12-18-2014 9:19 AM
Dear experts,
We are using SAML 2 authentication in SAP CRM 7 EHP3 system.
We use a service that tries to open URL of file stored in the content server.
Unfortunately we receive an error message:
Since your browser does not support JavaScript, you must press the Continue button once to proceed
The reason of the error is that service should perform SAML authentication via ADFS form and perform automatic submission of the form.
But the service cannot submit the form automatically, unlike the end user that can click Continue button.
How is it possible to solve this issue?
Thanks in advance,
Sergey
12-18-2014 9:41 PM
Hi,
this seems to be a bug. Usually, the redirect pages have this fallback text that gets displayed when a browser does not support Javascript. Normally, this does not get displayed because script automatically redirects a user to right page. I would first check in developer tools what is happening. Check the source code of the page if there is any script that should do automatic redirection plus console logs if there is any issue.
Cheers
12-19-2014 7:08 AM
Hello Martin,
Thanks for your answer.
We do applied redirect page as a possible solution. It works fine in the browser but it doesn't work with the service. It seems that service doesn't use browser at all and perform SAML authentication directly via HTTP.
Is there any way to force the service perform the redirection?
12-19-2014 9:11 AM
Hi,
I must have misunderstood your issue. Please define service? If you are talking about some client that wants to fetch a document and is using HTTP to fetch document then Javascript solution won't work. Usually, what service should do in this case is to return temporary redirect (HTTP code 307). I am not sure how this works in SAP.
Another workaround for this could be IdP initiated logon. Your service would go to IdP first to authenticate and receive token and then go to SP with token to fetch document. Again, I am not really sure how this could be configured. I know that SAP supports IdP initiated logon but not sure how you could make it dynamic to change URL for every logon.
Cheers
12-19-2014 9:22 AM
Service is defined exactly as you mentioned - some client that wants to fetch a document and is using HTTP (HTTPS in our case) to fetch document. The problem is that instead of document content it receives HTML with the error message described above.
I didn't understand what the service should perform with this HTML? Redirect to which location?
12-19-2014 9:37 AM
Hi,
in the body of that message there will be a Javascript code that will redirect browser to your IdP. But SAML is available for web services based on SOAP. So I would look there. Especially, have a look at ECP profile.
One of the use cases is: "The client does not support JavaScript, preventing auto form post".
Another option is to use back-channel communication. In this case SP communicates directly with IdP. I assume that in your case you are using front-end communication.
Cheers