MS ADFS to NW ABAP 7.02 SAML. IdP originated works, but not the other way

We have NW 7.02 SP12 and have enabled SAML2 to allow us to provide SSO to ABAP WebDynpros by way of MS ADFS.

After configuring SAML in line with all the relevant docs/notes/troubleshooting info, we are able to go to the ADFS URL (https://<IDP HOST>/adfs/ls/IdpInitiatedSignon.aspx), and pick our SAP Service Provider that we setup in SAML and provided the metadata file back to the ADFS.

We are challenged for our Windows/AD credentials and then after providing them are passed into the SAP ABAP web dynpro that we setup for SAML authentication, and also as the default endpoint in this test.  The logs show successful logon.

When we try to access that same SAP Web Dynpro by direct URL (https://<sap host>/sap/bc/xyz), we get redirected to the ADFS host for the Windows credentials, and then get taken back to the SAP ABAP Web logon screen with the errors

"Logon Failed at Identity Provider (http://<ADFS host>/adfs/services/trust)"

"SAML Response Status: [urn:oasis:names:tc:SAML2.0:status:Responder]"

"Message from the identity provider: [urn:oasis:names:tc:SAML2.0:status:Responder]"

The SAML Diagnostics trace in SAP reveals no error.  The SM21 log reveals no error.  So, this doesn't look so much like a SAML error but an ABAP AS error processing the assertion that's being sent back by the ADFS and then SAP is somehow not trusting the assertion in this method.

In the successful test of the IdP URL initiated call, the SAML Diag trace shows that the user ID (in below example, userID: JSMITH) is successfully being kicked over to SAP and then authenticated. 

In the (un successful) SAP URL initiated test, the SAML Diag trace doesn't indicate any of this (but also no errors)

Thoughts?

IDP Iniitated SAML

Client Server Work Process Time Severity User Message Callstack

100 USH-B-SC-SE2 2 02:01:31:851 Debug SAPSYS

HTTP request headers:

~request_line:  POST /sap/saml2/sp/acs/100 HTTP/1.1

~request_method:  POST

~request_uri:  /sap/saml2/sp/acs/100

~path:  /sap/saml2/sp/acs/100

~path_translated:  /sap/saml2/sp/acs/100

~server_protocol:  HTTP/1.1

host:  <SP Host>:8003

~server_name:  <SP Host>

~server_port:  8003

user-agent:  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0

accept:  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

accept-language:  en-US,en;q=0.5

accept-encoding:  gzip, deflate

referer:  https://<IDP HOST>/adfs/ls/auth/integrated/?SAMLRequest=7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2fff%2fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9Ol638%2bWr%2fBet86ZNz55%2b9tHv%2f%2bl5vnN%2f7%2f7%2b9v3pp%2fvb%2b%2fsPDraz3YcH23vne%2fcfZNneg%2ftZ9lH6k3ndFNXys4%2f2xjsfpWdNs87Plk2bLVv6aGd3f3tnb3vv%2fpudvUc7u4%2f27o0f3n%2fwUx%2blT6mXYpm1%2fOa8bVfNo7t3p810%2b7yZ5ZfjaVWuF5Mio18Wd7PZeXO3bO5%2blJ5UyyYH4HW9fFRlTdE8WmaLvHnUTh%2b9Pv7i%2bSPC4dFUGj1aL5tVPi3Oi3z2UfpuUS6bRzzSzW%2bv6qqtqPuPjh7zWGp5dfNLWdPkNcby0RHGcsNQqO1lMc2bu229btrHd6Wfo8c0ulkBKM179vn4eD0r8uU0f0VUrYspPnUfHr0%2b3SPQy3xKfdkP3a%2fBS3cdEvRHnzOO%2fh8%3d&Signature=UdDjDRi1cugjPfoVH%2bUVys0fwbbyPdhhMLrhZlxN0Sou4ELClET5F1pZDFGvhQX0ZK8m1zwFh7ZlhDnrxc9auPUBp2tfURHfSZSgBvB%2bFs7N110RDP7ImC2Y%2bIKvURdIapJ9561L6iZ6EvQHll%2bBvV3ur4Q7ZjkCrNrnDCnGv4ResdJkkrnsFrXIfJRl0ElFb2hJoWVXvM%2bN%2bJiFd%2fMmKE8l2yuOSsrlVAzDNxkNmrcLFmZrrjUZkUNBJ3Qc%2bZ%2bX3VJrbd0I3rG1YPfLpN4HgKjA5zO4dKOh28CttByQq25RzefuDvVkN1%2bbws7TfDMMxsw%2bw4jell9yQ6ewd9rpog%3d%3d&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256

connection:  keep-alive

content-type:  application/x-www-form-urlencoded

content-length:  7921

~server_name_expanded:  <SP Host>

~server_port_expanded:  8003

~remote_addr:  10.45.74.109

~uri_scheme_expanded:  HTTPS

~script_name:  /sap/saml2

~path_info:  /sp/acs/100

~script_name_expanded:  /sap/public/bc/sec/saml2

~path_info_expanded:  /sp/acs/100

~path_translated_expanded:  /sap/public/bc/sec/saml2/sp/acs/100

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:148 Info SAPSYS

SAML20 SP (client 100 ): Raw SAML response:

PHNhbWxwOlJlc3BvbnNlIElEPSJfOTZhM2NmZjYtM2JjYy00YWFkLThmMTktZmQwMWMyMzliY2NmIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wMi0yNVQwMjowMTozMC4xMDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly91c2gtYi1zYy1zZTIuY29sdW1iaWEuY3NjOjgwMDMvc2FwL3NhbWwyL3NwL2Fjcy8xMDAiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vY3NjLWZzZGV2LmNvbHVtYmlhLmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPjwvc2FtbHA6U3RhdHVzPjxFbmNyeXB0ZWRBc3NlcnRpb24geG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4ZW5jOkVuY3J5cHRlZERhdGEgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVudCIgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIj48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMjU2LWNiYyIgLz48S2V5SW5mbyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGU6RW5jcnlwdGVkS2V5IHhtbG5zOmU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyI+PGU6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIj48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+PC9lOkVuY3J5cHRpb25NZXRob2Q+PEtleUluZm8+PGRzOlg1MDlEYXRhIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6WDUwOUlzc3VlclNlcmlhbD48ZHM6WDUwOUlzc3Vlck5hbWU+Q049U0UyX1NTRkFfUzJTVlBFLCBPVT1JMDAyMDU5NzM4NywgT1U9U0FQIFdlYiBBUywgTz1TQVAgVHJ1c3QgQ29tbXVuaXR5LCBDPURFPC9kczpYNTA5SXNzdWVyTmFtZT48ZHM6WDUwOVNlcmlhbE51bWJlcj45MDI5MTk4NDk2NzM1ODMyPC9kczpYNTA5U2VyaWFsTnVtYmVyPjwvZHM6WDUwOUlzc3VlclNlcmlhbD48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48ZTpDaXBoZXJEYXRhPjxlOkNpcGhlclZhbHVlPlV6VVZLRndtejFLY2RLY29VcVpnbEY4R1ZnWk9CbEJ6bWljL1VQVzROUDMweFRNcmh2czZ4eUFRckwrZElyQytDYlJUVjZOc0ZaOExjb1gydEJkZW9hc1dySC82Ymo5TWxxMlFoTHQvdXJSeUV4MFJWUlhtMFA4SnpyUGRpTFgxTVhsaHFOZ3MzQUxpd081RXI1TkNKcDh5aWovQVpsblpuZjExUUFOdDhjRT08L2U6Q2lwaGVyVmFsdWU+PC9lOkNpcGhlckRhdGE+PC9lOkVuY3J5cHRlZEtleT48L0tleUluZm8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT4wZ2J0cjZJamp6RUZtRi9EMk1jb3Q3OXJ4ZHRHNEl2Q0o0YWtRa0xHNnViSW5VcmFIUG5ta3FDdjJWSmpOODhFWmo5TWloUFBXUStnWHQyY2pkVWVGUzliam1CS0J4RXFLemxnbFN0Sk5GT1dsU0orb2kvL1ovT1U3Snl6UmFOcEVVU1lNQVRLRUhyaTFDK0dMeUpra21uQzdpUnFrbjBqMEM0QjNpWEtjdER0RlAxbnQ3Rm9oS1dPa2dDNlNRZFJiNnY5ZHQyVjEyWUQ2N0thcnJBdFpCWEQ4WVFwODBPLzhmUHAzZjdHdTBQZWNWU3pLTnFaaFdFb1lsZnhsdWZORldONk9SMFJVcDdHSVNHMlgvZWJVY3ZTUU1yZ2ZuOWxhRE5XdTNyMFM3VGw1YmQxbDBtVkc4bTBndmhsSHFxT0FoZnBMdmNHeWp0LytwVmtWb3crK2drc3lNMThSYUN2NjJDTDdyd1J0MWlWZU5Ub2FJNUJJS2FUTXBveFZXSTRZejRlWFlsbkFZcWxzMnl5aDlFVWpLb25jODJwdFpDQjFlaERCSWZpenhIQXJKdmNGM1RtYXlmTVBJUENkeEo3clBhRnJWNjNHb3Blc1Axdm5NWEZXZjhoTEd2VkZjdnVsZFhEbWsxTklpL25xZy9NeWVPeDlaMUdNRndDTWFDU1VnbU5XSGV4Z1llaGFPTEM0V3E2bFU3WmhxaVo4MnJHSmJwYm13cEUrdHB2OGpobmdOWEYra2JrN2ZidlhSdHhuUExmZG1jNmZtZWJJYUJKVDNJM0JzQ0QwTHZpU2FVbUNOSFdzeUc3eFZqTkxTdU9jSnk1Z0NZbTI1L2krRDhPRVQ1dHF5UU9lN0JRclNNVkNCQ1NoeS9naW1BSlBlVUcyejU0bUViYTk2RVFIZk1Ybi94Z0JoNjluaDNUYVJsa0Fzd1lJck9EZUh3ZnNpMnlPYTgzL3hhZzVFMnBPMlBlSkd0cDVLRmhGZ0F4YWdXMUtSc3JWTTNVSklhVjlrZEZyMVM4SFFla2xJQU80SkVnZXp0Z0tRWGZDTGMyMU5yMXFUTVNqRlo4UGFoeEk1NTd0UDRiMjJOK09FaFVTK29pNFlJMTNXVkg4bVBiZGdZclE3Skxjc3doY2hjZy9XWXZTS3VLK0JyL3Q3V0VUQzNQVDVrSXdNekZJVUhhUEVDRThZZmJQWGlER3IxUXEvRG4zdFBVVi9yN3hLcHJWVTM5R0hqY2JDcStRekVMTFNCZndzME85Vk5tWUtMUnVadi8xbExBaXNCcjJxTlVyYkt6SXVrUUJMSDZIZU9kaCtHa2txYWo3R2lEei9YeG9PVFZJY21LQVk4V0NSTkFPclpRa3BTMy83WTA2NkpNNWtZRlV6Y1l4aldGem1vdnVBeUpBaGxNWldySlg2dkFmaDgvRmZabXdzZEd1aEtUQ1FqUFltTExvb3o1RjJFc1dBcWFzL3h1ZXE4OVkxaTloaUZnZHhESFFBa20xR0hlc004NDdoOFoxSDA5SGFDODRvVEwxbzkxbWZWMFBYdmo0aHBaM0t2MFdsRytEUFZmMTdYNjlZemhPd3dLNzJYeVhtTTNVM05oeXlrZTBiQWNJUy8yUEhFL3E0NVNuUFpkQXpxQU0waVpvMnRHSjJtcURzVDFzeFFURHFXanJ3KytpMXhHSDU3NktrTzYxbTdnTWIwTEk5Sk5JU2ZvemZWYXZEckwvbTF1OVcrVjV1UG1IcU44YWJQVnk3QzhoUHowRUtrZmZBRDEzY1JkS0V6NS84UWYrOWl0RmhRenZ0UE5aVDRiV1JWVHNkY09BQkRVQVNGRmhXY2V4QUJaeEpEU2puR1IxcUFUMUVsWTJod3dzT3FKSkdacTBGSjk2OVl0d1g3UmM2TFNFUXhuL1JZc2VCOStqQXJFQURYbmN3SjQxSUV6eUIyYnlvOFdOTmsrbWFRTXR2anptZUJQTmJSQlFpallBOTFQaWUrR2RSaWZYZkdyd1ZwbkR0TExTOGlGakFtcGxRUUsyK0dEUm93bmpkYkpFRGk1THM2K29oQVFvNUpGbGhwKzJ0bXZ2bDRKeE1kdFRkMTJYbmx5eW1LUjB3TTlSMEloMTllTUdLSXJ4NXlkUk9oTWFwL0lqZ1EvOGhNSmZwZkp4RVYwME00dFgwU2sxNDFwbTJjK1ErN0dhc2tEU0VMcXh0RmVod20wQ0pkSWdOTTluSUZBVVByaHpaSUhiUnNJclE2d3F3b3BOZ1hvRDBCazVlaUh6Qkd6ZkU4YlRIajBoNGxBUmtrcG5hNkpnU1VPdmVkNVNxbWtYR2pmcStTSjFjSW1CMEkwVThyeVVFV3F4TnE2V1IvWnFrb1UxaXlrL0d2TmIwYU9nOFQ4ZkhwR3NsYUp0cUFkVXgxWnZrSS9HcmwxSEtUVUlnSWJzOWF6TThtSC9mclhYS3J6Y2RNQVJ3TVYyL21ZNlFCdHFSanNGdTFsZEZrTS9Xb09WL2dlQ1dBUjhuZU5uZ0NMaXNPTkhKODZFbHNCZXUvcHpwYkdlNGZPc3pqVHVmYkpVOU92amVXd0RvcHhmTHdnbEZyZlVLNE1sbHkzeEMrSllaS0o5WGU3aWFDbzFRTHFDeXJKaW5IUWFLaWZueS9zQzBFV1MwSUpGQmpYS2NQNTlLTW13Nk8yd3FJZW93VGYySUthdEJuRXArTWFndXlYeXY4UStsYm9mdEc4M0pOMXZRcEVMMXlqbDVtSU45U2RJQTJaUEJ0eCtOREFUSGg4aWEweVFWTGhrdVQ2OEJXY3J3eWd4cndFeWJrY3k0VGpzbEM2bzVreWcvQ3pyMHZ6UWt0MDNoRkpRUEN0RXU0UjV1d2pCQVB3QnBOY20wOXlTU0VYejZJOGhHckxHZzlKS0pDY0Vzb1BpdUNvZG9LcFdPbjVncDV0ZVhYc0dEdlJwVUlzemxvZ09HNjgwL3MzR24vR0JYaitnT2t3S28zRytVLzRONUhUVnVLV1lZSWp2aSt2T3RUdk5GcVg5ZTM1NGlVMDVKcy9TUllCTEtXd0tIQS9vQzdLOGtKcGJIdFBQaTBOaFBmS084MWl2aUE5NENJZlM5b3JvMHJSS1lzcjUzQjNEeTRsaXd1azFtM3BzZERaeWZOVTMxaHdTWUErdm9KYUpHc255TDNPK0lQU1YwdWh4WllrUnNwbDR6Q3dtWU1DWUZMRitKb0JvY05qMzlLSHhHSHdtMTVWendaVlI5cjY5R0JyR2JheUwxWnVjQVRNWWRJQkNlbkdLdVpSb2pxZVdvdVllSWozVUx6N3h6OGVrZXo2RmZPZGpGTGtpazNKSkJPOTNWTkcvZUVmcWszVkpMdEpzaWY4MDVsalBlWEk5ZU1kR1hhRC9KL0Vqc1pGYUxlN0pIRkRjN0duTG9iTEFTazFFT0k4c24wYzN0Ui84SmNSRjRXK0kzNWVadit0cTA4RkpQZklXdTB6azE5Q3VMdTBCNm90dW5aYWtjb0ZrMG9iUUtHTzR4NGFWY29DVG1Ob3ZQUC9LaGZhNklVclRjRlBJbTRhMmtia1JWakZQMGFQQklRRzlXUis1YzU2U0pmdlFCVXFUbzZkaFQ5dDVNNjU1QWNsNTNYYzJvZ1BiVkNEbEFVQUJWYmxIcG1WR2VTRDRQL1hFMWFUT0RpZjJKUVZRSkh3M1dzWlU4d0hPSWJBcVlZTi9iNUtzV1VVY0tLMnVpKzlaQ3FpTXNTek1PUFZ4Q1pPMmRzdFR1YUVhZTVjMnVGdDNBSHNWcWQzQmNGV2JMbWVjWmlxWU8xWGhsTEIzVkJyczFvWmx0cTM2VzR0a05RS29Oc1JGbnI0VmhScXNoWGdLZTkyQVhKRS9HSUxQNUU3bHFUTkpsYUVXdnROMTdqOFRXTXdGM21TdUF3U1NqWWVNeXM4OHUybTYwbHorSVBuSE5CUUM2K1ZNblRWM2k1Y3lGSDhRVlRFVGNDR1BXZmE0ZmI5TWdMNkc1NXkwMVY1SERiM0h2am1GVDBuYlNDL2pjTW9ZMlROTHkxbVVMZTdueFZpL0pmdWhLMkVFZGJiZzFENWNlY1VUVUkrZ05wZ0FvRHVhWjR6WlFYOGMyanV4cVVaUzREWUoyVlhCMmRiakJVYXlkZVlMTWw3dFVpM2gvUFBXYjJ6S2VsQUlUdlVpdlZMSW5xdHNQblBwYlZYL05aVVJSZWxDaG8zdUZzS3MreE1WTmErTUNLWVViOEVaZXNwb0hwYzRFMUJsU0d1dmZNUEs5azZ2dzhUTXlQRzRtc2Z0aU1CS2FQcnVHMzBGaVQvZkQ3azlnVW1YQUUyb0hCQVpNdDd5b2p1ZWhLSDZzcjRUN0VzaFY2QmQ3L1pKWXRudmNaeWdWTFMvMkFpZmlCVmNnQjNqTmZ6bXBIYXdmNVVxdlF0a0xXdVN3Qy9EdUtndnBsTkJhcXRlS1B2cEtnYTJ4QW1PUFpzN3N1U1Q5azhYbzlYbVVTWFRFbVlqam9tSTY5OXpNSi9BT3Q2dW9tZVN3REZ3YWRtUWlva3IzYlhOMCtrNmx2M21nNVNnZE5KL1dBZlUrVmliMEtNZGpGZVJnWU1ZODVJTnBrUDlYeG10MTc1RjREdjBBcFA3VW1tKzZUd2tFUXBwOWV2bkJocmcxdnZCdE5FNlc5dEMvMGtoWkd6MW9MaWV2VldlcUY4RWdncG5NTzNJN0l1RkRkK3ZKdGJ0M0FqaDVVRU1nK05BdWg3eVphaFlzcXlvSURocHRjb3JmWVloTE1qaUVqTityVjNSRlB2NDM2TkpzYnpPRmRtbExucnZWRUxKRlYxc3hmTXI2bmp5UndkTi9ZNHFvMHpiRTRXUU1PTEFRRU1wZUtkOWJjZmpKQ2FydDUrcUkzaWRMbTlJakJUamxOWm5aTE5FVW5sU1R5MzlGS1FLRks3NGlDN1hVWVZIWDIwOERkeFF3aitzeld2WUcwd2xYdE5YT3J1bW83WEJvODNuOUJ1RlZscm43ZGdodVgyMG4va0g2cSs0THc3R3JLaEQrdSszb05SWW1hM3ZHeDZBSkFjNFc3bTc0NU9TcGxvNlhsOCtFbGd6aGZFT3NWOHVoaWZzSElZSU9ldm01cFNpbmdSdUpBN2tkcG1MWmpQNW1IdTFoUEZoWDB2U0xQanZkUXdPV0M4ZGF4M04zODVVSVlFRkFtc0dCS3l5a1dtWXVnUk1mT20vdlN1VmY0SCtwZ3RXaVNHSldJMCtVTDZEVkcvK1lpT01GVFRnREkyeTVVUndFa2IvMzgzNUdxZ3NSNjJmWWlXVzlZOVE3SW1GR3A5cmQyeDdLTkprSUZ5UU1TcXVWbjlxZCt2TWtIQU9XTk9vajFxYjJUN2hrc1Z2VDVZODhhK3ZML1IrWjFJUmtZd0hGbU12d2VydzVkRGo1QWg1T0RZVWM0NEZFOTYzcWQ4MlJQbFJOeUh2L2xoZ3ZDclo3ajdjSCtRNnlWcDQ1RkNSd3l2TWpoVXRQb3JxRjRDOS84RW5VOWVRUVY2QTZCWWNrTTFxNnBxa2QwbjwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6Q2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkRGF0YT48L0VuY3J5cHRlZEFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:205 Debug SAPSYS

SAML20 SP (client 100 ): Original request method is POST

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:349 Info SAPSYS

SAML20 SP (client 100 ): Calling transformation:SAML2_RESPONSE was successful.

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:391 Info SAPSYS

SAML20 SP (client 100 ): SSL is active

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:393 Info SAPSYS

SAML20 SP (client 100 ): get_application_uri ef_url: https://<SP Host>:8003/sap/zapp?sap-client=100

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:396 Info SAPSYS

SAML20 SP (client 100 ): Incoming Response

SAML20 Binding:          POST

SAML20 IdP Name:         http://<IDP HOST>/adfs/services/trust

SAML20 Status Code:      urn:oasis:names:tc:SAML:2.0:status:Success

SAML20 <samlp:Response ID="_96a3cff6-3bcc-4aad-8f19-fd01c239bccf"

SAML20                 Version="2.0"

SAML20                 IssueInstant="2014-02-25T02:01:30.101Z"

SAML20                 Destination="https://<SP Host>:8003/sap/saml2/sp/acs/100"

SAML20                 Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"

SAML20                 xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

SAML20   <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">

SAML20   http://<IDP HOST>/adfs/services/trust</Issuer>

SAML20   <samlp:Status>

SAML20     <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />

SAML20   </samlp:Status>

SAML20   <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">

SAML20     <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"

SAML20                         xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

SAML20       <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

SAML20       <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

SAML20         <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">

SAML20           <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">

SAML20

SAML20             <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

SAML20           </e:EncryptionMethod>

SAML20           <KeyInfo>

SAML20             <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

SAML20               <ds:X509IssuerSerial>

SAML20                 <ds:X509IssuerName>CN=SE2_SSFA_S2SVPE, OU=I0020597387,

SAML20                 OU=SAP Web AS, O=SAP Trust Community,

SAML20                 C=DE</ds:X509IssuerName>

SAML20                 <ds:X509SerialNumber>

SAML20                 9029198496735832</ds:X509SerialNumber>

SAML20               </ds:X509IssuerSerial>

SAML20             </ds:X509Data>

SAML20           </KeyInfo>

SAML20           <e:CipherData>

SAML20             <e:CipherValue>

SAML20             UzUVKFwmz1KcdKcoUqZglF8GVgZOBlBzmic/UPW4NP30xTMrhvs6xyAQrL+dIrC+CbRTV6NsFZ8LcoX2tBdeoasWrH/6bj9Mlq2QhLt/urRyEx0RVRXm0P8JzrPdiLX1MXlhqNgs3ALiwO5Er5NCJp8yij/AZlnZnf11QANt8cE=</e:CipherValue>

SAML20           </e:CipherData>

SAML20         </e:EncryptedKey>

SAML20       </KeyInfo>

SAML20       <xenc:CipherData>

SAML20         <xenc:CipherValue>

SAML20         0gbtr6IjjzEFmF/D2Mcot79rxdtG4IvCJ4akQkLG6ubInUraHPnmkqCv2VJjN88EZj9MihPPWQ+gXt2cjdUeFS9bjmBKBxEqKzlglStJNFOWlSJ+oi//Z/OU7JyzRaNpEUSYMATKEHri1C+GLyJkkmnC7iRqkn0j0C4B3iXKctDtFP1nt7FohKWOkgC6SQdRb6v9dt2V12YD67KarrAtZBXD8YQp80O/8fPp3f7Gu0PecVSzKNqZhWEoYlfxlufNFWN6OR0RUp7GISG2X/ebUcvSQMrgfn9laDNWu3r0S7Tl5bd1l0mVG8m0gvhlHqqOAhfpLvcGyjt/+pVkVow++gksyM18RaCv62CL7rwRt1iVeNToaI5BIKaTMpoxVWI4Yz4eXYlnAYqls2yyh9EUjKonc82ptZCB1ehDBIfizxHArJvcF3TmayfMPIPCdxJ7rPaFrV63GopesP1vnMXFWf8hLGvVFcvuldXDmk1NIi/nqg/MyeOx9Z1GMFwCMaCSUgmNWHexgYehaOLC4Wq6lU7ZhqiZ82rGJbpbmwpE+tpv8jhngNXF+kbk7fbvXRtxnPLfdmc6fmebIaBJT3I3BsCD0LviSaUmCNHWsyG7xVjNLSuOcJy5gCYm25/i+D8OET5tqyQOe7BQrSMVCBCShy/gimAJPeUG2z54mEba96EQHfMXn/xgBh69nh3TaRlkAswYIrODeHwfsi2yOa83/xag5E2pO2PeJGtp5KFhFgAxagW1KRsrVM3UJIaV9kdFr1S8HQeklIAO4JEgeztgKQXfCLc21Nr1qTMSjFZ8PahxI557tP4b22N+OEhUS+oi4YI13WVH8mPbdgYrQ7JLcswhchcg/WYvSKuK+Br/t7WETC3PT5kIwMzFIUHaPECE8YfbPXiDGr1Qq/Dn3tPUV/r7xKprVU39GHjcbCq+QzELLSBfws0O9VNmYKLRuZv/1lLAisBr2qNUrbKzIukQBLH6HeOdh+Gkkqaj7GiDz/XxoOTVIcmKAY8WCRNAOrZQkpS3/7Y066JM5kYFUzcYxjWFzmovuAyJAhlMZWrJX6vAfh8/FfZmwsdGuhKTCQjPYmLLooz5F2EsWAqas/xueq89Y1i9hiFgdxDHQAkm1GHesM847h8Z1H09HaC84oTL1o91mfV0PXvj4hpZ3Kv0WlG+DPVf17X69YzhOwwK72XyXmM3U3Nhyyke0bAcIS/2PHE/q45SnPZdAzqAM0iZo2tGJ2mqDsT1sxQTDqWjrw++i1xGH576KkO61m7gMb0LI9JNISfozfVavDrL/m1u9W+V5uPmHqN8abPVy7C8hPz0EKkffAD13cRdKEz5/8Qf+9itFhQzvtPNZT4bWRVTsdcOABDUASFFhWcexABZxJDSjnGR1qAT1ElY2hwwsOqJJGZq0FJ969YtwX7Rc6LSEQxn/RYseB9+jArEADXncwJ41IEzyB2byo8WNNk+maQMtvjzmeBPNbRBQijYA91Pie+GdRifXfGrwVpnDtLLS8iFjAmplQQK2+GDRownjdbJEDi5Ls6+ohAQo5JFlhp+2tmvvl4JxMdtTd12XnlyymKR0wM9R0Ih19eMGKIrx5ydROhMap/IjgQ/8hMJfpfJxEV00M4tX0Sk141pm2c+Q+7GaskDSELqxtFehwm0CJdIgNM9nIFAUPrhzZIHbRsIrQ6wqwopNgXoD0Bk5eiHzBGzfE8bTHj0h4lARkkpna6JgSUOved5SqmkXGjfq+SJ1cImB0I0U8ryUEWqxNq6WR/ZqkoU1iyk/GvNb0aOg8T8fHpGslaJtqAdUx1ZvkI/Grl1HKTUIgIbs9azM8mH/frXXKrzcdMARwMV2/mY6QBtqRjsFu1ldFkM/WoOV/geCWAR8neNngCLisONHJ86ElsBeu/pzpbGe4fOszjTufbJU9OvjeWwDopxfLwglFrfUK4Mlly3xC+JYZKJ9Xe7iaCo1QLqCyrJinHQaKifny/sC0EWS0IJFBjXKcP59KMmw6O2wqIeowTf2IKatBnEp+MaguyXyv8Q+lboftG83JN1vQpEL1yjl5mIN9SdIA2ZPBtx+NDATHh8ia0yQVLhkuT68BWcrwygxrwEybkcy4TjslC6o5kyg/Czr0vzQkt03hFJQPCtEu4R5uwjBAPwBpNcm09ySSEXz6I8hGrLGg9JKJCcEsoPiuCodoKpWOn5gp5teXXsGDvRpUIszlogOG680/s3Gn/GBXj+gOkwKo3G+U/4N5HTVuKWYYIjvi+vOtTvNFqX9e354iU05Js/SRYBLKWwKHA/oC7K8kJpbHtPPi0NhPfKO81iviA94CIfS9oro0rRKYsr53B3Dy4liwuk1m3psdDZyfNU31hwSYA+voJaJGsnyL3O+IPSV0uhxZYkRspl4zCwmYMCYFLF+JoBocNj39KHxGHwm15VzwZVR9r69GBrGbayL1ZucATMYdIBCenGKuZRojqeWouYeIj3ULz7xz8ekez6FfOdjFLkik3JJBO93VNG/eEfqk3VJLtJsif805ljPeXI9eMdGXaD/J/EjsZFaLe7JHFDc7GnLobLASk1EOI8sn0c3tR/8JcRF4W+I35eZv+tq08FJPfIWu0zk19CuLu0B6otunZakcoFk0obQKGO4x4aVcoCTmNovPP/Khfa6IUrTcFPIm4a2kbkRVjFP0aPBIQG9WR+5c56SJfvQBUqTo6dhT9t5M655Acl53Xc2ogPbVCDlAUABVblHpmVGeSD4P/XE1aTODif2JQVQJHw3WsZU8wHOIbAqYYN/b5KsWUUcKK2ui+9ZCqiMsSzMOPVxCZO2dstTuaEae5c2uFt3AHsVqd3BcFWbLmecZiqYO1XhlLB3VBrs1oZltq36W4tkNQKoNsRFnr4VhRqshXgKe92AXJE/GILP5E7lqTNJlaEWvtN17j8TWMwF3mSuAwSSjYeMys88u2m60lz+IPnHNBQC6+VMnTV3i5cyFH8QVTETcCGPWfa4fb9MgL6G55y01V5HDb3HvjmFT0nbSC/jcMoY2TNLy1mULe7nxVi/JfuhK2EEdbbg1D5cecUTUI+gNpgAoDuaZ4zZQX8c2juxqUZS4DYJ2VXB2dbjBUaydeYLMl7tUi3h/PPWb2zKelAITvUivVLInqtsPnPpbVX/NZURRelCho3uFsKs+xMVNa+MCKYUb8EZespoHpc4E1BlSGuvfMPK9k6vw8TMyPG4msftiMBKaPruG30FiT/fD7k9gUmXAE2oHBAZMt7yojuehKH6sr4T7EshV6Bd7/ZJYtnvcZygVLS/2AifiBVcgB3jNfzmpHawf5UqvQtkLWuSwC/DuKgvplNBaqteKPvpKga2xAmOPZs7suST9k8Xo9XmUSXTEmYjjomI699zMJ/AOt6uomeSwDFwadmQiokr3bXN0+k6lv3mg5SgdNJ/WAfU+Vib0KMdjFeRgYMY85INpkP9Xxmt175F4Dv0ApP7Umm+6TwkEQpp9evnBhrg1vvBtNE6W9tC/0khZGz1oLievVWeqF8EggpnMO3I7IuFDd+vJtbt3Ajh5UEMg+NAuh7yZahYsqyoIDhptcorfYYhLMjiEjN+rV3RFPv436NJsbzOFdmlLnrvVELJFV1sxfMr6njyRwdN/Y4qo0zbE4WQMOLAQEMpeKd9bcfjJCart5+qI3idLm9IjBTjlNZnZLNEUnlSTy39FKQKFK74iC7XUYVHX208DdxQwj+szWvYG0wlXtNXOrumo7XBo83n9BuFVlrn7dghuX20n/kH6q+4Lw7GrKhD+u+3oNRYma3vGx6AJAc4W7m745OSplo6Xl8+ElgzhfEOsV8uhifsHIYIOevm5pSingRuJA7kdpmLZjP5mHu1hPFhX0vSLPjvdQwOWC8dax3N385UIYEFAmsGBKyykWmYugRMfOm/vSuVf4H+pgtWiSGJWI0+UL6DVG/+YiOMFTTgDI2y5URwEkb/3835GqgsR62fYiWW9Y9Q7ImFGp9rd2x7KNJkIFyQMSquVn9qd+vMkHAOWNOoj1qb2T7hksVvT5Y88a+vL/R+Z1IRkYwHFmMvwerw5dDj5Ah5ODYUc44FE963qd82RPlRNyHv/lhgvCrZ7j7cH+Q6yVp45FCRwyvMjhUtPorqF4C9/8EnU9eQQV6A6BYckM1q6pqkd0n</xenc:CipherValue>

SAML20       </xenc:CipherData>

SAML20     </xenc:EncryptedData>

SAML20   </EncryptedAssertion>

SAML20 </samlp:Response>

SAML20

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:401 Info SAPSYS

SAML20 SP (client 100 ): Default ACS endpoint: https://<SP Host>:8003/sap/saml2/sp/acs/100 , old default ACS endpoint: https://<SP Host>:8003/saml2/sp/acs/100

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:413 Debug SAPSYS

SAML20 SP (client 100 ): m_is_resp_signed - , m_is_signed -

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:434 Info SAPSYS

SAML20 SP (client 100 ):  Decrypted data:

SAML20 <Assertion ID="_b95be371-7724-4c3e-ba09-261f10347d64"

SAML20            IssueInstant="2014-02-25T02:01:30.100Z"

SAML20            Version="2.0"

SAML20            xmlns="urn:oasis:names:tc:SAML:2.0:assertion">

SAML20   <Issuer>http://<IDP HOST>/adfs/services/trust</Issuer>

SAML20   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

SAML20     <ds:SignedInfo>

SAML20       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

SAML20       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

SAML20       <ds:Reference URI="#_b95be371-7724-4c3e-ba09-261f10347d64">

SAML20         <ds:Transforms>

SAML20           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

SAML20           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

SAML20         </ds:Transforms>

SAML20         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />

SAML20         <ds:DigestValue>

SAML20         25MbGBIBAceJ7ucOi5mh+tNg3geg/Zs4LVsykD+RNEU=</ds:DigestValue>

SAML20       </ds:Reference>

SAML20     </ds:SignedInfo>

SAML20     <ds:SignatureValue>

SAML20     jN4dPvk8DLyD3aZVIkK1XQfLifBh0Ng1YaIEWrhxi1+85kZYaYtBD/AiGhfDNLQRN/9HC8RFJJBgVEYYtwOoSOkAOkMXt4m281Qi0kPV2fm5BppgOdoY/gEZtoXnlbnAffbQXbowB46NmYUvxUBX2kRs6u+HT88zi4XFgI9eGe9UM+M8XVWzwRRpRNTTnGe7z4s/EQ6Z5fWbFHHIIr9o90CkkREc9Lwgqw7lPAN9hjOBU9NmrOHwfzRqyY174GABuwAVUAR7CADY5C0N1puo66Z6v7dp0JI4JW3jrrHnt35v2D9DZa+aYf7287C7OKBkr5EMo258KGmKZfGRaMkPeg==</ds:SignatureValue>

SAML20     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

SAML20       <ds:X509Data>

SAML20         <ds:X509Certificate>

SAML20         MIIC6DCCAdCgAwIBAgIQVMIeZ6PUobZJrFlrJlSscDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVBREZTIFNpZ25pbmcgLSBjc2MtZnNkZXYuY29sdW1iaWEuY29tMB4XDTEzMDYyOTIyMjA0OVoXDTE0MDYyOTIyMjA0OVowMDEuMCwGA1UEAxMlQURGUyBTaWduaW5nIC0gY3NjLWZzZGV2LmNvbHVtYmlhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1RqUtpqyhuSxsRTp3qlRpAQsrdgnuqZwgvIBucMTG8yKDUa3Ppi/FvbG8l8cpSHSuiFyAKwj1ZIbNPcnOoOsDIGXOs9pCzyGISVLR56IEd7EjizuBYH/EjtnCIp5nehUq6rvHWeZc0eAOvd+rOAMDTf+T0akT7UAmBPLig+Yfavay3HZyHV+gILmi/3v5VINYKjS/yLR3CFwt3l0MAhcqMw1FVAIfdxbSMw1S7wGQb88PyT4r1Uk3+Fix6BdKkdNNbrMEem3ZpkpCz6Wo+lP+QL9Wx3Dc/ADovsQa46Rx/pPdvc2q3tNrCuyAIuFNzY+Q610hey/xMQxNtRvXntGcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAd0zX4Otk/Qq2CxlEc3CKAGWlccGNJEMkBRYvkpITkRKgxWU6jgEhAKnDn4Cg4Wved1hDejnzJi8QwzUvhvU3s3aFrV6nd5hMvcVpYhGKwJUoX5wu1bydeUwbxeMZoWYowVAP+MzWPqh3i/0vP6sUIu5UuWI9Km66Wc2kCR0dSKHRNc62GHLYoJKIxrKG4qsTTwcI4A6340Z3PPaSoFAtl6K9zu5OYk4Tlsr3ljO/qn73UbYfudwxSGWv8Upbmk6Xbe3H03zb6OGD3QXvU2WpH7iLfe8IxadcH37GmQ6krf0bXPpYWh5COGyE00fx+IBPQ9sKeYKXjrli2IWbvoV1xg==</ds:X509Certificate>

SAML20       </ds:X509Data>

SAML20     </KeyInfo>

SAML20   </ds:Signature>

SAML20   <Subject>

SAML20     <NameID>JSMITH</NameID>

SAML20     <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

SAML20

SAML20       <SubjectConfirmationData NotOnOrAfter="2014-02-25T02:06:30.101Z"

SAML20                                Recipient="https://<SP Host>:8003/sap/saml2/sp/acs/100" />

SAML20     </SubjectConfirmation>

SAML20   </Subject>

SAML20   <Conditions NotBefore="2014-02-25T02:01:30.098Z"

SAML20               NotOnOrAfter="2014-02-25T03:01:30.098Z">

SAML20     <AudienceRestriction>

SAML20       <Audience>SE2Connect</Audience>

SAML20     </AudienceRestriction>

SAML20   </Conditions>

SAML20   <AuthnStatement AuthnInstant="2014-02-25T02:01:30.033Z"

SAML20                   SessionIndex="_b95be371-7724-4c3e-ba09-261f10347d64">

SAML20     <AuthnContext>

SAML20       <AuthnContextClassRef>

SAML20       urn:federation:authentication:windows</AuthnContextClassRef>

SAML20     </AuthnContext>

SAML20   </AuthnStatement>

SAML20 </Assertion>

SAML20

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:441 Info SAPSYS

SAML20 SP (client 100 ): Default ACS endpoint: https://<SP Host>:8003/sap/saml2/sp/acs/100 , old default ACS endpoint: https://<SP Host>:8003/saml2/sp/acs/100

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:446 Info SAPSYS

SAML20 SP (client 100 ): Started authentication for access to path:

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:450 Info SAPSYS

SAML20 SP (client 100 ): NameID jsmith (Format ) mapped to user ID jsmith

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:461 Info jsmith

SAML20 SP (client 100 ): CALL 'SAML login': SY-SUBRC = 0, PWDCHG = 0, CONTEXT_REF = B980AFFF9DC011E3B12F005056850025

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:466 Info jsmith

SAML20 SP (client 100 ): SAML session created (security context ref: B980AFFF9DC011E3B12F005056850025, reason: SSO)

Show/hide callstack

100 USH-B-SC-SE2 2 02:01:32:479 Debug jsmith

SAML20 SP (client 100 ): Current request method is POST, request method as read by OUC cookie is 

Show/hide callstack

SAP URL initiated SAML

Client Server Work Process Time Severity User Message Callstack

100 USH-B-SC-SE2 2 02:04:33:780 Debug SAPSYS

SAML20 SP (client 100 ): Original request method is GET

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:33:783 Debug SAPSYS

HTTP request headers:

~request_line:  GET /sap/zapp/ContractList HTTP/1.1

~request_method:  GET

~request_uri:  /sap/zapp/ContractList

~path:  /sap/zapp/ContractList

~path_translated:  /sap/zapp/ContractList

~server_protocol:  HTTP/1.1

host:  <SP HOST>:8003

~server_name:  <SP HOST>

~server_port:  8003

user-agent:  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0

accept:  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

accept-language:  en-US,en;q=0.5

accept-encoding:  gzip, deflate

connection:  keep-alive

~server_name_expanded:  <SP HOST>

~server_port_expanded:  8003

~remote_addr:  10.45.74.109

~uri_scheme_expanded:  HTTPS

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:33:785 Info SAPSYS

SAML20 SP (client 100 ): IdP 'http://<IDP HOST>/adfs/services/trust' selected (source: Default Configuration)

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:33:788 Info SAPSYS

SAML20 SP (client 100 ): SSL is active

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:33:789 Info SAPSYS

SAML20 SP (client 100 ): get_application_uri ef_url: https://<SP HOST>:8003/sap/zapp/ContractList

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:33:792 Debug SAPSYS

SAML20 SP (client 100 ): Got comparison method from IDP:0

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:33:795 Debug SAPSYS

SAML20 SP (client 100 ): Relay state: ID=oucqqvqvwyvoqqsvoreetoaxbyosvwrzaetfrsf, value=GET#0y9OLNB3zs8pzU3KTHTOz8tLTS4B8vNKihKTS3wyi0sUAA%3D%3D

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:33:808 Info SAPSYS

SAML20 SP (client 100 ): Outgoing AuthnRequest

SAML20 Binding:          REDIR

SAML20 Signed:           True

SAML20 IdP Name:         http://<IDP HOST>/adfs/services/trust

SAML20 Destination:      https://<IDP HOST>/adfs/ls/

SAML20 <samlp:AuthnRequest ID="S00505685-0025-1ee3-a7b8-25619ae3f12f"

SAML20                     Version="2.0"

SAML20                     IssueInstant="2014-02-25T02:04:33Z"

SAML20                     Destination="https://<IDP HOST>/adfs/ls/"

SAML20                     ForceAuthn="false"

SAML20                     IsPassive="false"

SAML20                     xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

SAML20   <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

SAML20   SE2Connect</saml:Issuer>

SAML20   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />

SAML20 </samlp:AuthnRequest>

SAML20

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:33:810 Debug SAPSYS

SAML20 SP (client 100 ): URL to redirect https://<IDP HOST>/adfs/ls/?SAMLRequest=fZFRS8MwFIX%2FSsl7lzRd57ysheEUCirDiQ%2B%2BZekNC7RJ7U2H%2FnvTDmQ%2B6Fs43HO%2Bc8iGVNf2sB3Dyb3gx4gUknpXsoMQhShW6yIVQhZphpin6ua4TmWxym4V5iaThiVvOJD1rmRyIVhSE41YOwrKhSiJbJkKGR2vQoJYQp6%2Fs2QXCdapMLtOIfQEnGvSqaEGzwvt27E7WhUfHVeNId4SZ8mDHzTOJUtmVEs4wfaKyJ7xR%2FnsWkcwDyrZODjwiiyBUx0SBA2H7dMjxKLQDz74SGLVZrqGufdw5f%2FfHrE4TANYdbiXd9451GHDr6IuuT08R2%2B92%2FvW6q9pQ6fC39HZIpsV26RmPoXRUY%2FaGosN49WF8Puvqm8%3D&RelayState=oucqqvqvwyvoqqsvoreetoaxbyosvwrzaetfrsf&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=pWKCA5zyQfiXesrmCwBC2UMz6ytSGrJvDeuKcswLeO42%2BbCHMJNKOFJ38DbIrc0WVvPfG8ildQ8wEolU0%2FKE9aNTNF2XyIEjbdnt76sxyafwWq6FbrIQ%2B6YqCuiGNGNVmGz8iTTTGSbqJ0IHYlf3YK0jSBZcSGZAnFREt8Te4Lg%3D

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:133 Debug SAPSYS

HTTP request headers:

~request_line:  POST /sap/saml2/sp/acs/100 HTTP/1.1

~request_method:  POST

~request_uri:  /sap/saml2/sp/acs/100

~path:  /sap/saml2/sp/acs/100

~path_translated:  /sap/saml2/sp/acs/100

~server_protocol:  HTTP/1.1

host:  <SP HOST>:8003

~server_name:  <SP HOST>

~server_port:  8003

user-agent:  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0

accept:  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

accept-language:  en-US,en;q=0.5

accept-encoding:  gzip, deflate

referer:  https://<IDP HOST>/adfs/ls/auth/integrated/?SAMLRequest=fZFRS8MwFIX%2FSsl7lzRd57ysheEUCirDiQ%2B%2BZekNC7RJ7U2H%2FnvTDmQ%2B6Fs43HO%2Bc8iGVNf2sB3Dyb3gx4gUknpXsoMQhShW6yIVQhZphpin6ua4TmWxym4V5iaThiVvOJD1rmRyIVhSE41YOwrKhSiJbJkKGR2vQoJYQp6%2Fs2QXCdapMLtOIfQEnGvSqaEGzwvt27E7WhUfHVeNId4SZ8mDHzTOJUtmVEs4wfaKyJ7xR%2FnsWkcwDyrZODjwiiyBUx0SBA2H7dMjxKLQDz74SGLVZrqGufdw5f%2FfHrE4TANYdbiXd9451GHDr6IuuT08R2%2B92%2FvW6q9pQ6fC39HZIpsV26RmPoXRUY%2FaGosN49WF8Puvqm8%3D&RelayState=oucqqvqvwyvoqqsvoreetoaxbyosvwrzaetfrsf&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=pWKCA5zyQfiXesrmCwBC2UMz6ytSGrJvDeuKcswLeO42%2BbCHMJNKOFJ38DbIrc0WVvPfG8ildQ8wEolU0%2FKE9aNTNF2XyIEjbdnt76sxyafwWq6FbrIQ%2B6YqCuiGNGNVmGz8iTTTGSbqJ0IHYlf3YK0jSBZcSGZAnFREt8Te4Lg%3D

cookie:  oucqqvqvwyvoqqsvoreetoaxbyosvwrzaetfrsf=GET%230y9OLNB3zs8pzU3KTHTOz8tLTS4B8vNKihKTS3wyi0sUAA%253D%253D

connection:  keep-alive

content-type:  application/x-www-form-urlencoded

content-length:  3766

~server_name_expanded:  <SP HOST>

~server_port_expanded:  8003

~remote_addr:  10.45.74.109

~uri_scheme_expanded:  HTTPS

~script_name:  /sap/saml2

~path_info:  /sp/acs/100

~script_name_expanded:  /sap/public/bc/sec/saml2

~path_info_expanded:  /sp/acs/100

~path_translated_expanded:  /sap/public/bc/sec/saml2/sp/acs/100

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:409 Info SAPSYS

SAML20 SP (client 100 ): Raw SAML response:

PHNhbWxwOlJlc3BvbnNlIElEPSJfOTExNDBhOGMtOTNlZC00MDNlLTk4YTctOWQ3NjI2MDYwMWIzIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wMi0yNVQwMjowNDozOS40MTdaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly91c2gtYi1zYy1zZTIuY29sdW1iaWEuY3NjOjgwMDMvc2FwL3NhbWwyL3NwL2Fjcy8xMDAiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiBJblJlc3BvbnNlVG89IlMwMDUwNTY4NS0wMDI1LTFlZTMtYTdiOC0yNTYxOWFlM2YxMmYiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9jc2MtZnNkZXYuY29sdW1iaWEuY29tL2FkZnMvc2VydmljZXMvdHJ1c3Q8L0lzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIgLz48ZHM6UmVmZXJlbmNlIFVSST0iI185MTE0MGE4Yy05M2VkLTQwM2UtOThhNy05ZDc2MjYwNjAxYjMiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkczpEaWdlc3RWYWx1ZT5nZzlTeUxGUmhlR2srelZBZlF4NHo0S0I0Q0xLS2RqbmEzNHNRUitzdGJRPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5lMFRXZXNnUnFieFYvcDNMSFFRQ1NIVTBlU2tKelVwVUxRRi9IcVF5c09FczROODlHNm5ncEFqYlhZaldvdC9vem9ZenM1aEQ1WGpwL2pCZk8yakpiNzdPODFUalZpakg0QmRlT3pyRUhFT3hlRTBod21wdGQwK2FjVmdMYlVJQ0trbDF2SkFZSDMrOUkxcmJZUzd0R1JtcUQydE9YQ01kUURIVzQxYWl3WjZsVGY4eDBNNTZyd0tIRGwvY0tjdHkrNlNiWWdhV0lWeVZzKys5b3B1eW8zc2tQSkF6akQvSVR0ZVRmWmxHbW52TXJVZ3QxdjR0blpKWFdJazJhUHpPbGx1bUREcTAzcHVwYWJBbFkyUUlNYlhlVmhGTmo4YlUvQmNFU0Z1WmhDbCtKTDI1eE1hMGFxYnJiOTBwU2k1aXczR0NsQmk3dHdMcFozZDBYeW5hYWc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUM2RENDQWRDZ0F3SUJBZ0lRVk1JZVo2UFVvYlpKckZsckpsU3NjREFOQmdrcWhraUc5dzBCQVFzRkFEQXdNUzR3TEFZRFZRUURFeVZCUkVaVElGTnBaMjVwYm1jZ0xTQmpjMk10Wm5Oa1pYWXVZMjlzZFcxaWFXRXVZMjl0TUI0WERURXpNRFl5T1RJeU1qQTBPVm9YRFRFME1EWXlPVEl5TWpBME9Wb3dNREV1TUN3R0ExVUVBeE1sUVVSR1V5QlRhV2R1YVc1bklDMGdZM05qTFdaelpHVjJMbU52YkhWdFltbGhMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSzFScVV0cHF5aHVTeHNSVHAzcWxScEFRc3JkZ251cVp3Z3ZJQnVjTVRHOHlLRFVhM1BwaS9GdmJHOGw4Y3BTSFN1aUZ5QUt3ajFaSWJOUGNuT29Pc0RJR1hPczlwQ3p5R0lTVkxSNTZJRWQ3RWppenVCWUgvRWp0bkNJcDVuZWhVcTZydkhXZVpjMGVBT3ZkK3JPQU1EVGYrVDBha1Q3VUFtQlBMaWcrWWZhdmF5M0haeUhWK2dJTG1pLzN2NVZJTllLalMveUxSM0NGd3QzbDBNQWhjcU13MUZWQUlmZHhiU013MVM3d0dRYjg4UHlUNHIxVWszK0ZpeDZCZEtrZE5OYnJNRWVtM1pwa3BDejZXbytsUCtRTDlXeDNEYy9BRG92c1FhNDZSeC9wUGR2YzJxM3ROckN1eUFJdUZOelkrUTYxMGhleS94TVF4TnRSdlhudEdjQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZDB6WDRPdGsvUXEyQ3hsRWMzQ0tBR1dsY2NHTkpFTWtCUll2a3BJVGtSS2d4V1U2amdFaEFLbkRuNENnNFd2ZWQxaERlam56Smk4UXd6VXZodlUzczNhRnJWNm5kNWhNdmNWcFloR0t3SlVvWDV3dTFieWRlVXdieGVNWm9XWW93VkFQK016V1BxaDNpLzB2UDZzVUl1NVV1V0k5S202NldjMmtDUjBkU0tIUk5jNjJHSExZb0pLSXhyS0c0cXNUVHdjSTRBNjM0MFozUFBhU29GQXRsNks5enU1T1lrNFRsc3IzbGpPL3FuNzNVYllmdWR3eFNHV3Y4VXBibWs2WGJlM0gwM3piNk9HRDNRWHZVMldwSDdpTGZlOEl4YWRjSDM3R21RNmtyZjBiWFBwWVdoNUNPR3lFMDBmeCtJQlBROXNLZVlLWGpybGkySVdidm9WMXhnPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlJlc3BvbmRlciIgLz48L3NhbWxwOlN0YXR1cz48L3NhbWxwOlJlc3BvbnNlPg==

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:411 Debug SAPSYS

SAML20 SP (client 100 ): Original request method is POST

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:417 Info SAPSYS

SAML20 SP (client 100 ): Calling transformation:SAML2_RESPONSE was successful.

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:423 Debug SAPSYS

SAML20 SP (client 100 ): Relay state cookie to parse: GET#0y9OLNB3zs8pzU3KTHTOz8tLTS4B8vNKihKTS3wyi0sUAA%3D%3D

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:425 Info SAPSYS

SAML20 SP (client 100 ): SSL is active

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:426 Info SAPSYS

SAML20 SP (client 100 ): get_application_uri ef_url: https://<SP HOST>:8003/sap/zapp/ContractList

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:428 Info SAPSYS

SAML20 SP (client 100 ): Incoming Response

SAML20 Binding:          POST

SAML20 IdP Name:         http://<IDP HOST>/adfs/services/trust

SAML20 Status Code:      urn:oasis:names:tc:SAML:2.0:status:Responder

SAML20 <samlp:Response ID="_91140a8c-93ed-403e-98a7-9d76260601b3"

SAML20                 Version="2.0"

SAML20                 IssueInstant="2014-02-25T02:04:39.417Z"

SAML20                 Destination="https://<SP HOST>:8003/sap/saml2/sp/acs/100"

SAML20                 Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"

SAML20                 InResponseTo="S00505685-0025-1ee3-a7b8-25619ae3f12f"

SAML20                 xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

SAML20   <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">

SAML20   http://<IDP HOST>/adfs/services/trust</Issuer>

SAML20   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

SAML20     <ds:SignedInfo>

SAML20       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

SAML20       <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

SAML20       <ds:Reference URI="#_91140a8c-93ed-403e-98a7-9d76260601b3">

SAML20         <ds:Transforms>

SAML20           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

SAML20           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

SAML20         </ds:Transforms>

SAML20         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />

SAML20         <ds:DigestValue>

SAML20         gg9SyLFRheGk+zVAfQx4z4KB4CLKKdjna34sQR+stbQ=</ds:DigestValue>

SAML20       </ds:Reference>

SAML20     </ds:SignedInfo>

SAML20     <ds:SignatureValue>

SAML20     e0TWesgRqbxV/p3LHQQCSHU0eSkJzUpULQF/HqQysOEs4N89G6ngpAjbXYjWot/ozoYzs5hD5Xjp/jBfO2jJb77O81TjVijH4BdeOzrEHEOxeE0hwmptd0+acVgLbUICKkl1vJAYH3+9I1rbYS7tGRmqD2tOXCMdQDHW41aiwZ6lTf8x0M56rwKHDl/cKcty+6SbYgaWIVyVs++9opuyo3skPJAzjD/ITteTfZlGmnvMrUgt1v4tnZJXWIk2aPzOllumDDq03pupabAlY2QIMbXeVhFNj8bU/BcESFuZhCl+JL25xMa0aqbrb90pSi5iw3GClBi7twLpZ3d0Xynaag==</ds:SignatureValue>

SAML20     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

SAML20       <ds:X509Data>

SAML20         <ds:X509Certificate>

SAML20         MIIC6DCCAdCgAwIBAgIQVMIeZ6PUobZJrFlrJlSscDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVBREZTIFNpZ25pbmcgLSBjc2MtZnNkZXYuY29sdW1iaWEuY29tMB4XDTEzMDYyOTIyMjA0OVoXDTE0MDYyOTIyMjA0OVowMDEuMCwGA1UEAxMlQURGUyBTaWduaW5nIC0gY3NjLWZzZGV2LmNvbHVtYmlhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1RqUtpqyhuSxsRTp3qlRpAQsrdgnuqZwgvIBucMTG8yKDUa3Ppi/FvbG8l8cpSHSuiFyAKwj1ZIbNPcnOoOsDIGXOs9pCzyGISVLR56IEd7EjizuBYH/EjtnCIp5nehUq6rvHWeZc0eAOvd+rOAMDTf+T0akT7UAmBPLig+Yfavay3HZyHV+gILmi/3v5VINYKjS/yLR3CFwt3l0MAhcqMw1FVAIfdxbSMw1S7wGQb88PyT4r1Uk3+Fix6BdKkdNNbrMEem3ZpkpCz6Wo+lP+QL9Wx3Dc/ADovsQa46Rx/pPdvc2q3tNrCuyAIuFNzY+Q610hey/xMQxNtRvXntGcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAd0zX4Otk/Qq2CxlEc3CKAGWlccGNJEMkBRYvkpITkRKgxWU6jgEhAKnDn4Cg4Wved1hDejnzJi8QwzUvhvU3s3aFrV6nd5hMvcVpYhGKwJUoX5wu1bydeUwbxeMZoWYowVAP+MzWPqh3i/0vP6sUIu5UuWI9Km66Wc2kCR0dSKHRNc62GHLYoJKIxrKG4qsTTwcI4A6340Z3PPaSoFAtl6K9zu5OYk4Tlsr3ljO/qn73UbYfudwxSGWv8Upbmk6Xbe3H03zb6OGD3QXvU2WpH7iLfe8IxadcH37GmQ6krf0bXPpYWh5COGyE00fx+IBPQ9sKeYKXjrli2IWbvoV1xg==</ds:X509Certificate>

SAML20       </ds:X509Data>

SAML20     </KeyInfo>

SAML20   </ds:Signature>

SAML20   <samlp:Status>

SAML20     <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" />

SAML20   </samlp:Status>

SAML20 </samlp:Response>

SAML20

Show/hide callstack

100 USH-B-SC-SE2 2 02:04:41:430 Info SAPSYS

SAML20 SP (client 100 ): Default ACS endpoint: https://<SP HOST>:8003/sap/saml2/sp/acs/100 , old default ACS endpoint: https://<SP HOST>:8003/saml2/sp/acs/100

Show/hide callstack