SAML2 - Assertion Consumer Service - ACS URL

Your browser session is about to expire soon.
Please perform an action,

such as clicking or typing with your keyboard, to keep your session alive.
click to close this message
Available ValuesEmphasizedMoreWarning Message Strip CloseSplit
ButtonPress Enter to trigger action and Arrow Down to open
menuDescription SectionDescription SubsectionCVSS SectionSoftware
Components SectionSubsectionCorrections SectionCorrection Instructions
SubsectionPrerequisites SubsectionManual Activities SubsectionSupport
Packages SectionSubsectionSupport Package Patches
SectionSubsectionReferences SectionThis document refers to
SubsectionThis document is referenced by SubsectionSide Effects
SectionThis document solves side effects SubsectionThis document is
causing side effects SubsectionAttachments SectionSubsectionAttributes
SectionSubsectionLanguages SectionSubsectionFile Name
ONE Support Launchpad
SAP ONE Support Launchpad is loading, please wait...
This is taking longer than usual. *Try reloading the page

<javascript:window.location.reload(true)>.*
* Information about Outdated Browsers

<https://launchpad.support.sap.com/assets/shell/outdated-browser-alert.htm>
* Visit SAP Support Portal <https://support.sap.com/> or SAP.com
<https://www.sap.com/>
Terms of Use
<https://support.sap.com/support-programs-services/about/terms-of-use.html>
Copyright and Trademarks <http://www.sap.com/about/legal/copyright.html>
Legal Disclosure <http://www.sap.com/about/legal/impressum.html> Privacy
<http://www.sap.com/about/legal/privacy.html> 沪 ICP 备 09046015 号-2
<http://www.miibeian.gov.cn/>
More
More
More
More
More
------------------------------------------------------------------------


Logo
SAP Note
Knowledge Base
Search

3

Ashwini Yalavarthi (S0023741262)
2848757 - SAML2 - Assertion Consumer Service - ACS URL
Version 4 from 31.10.2019 in English

Expand header contentShow ChangesDownload for SNOTEDownload for
SNOTEExport as PDFExport as PDFMark as FavoriteMark as FavoriteShare by
EmailShare by EmailOpen in New WindowOpen in New WindowMore
Component:BC-SEC-LGN-SML
Priority:Correction with medium priority
Category:Program error
Release Status:Released for Customer
Corrections:9
Manual Activities:2Invalid entry
Prerequisites:1
Display
Scroll left
DescriptionSoftware Components
Corrections
Open menu
Support PackagesLanguages
Activate item to go to section in page
Scroll right
Description
Symptom
Your ABAP system can be accessed with multiple different domains.
But the SAML 2.0 Authentication Response can only be sent to one domain.
Other Terms
SAML 2.0 Authentication Request Response AuthnRequest

AssertionConsumerServiceIndex AssertionConsumerServiceURL
Reason and Prerequisites
As a prerequisite the SAML Authentication Response must be sent to the

Assertion Consumer Service (ACS) of the AS ABAP.
To achieve this one could until now already set in transaction
SAML2 -> Tab Trusted Providers -> Tab Authentication Requirements ->
Section Authentication Response -> Assertion Consumer Service = Default.
The IdP would then send the SAML Authentication Response to the ACS
configured in the metadata on IdP side.
Therefore only one ACS URL (the one configured at IdP side) could be
used during SAML Logon to the ABAP system.
Solution
Apply the support package or the correction instruction.
You can then set in transaction

SAML2 -> Tab Trusted Providers -> Tab Authentication Requirements ->
Section Authentication Response -> Assertion Consumer Service = ACS URL.
The ABAP system will then send the URL of the ACS that should be used in
the SAML 2.0 Authentication Request.
The URL of the ACS will then contain the domain that was used to access
the ABAP system.
As a result one ABAP system can then receive the SAML

Authentication Response at the ACS at multiple different domains.
Show More
Software Components
Software Component
From
To
And Subsequent
SAP_BASIS 702 702

SAP_BASIS 730 730
SAP_BASIS 731 731
SAP_BASIS 740 740
SAP_BASIS 750 754
More
Show More
Corrections
Correction Instructions
Software Component
Number of Correction Instructions
SAP_BASIS 9
Show More
Manual Activities
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_BASIS SAP Basis compo...|
| Release 740 Until SAPKB74022 |
------------------------------------------------------------------------
Extend the Domain definition SAML2_AUTH_RESP_ACS in transaction SE11 as follows:

1. Start transaction SE11, choose radio button Domain and enter SAML2_AUTH_RESP_ACS
.
2. Choose tab Value Range and add a third entry with:
Fix.Val.=C
Short Descript.=ACS URL
3. Activate the extended domain.
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_BASIS SAP Basis compo...|
| Release 702 SAPKB70212 - SAPKB70222 |
| Release 750 Until SAPK-75016INSAPBASIS |
| Release 754 w/o Support Packages |
------------------------------------------------------------------------
Extend the Domain definition SAML2_AUTH_RESP_ACS in transaction SE11 as follows:

1. Start transaction SE11, choose radio button Domain and enter SAML2_AUTH_RESP_ACS
.
2. Choose tab Value Range and add a third entry with:
Fix.Val.=C
Short Descript.=ACS URL
3. Activate the extended domain.
Show More
Support Packages
Software Component Version
Support Package
SAP_BASIS 740 SAPKB74023

<https://launchpad.support.sap.com/#/supportpackage/SAPKB74023>
SAP_BASIS 754 SAPK-75401INSAPBASIS
<https://launchpad.support.sap.com/#/supportpackage/SAPK-75401INSAPBASIS>
SAPK-779BHINSAPBASIS
<https://launchpad.support.sap.com/#/supportpackage/SAPK-779BHINSAPBASIS>
More
Show More
Languages
*
Deutsch
*
日本語 (Machine Translation)
*
Português (Machine Translation)
*
Español (Machine Translation)
*
中文 (Machine Translation)
*
Français (Machine Translation)
*
Italiano (Machine Translation)
*
Русский (Machine Translation)
*
한국어 (Machine Translation)
Show More
Contact Us
Share Your Feedback
About the Launchpad
Status
Terms of Use
Copyright and Trademarks
Legal Disclosure
Privacy
More

SAML2 - Assertion Consumer Service - ACS URL

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SAML2 - Assertion Consumer Service - ACS URL

Uploaded by

Copyright:

Available Formats

Your browser session is about to expire soon.

Please perform an action,

SAP ONE Support Launchpad is loading, please wait...

This is taking longer than usual. *Try reloading the page

* Information about Outdated Browsers

2848757 - SAML2 - Assertion Consumer Service - ACS URL

Version 4 from 31.10.2019 in English

Your ABAP system can be accessed with multiple different domains.

SAML 2.0 Authentication Request Response AuthnRequest

Reason and Prerequisites

As a prerequisite the SAML Authentication Response must be sent to the

To achieve this one could until now already set in transaction

Apply the support package or the correction instruction.

You can then set in transaction

As a result one ABAP system can then receive the SAML

SAP_BASIS 702 702

Number of Correction Instructions

Extend the Domain definition SAML2_AUTH_RESP_ACS in transaction SE11 as follows:

Extend the Domain definition SAML2_AUTH_RESP_ACS in transaction SE11 as follows:

Software Component Version

SAP_BASIS 740 SAPKB74023

Share Your Feedback

About the Launchpad

Copyright and Trademarks

You might also like