We are doing SAP HANA SSO integration with our IdP. The following steps have been performed:
- We have created a Simple Hello World XS Application (using Create Your First HANA XS Application using HANA Studio). The application was tested with basic authentication and it worked.
- Following Use SAML to enable SSO for your SAP HANA XS App (SPS 09 rev 92 or later), we have configured SAML SSO (excluding step 4).
- In the Trust Store, we have imported IWA Root certificate and IdP's Digital Signing Certificate.
- Under Service Provider Configuration, we are using SHA1 as our Hash logic.
- SP metadata content carried the ACS url as https://<server-name>:4300/sap/hana/xs/saml/login.xscfunc
Post configuration when we access our XS application it authenticates with our IdP. But when it hits the ACS url it displays the following error - "StatusCode in ResponseMessage != OK; please refer to the database trace for more information". The trace shows -
| e XSSession | XSSessionLifecycle.cpp(00254) : Assertion authentication failed with reason: Unable to verify XML signature(StatusCode: , StatusMessage: ) |
Amendments Tried:
- On IdP end, we have tried both the signature type - Assertion and Response.
- In the trace portal, we have set the trace level to Debug for our application as well as sap.hana.xs.saml. But still we receive only the above message.
Queries:
- Are we using the correct ACS?
- How can we increase the trace level to get better detailing of the error message?
- We have also implemented the solution provided in Troubleshooting Issues when implementing SAML SSO in HANA XS Engine but did not succeed. So please let us know if there any different options that can be tried out?