SAP Cloud Platform and Cloud Foundry XSAUAA login
I have build an application using Mendix (mendix.com) and deployed it on the SAP Cloud Platform on a Cloud Foundry landscape. The users are using SSO/XSAUAA for an automatically login.
My login.html looks like this:
<!doctype html>
<html>
<head>
<script>
window.location.assign("/xsauaalogin/")
</script>
</head>
</html>
When the application starts, the login.html will be called automatically and the user will be redirected to the url https://applicationurl.com/xsauaalogin/
Since I am using the SAP Cloud Platform and Cloud Foundry, following page is opening automatically:
Now the user has to click on the link accounts.sap.com first to be redirected to be logged in automatically and redirected to the application.
My goal is to achieve that the user hasn't need to click on accounts.sap.com, instead this should be done automatically. And I am struggling with that and don't know how to do that. I think that page (see screenshot above) is located somewhere on the server and I don't have access to that html-file and can't change that page/html-code. Because If I would have access to it, I would just use redirect-functionality.
Can someone help me? How can I skip this step our initiate the "accounts.sap.com" click automatically? Maybe I can change something in my login.html? Another url instead of just /xsauaalogin/ ?
Best regards and thanks, Ömer
I don't have any experience with Mendix so I might be missing the point a bit but in general you wouldn't require any login page as this is handled by the UAA service of the SAP cloudfoundry platform.
This service will interact with the configured indentity provider(s) in your subaccount. The standard SAP ID service is configured as as default IDP provider - this is the 'accounts.sap.com' link you are seeing.
Normal behavior would be that the 'xs-security.json' of the UAA service referenced by your app contains no specific links to custom logon pages and as such the default logon page of the SAP ID IDP provider should show up.
If wanted additional IDP providers can be configured and one of them can be indicated as the default handler. If the standard SAP IDP handler remains as an active handler as well then it is shown as an alternative logon url ( like in your screen shot ).
- Disqus SSO, "Your API key is not valid on this domain"
- Sign-in With Apple: Possibility To Create Duplicate Account Issue
- AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
- Logout from next-auth with keycloak provider not works
- How to validate access token from AzureAD in python?
- Outlook SSO NAA in pure JS without node.js
- How to create SSO from Liferay to another portal / service?
- Download file from TeamCity with SSO using bash
- Which is the best sample/approach to start openiddict server to provide logins to wordpress?
- No Sustainsys.Saml2 for MVC 3? Are there any alternatives?
- Which lib to create an Identity provider to connect to service provider
- The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used
- Best way to implement Single-Sign-On with all major providers?
- Integration of SSO using MSAL in Angular project gets 401 returned error after login
- Simple way to put AWS Lambda app behind SAML authentication
- Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
- Log out from SSO kerberos
- Getting TypeError: client_secret_basic client authentication method requires a client_secret
- SSO not working in iOS when using AWS Cognito and Azure AD
- Azure b2c still authenticated after hitting logout
- What's the relationship between Keycloak SSO Session Idle Time and Spring Session Timeout?
- Execute a RESTAPI request from Powershell using the credentials of the user logged into the windows machine(AD Credential's)
- Python SSO: pysaml2 and python3-saml
- Keycloak adapter not able retrieve current username from windows AD logged-in user
- keycloak - realm resolution based on username (email address)
- Rolify and acts_as_tenant with Single Signon (with some Devise & Pundit on the side) - can it be done?
- which Oauth flow is good for Token authentication with javascript SPA
- Can I have secrets that don't expire in Microsoft SSO via Azure Microsoft Entra ID?
- Java 17 Allow RC4 HMAC while keeping allow_weak_crypto as false in krb5.conf
- Zabbix SAML Config using ActiveDirectory WIN 2016-ADFS