Get SAML assertion for an app by sharing assertion of an authenticated user in another app in the same tenant

Chidambaram Lakshmanan 1 Reputation point
2021-09-24T05:36:19.69+00:00

Hi All,

We would want our front end application registered in Azure AD to be able connect to SAP C4C system using principal propagation. User principal would need to be propagated to SAP C4C and be able to invoke C4C Odata apis.

Our front end application is registered in Azure AD and single signon is configured as SAML. As per documentation we have also registered SAP cloud platform app as Enterprise application in Azure AD. Trust is established in SAP BTP for the Azure AD with metadata exchange.

User is able to login to the front end application and be able to get a valid SAML assertion.

I am running into issue when using the logged in user assertion to get a SAML assertion for the SAP cloud platform app registered in Azure AD.

Has anyone faced the same issue. We would need the SAML assertion of the SAP cloud platform app to be able request oauth token from SAP XSUAA.

Any help would be much appreciated!!!

"error_description": "AADSTS50107: The requested federation realm object 'https://sts.windows.net/e9d3ccxxxxxxxxa05xxxxxxx878/' does not exist.\r\nTrace ID: 20967567-97a5-48b7-9f5c-bc2d24383200\r\nCorrelation ID: 6582989f-bb13-4c07-b07f-5351b4e998af\r\nTimestamp: 2021-09-23 18:44:40Z",

134855-image.png

SAP HANA on Azure Large Instances
SAP HANA on Azure Large Instances
Microsoft branding terminology for an Azure offer to run HANA instances on SAP HANA hardware deployed in Large Instance stamps in different Azure regions.
118 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,089 questions
0 comments No comments
{count} votes