</AuthnStatement>
</Assertion>
</Response>See as well:
| User | Count |
|---|---|
| 12 | |
| 12 | |
| 11 | |
| 11 | |
| 11 | |
| 9 | |
| 8 | |
| 7 | |
| 7 | |
| 7 |
