Symantec Access Management

Tech Tip : CA Single Sign-On : SAP server returns 400 error bad request

  • 1.  Tech Tip : CA Single Sign-On : SAP server returns 400 error bad request

    Posted 10-09-2018 10:07 AM

    Issue:


    We're running Web Agent Option Pack as IDP and SAP server as SP, when the
    browser sends a HTTP-POST to the SP Sap Server, this one returns 400
    bad request error.

     

    How can we fix that ?

     

    Resolution:

     

    This is a known issue by SAP Analytic.

    2649833 - HTTP Status 400 - Bad Request after login to SAP Analytics Cloud

     

    Symptom

    You enable a custom SAML Identity Provider in your SAP Analytics Cloud (SAC)

     

    Environment

    SAP Analytics Cloud •
    Any valid SAML 2 Identity Provider (IdP) •

     

    Cause

    The SAML assertion returned to SAC doesn't contain a valid Name ID required to validate the user.
    For example, you selected Custom SAML attribute as the attribute method to map users.
    Value returned by the IdP:
    <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-
    format:emailAddress">user@example.com</saml:NameID>
    Value in the column Custom SAML attribute:
    P000234
    Not only the values are different, also the nameid-format is expecting an email address.

     

    Resolution

     

    Make sure that the value returned from your custom IdP matches the value selected in SAP Analytics Cloud.

    https://apps.support.sap.com/sap/support/knowledge/public/en/2649833

     

    KB : KB000116998