cancel
Showing results for 
Search instead for 
Did you mean: 

Group assertion attribute mapping for ADFS for SAP Cloud Platform trust settings

pjcools
Active Contributor

Hi

Currently configuring SAP Cloud Platform Trust settings (for a sub-account) but cannot get the group assertion attributes to come through automatically. I can see the AD groups come through in the SAML trace however the correct security role is not being assigned. Additionally, when we configure additional group settings in ADFS I get the following error which basically stops access to all services in the sub-account which is really annoying.

HTTP Status 500 - An internal application error occurred. Request: 793462237

I successfully login with my AD credentials but after that when re-directing to the service (e.g. Portal Service) it comes up with the above message.

There are a large amount of groups coming through from AD but cannot seem to authenticate properly.

Any help in mapping the assertion attributes and the group mapping would be appreciated. I've carried out this config many times with SCI and other iDP's but not with ADFS so need a little help!

Thanks & Kind Regards

Phil Cooley

Accepted Solutions (1)

Accepted Solutions (1)

pjcools
Active Contributor
0 Kudos

Hi

I did resolve this so thought I would update the post with the answer. The AD groups must be entered in brackets with a $ at the end to distinguish the AD group from others passed in.

You can see from the below that the AD group that needs to match the SAPCP security group has brackets and a $ sign. Also needs to be set to "regular expression".

Hope this helps others!

Thanks

Phil Cooley

Answers (1)

Answers (1)

geraldfletche
Advisor
Advisor
0 Kudos

Hi Phil,

I have found the below link that describes how to configure the user attributes.

https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/d361407d36c5443298a909acbbd...

I hope this solves the issue you are having,

Best regards,

Gerald Fletcher