on 02-22-2023 6:48 PM
We realize the need to establish an OIDC compliant/capable IAS that connects to our Corporate IDP. The Corporate IDP is OIDC capable.
We followed steps to in this blog: Connecting SAP IAS as a proxy to Azure AD using OpenID Connect | SAP Blogs
In BTP, I stood up a SAP build sub-account and instances, using the booster, against this IAS setup.
When going to the instance, I'm getting a consistent:
error as in the attached file
Grateful for your thoughts guidance.
Best Regards, Wallace2023-02-21-11-59-52.jpg
Thanks, in the end, this was a simple mistake - ticking the IDP SSO box on the IAS config and then ensuring the "callback" link was proper on Azure AD side.
Grateful to carsten.olt1 for the blog, quick response and to sressing for the help/guidance.
This is now working and will enable more BTP easier, as OIDC seems to become the de facto standard with BTP and some BTP services are requiring OIDC.
Wallace
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Wallace,
I tried to understand your question and the screenshot provided.
It seems (assuming) as if the user was trying to access a BTP subaccount using an IdP-Initiated URL (specifying the SP/RelayState as a URL parameter). The goal was probably to forward this request to the corporate IdP. However, SAP IAS rejects this because IdP-Initiated SSO is not permitted for this application. Setting in the application (Trust all Corporate Identity Providers) - thats my guess?
It is also important to note that currently (as far as I know) only Azure Active Directory is officially supported by SAP as an OIDC Identity Provider.
Does that help?
Cheers Carsten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
77 | |
9 | |
8 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.