cancel
Showing results for 
Search instead for 
Did you mean: 

Principle Propagation with Custom IAS for SAP Build Workzone - Standard Edition

imtiazak
Explorer
0 Kudos
760

Greetings,

We are currently setting up SAP Build Workzone with S4/HANA on Premise using SAP Custom IAS as identity Provider. We followed the official guide, and configured everything as expected. Now after opening a site, we get a pop-up to provide credential for logon. Which means Principle propagation is not working.

On our Cloud connector , the subject Pattern is set to "$NAME" , after changing it to "$MAIL" , the logon Pop-up disappears, but after opening the App, it ends in another error.

My question is , if its possible to enable Principle Propagation using $NAME as subjet, as this is PROD Cloud connector, and changing this may need lots of changes on onPremise systems.

in case if it needs to $mail, what changes needs to be made on OnPremise.

IAS side >Subject Identitfier is set to "Email"

using ODIC

System > S4/HANA 2022 onPremise

Cloud Connector > Latest release

Cloud Foundry

IAS ( Aditional tenant) running on Europe (Frankfurt)

Accepted Solutions (1)

Accepted Solutions (1)

imtiazak
Explorer
0 Kudos

Issue resolved

In our scenario we are using Azure AD as corporate ID, after switching on "Allow Identity Authentication users only" under Identity federation, issue was then resovled.

I guess IAS was directly forwarding users parameter from Azure AD instead of SAP IAS to back-end .

Answers (1)

Answers (1)

MarkusTolksdorf
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hello Imtiaz,

there is no rule for the subject pattern what needs to be used in productive environments. There is no right and wrong in this case. It depends on the content of the attributes and how you like to map on the S/4HANA side.

Best regards,
Markus