If you have multiple end points i.e more than one ABAP application server in your environment, you will come across below error when you configure ICF services for  SAML authentication.

Error


No RelayState mapping found for RelayState value

We resolved this issue by using a F5 load balancer

High level steps

1.    Create a SSL server standard PSE in strustsso2.

2.    Use a system wide DN instead of using instance-specific DN because we don’t want to hit these application servers directly but want to reach them                    via load balancer

3.     Create a certificate request.in AS Abap and get it signed by any trusted CA.

4.     Import the certificate response in AS Abap.

5.     Import the key file (private key) and certificate in load balancer.

6.     Test the SSL connection with load balancer

7.     Setup SAML in AS Abap,

8.     Make sure Metadata.xml to be imported in ADFS is generated using load balancer URL. This will enable single end point for all the requests.

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Abhijith Thandra

    Hi Ujval,

    Can you please explain a little bit about point 2 –  “Use a system wide DN instead of using instance specific DN”

     

    We are using load balancer from netscaler. Do we need to put the load balancer url in system wide DN?

     

    Thanks,

    Abhi Thandra.

    (0) 

Leave a Reply