Dear expert,
We met an SSO issue on launchpad.
Here is our scenario and SSO structure. We use fiori launchpad to display all SAP apps.
1. When an user visit launchpad URL, URL will redirect user to identity provider (IDP) for SAML authentication.
2. Then IDP authenticate with SAML2.0 token back to gateway.
3. Gateway accept the SAML2.0 token and issue SSO2 logon ticket.
4. Use logon ticket to backend ABAP ERP system for transaction apps.
5. Use logon ticket to HANA system for factsheet.
Now the first step above is OK as SAML token can be authenticated back to gateway. But after that, the basic form authentication pop-up for user credential on both backend system and HANA, which should not. We found out that launchpad was stucked with error message "/sap/es/ina/GetServerInfo HTTP/1.1 401 Unauthorized" at ERP backend service "GetServerInfo". By checking the cookies, we found out that after SAML token accepted by gateway, gateway did not issue any MYSAPSSO2 ticket.
However, when we disabled SAML and use form authentication for launchpad, SSO2 logon ticket works perfectly among GW, ERP and HANA. So, there should be no issue configuration regarding SSO2 logon ticket in SAP GUI.
here is the system information:
GW: NW740 SP5
ERP: ECC6 on NW740 SP5
HANA: v70
Please kindly help us out on this issue. Please ask if other information is needed. thanks.
Best regards,
Xian' an