Hi all I'm attempting to set up WAP/ADFS to do pre-authentication to a SAP CRM system. Within the network everything works well via ADFS and I can authenticate just fine. Coming through the WAP I get a 404 error. The SAP CRM debug log shows a difference in the URLs when accessing internally versus externally, as follows:
Internal connection (works) 10.10.10.10 crm.contoso.com - - [23/Nov/2015:15:15:45 +1300] HTTPS 302 "GET /saml2(bD1lbiZjPTMwMCZkPW1pbg==)/bc/bsp/sap/crm_ui_start/default.htm?sap-sessioncmd=open HTTP/1.1" 0 83 h[-]
External connection (fails) 10.10.10.11 crm.contoso.com - - [23/Nov/2015:15:34:15 +1300] HTTPS 404 "GET /saml2%28bD1lbiZjPTMwMCZkPW1pbg%3D%3D%29/bc/bsp/sap/crm_ui_start/default.htm HTTP/1.1" 1819 52 h[-] The difference appears to be simply that the special characters in the URL have been transformed/replaced when coming through the WAP. I couldn't find a configuration option within WAP that addresses this.