on 2018 Jul 03 6:07 PM
We have configured our SAP Cloud Platform Members with Administration Roles to authenticate with our Platform Identity Provider Tenant. Our Tenant is configured to proxy authentication to Azure AD. All of this is working great.
When a new Administrative User is added, the Name field defaults to "-subaccount not visited yet-". The 'real' name is supposed to be filled in the first time this user logs in. However, our Name field never changes even after a successful log in.
My working theory is that the SAML attributes coming from the Platform Identity Provider Tenant is missing a needed attribute. Our configuration is set to send Display Name, Login Name, First Name, Last Name, and E-mail.
Are we missing an attribute? Or, is the problem something else?
Hi,
Sorry to disturb you, but I would like to talk about :
https://archive.sap.com/discussions/message/16283136#16283136
We need to configure SAML Authentication for OData and we need some guidance.
Tell me if you've got time for that.
Thanks in advance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The actual problem was that the "members" list in the subaccount forces all ID values to upper case. Our SAP Identity Tenant allowed mixed case.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Steven,
I think your assumption is right.
The basic attributes are first_name, last_name and mail (case sensitive).
If you have Identity Federation disabled on IAS side, the attributes from Azure are forwarded. If it is enabled, you have to configure them in the IAS Admin Console:
Regards,
Lucas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
68 | |
9 | |
8 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.