Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error using SAML authentication

Former Member

‎12-18-2014 9:19 AM

0 Kudos

Dear experts,

We are using SAML 2 authentication in SAP CRM 7 EHP3 system.

We use a service that tries to open URL of file stored in the content server.

Unfortunately we receive an error message:

Since your browser does not support JavaScript, you must press the Continue button once to proceed

The reason of the error is that service should perform SAML authentication via ADFS form and perform automatic submission of the form.

But the service cannot submit the form automatically, unlike the end user that can click Continue button.

How is it possible to solve this issue?

Thanks in advance,

Sergey

5 REPLIES 5

mvoros
Active Contributor

‎12-18-2014 9:41 PM

0 Kudos

Hi,

this seems to be a bug. Usually, the redirect pages have this fallback text that gets displayed when a browser does not support Javascript. Normally, this does not get displayed because script automatically redirects a user to right page. I would first check in developer tools what is happening. Check the source code of the page if there is any script that should do automatic redirection plus console logs if there is any issue.

Cheers

Former Member
In response to mvoros

‎12-19-2014 7:08 AM

0 Kudos

Hello Martin,

Thanks for your answer.

We do applied redirect page as a possible solution. It works fine in the browser but it doesn't work with the service. It seems that service doesn't use browser at all and perform SAML authentication directly via HTTP.

Is there any way to force the service perform the redirection?

mvoros
Active Contributor
In response to mvoros

‎12-19-2014 9:11 AM

0 Kudos

Hi,

I must have misunderstood your issue. Please define service? If you are talking about some client that wants to fetch a document and is using HTTP to fetch document then Javascript solution won't work. Usually, what service should do in this case is to return temporary redirect (HTTP code 307). I am not sure how this works in SAP.

Another workaround for this could be IdP initiated logon. Your service would go to IdP first to authenticate and receive token and then go to SP with token to fetch document. Again, I am not really sure how this could be configured. I know that SAP supports IdP initiated logon but not sure how you could make it dynamic to change URL for every logon.

Cheers

Former Member
In response to mvoros

‎12-19-2014 9:22 AM

0 Kudos

Service is defined exactly as you mentioned - some client that wants to fetch a document and is using HTTP (HTTPS in our case) to fetch document. The problem is that instead of document content it receives HTML with the error message described above.


I didn't understand what the service should perform with this HTML? Redirect to which location?

mvoros
Active Contributor
In response to mvoros

‎12-19-2014 9:37 AM

0 Kudos

Hi,

in the body of that message there will be a Javascript code that will redirect browser to your IdP. But SAML  is available for web services based on SOAP. So I would look there. Especially, have a look at ECP profile.

Configuring Support for Enhanced Client or Proxy - User Authentication and Single Sign-On - SAP Libr...

One of the use cases is: "The client does not support JavaScript, preventing auto form post".

Another option is to use back-channel communication. In this case SP communicates directly with IdP. I assume that in your case you are using front-end communication.

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/b5bab122526d6de10000000a42189c/content.htm?frame...

Cheers