Chapter-52

Method	Description	Typical Use Case
SAML 2.0	Browser-based federated authentication	Cloud or hybrid IdPs (e.g., Azure AD)
Kerberos/SPNEGO	Windows-integrated authentication	On-premise Active Directory setups
X.509 Certificates	Certificate-based login using Secure Login Client	High-security environments
SAP Logon Tickets	Traditional NetWeaver-based SSO	Legacy SAP systems

Issue	Possible Cause	Solution
SAML error during login	Incorrect SP configuration or metadata	Re-import metadata, verify URLs
User not found in SAP	Attribute mismatch (e.g., NameID)	Adjust SAML attribute mapping
Infinite login loop	Cookie issues or misconfigured trust	Check Web Dispatcher settings
Logout does not work	ICF logoff service not configured	Enable `/sap/public/bc/icf/logoff`

¶ Using SAP SSO for S/4HANA Fiori Launchpad