on 2023 Jun 26 9:44 AM
Greetings,
We are currently setting up SAP Build Workzone with S4/HANA on Premise using SAP Custom IAS as identity Provider. We followed the official guide, and configured everything as expected. Now after opening a site, we get a pop-up to provide credential for logon. Which means Principle propagation is not working.
On our Cloud connector , the subject Pattern is set to "$NAME" , after changing it to "$MAIL" , the logon Pop-up disappears, but after opening the App, it ends in another error.
My question is , if its possible to enable Principle Propagation using $NAME as subjet, as this is PROD Cloud connector, and changing this may need lots of changes on onPremise systems.
in case if it needs to $mail, what changes needs to be made on OnPremise.
IAS side >Subject Identitfier is set to "Email"
using ODIC
System > S4/HANA 2022 onPremise
Cloud Connector > Latest release
Cloud Foundry
IAS ( Aditional tenant) running on Europe (Frankfurt)
Request clarification before answering.
Issue resolved
In our scenario we are using Azure AD as corporate ID, after switching on "Allow Identity Authentication users only" under Identity federation, issue was then resovled.
I guess IAS was directly forwarding users parameter from Azure AD instead of SAP IAS to back-end .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Imtiaz,
there is no rule for the subject pattern what needs to be used in productive environments. There is no right and wrong in this case. It depends on the content of the attributes and how you like to map on the S/4HANA side.
Best regards,
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
74 | |
30 | |
9 | |
9 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.