Hi,
It seems your configuration is ok, but unfortunately I can't reproduce your error, because it's working on my environment. I'm using the ADFS 3.0 in Windows 2012 R2 instead of Windows 2016.
Probably the popup asking for username and password come from ADFS and you need to inform the credentials (domain user). It is happening because you are not logged on AD domain. If you are logged on domain, it should not appear.
If you followed my configuration then you have set the application to work only thru SP-Initiated instead of IDP-Initiated. In this case, only connections started on Service Provider (SCP) will accepted.
If try to connect using IDP-Initiated (IdpInitiatedsignon.aspx on ADFS), you will receive the following message:
HTTP Status 400 - Service Provider endpoint saml2/sp/acs could not redirect to original application URL because it has not received RelayState.
The right URL to access your application is: https://iotcockpitiotservices-p1943013815trial.hanatrial.ondemand.com/com.sap.iotservices.cockpit
Sometimes, when you have many connections with SCP opened in your browser, you can receive an message telling you that you don't have authorizations. To avoid this behavior I really recommend you to do test using a "New Incognito Window" (Chrome) or a inPrivate Browsing (Internet Explorer). Believe, I spent a lot of time in the first configuration due to this behavior. Also you must guarantee that the entire path starting from "/adfs" is accebible from the browser.
Best Regards,
Alex Belle.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.