[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_auth_saml: DEFAULTQS being ignored



HI Sampo,

thanks for your answer.

The entitiy ID of my default provider is accounts.sap.com
as can be seen in the metadata file in the COT:

<ns3:EntityDescriptor xmlns:ns3="urn:oasis:names:tc:SAML:2.0:metadata"
ID="S4fb1e334-422c-4800-b989-3969d4 9e6d85" entityID="accounts.sap.com">

Hence I setup DEFAULTQS

DEFAULTQS=l0accounts.sap.com%26fc=1%26fn=prstnt%26fr=%2Fsap%2Fbc%2Fui5_ui5%2Fui2%2Fushell%2Fshells%2Fabap%2FFioriLaunchpad.html%26fq=%26fy=%26fa=%26fm=%26fp=0%26ff=0

But still I would see the Idp seelction page!?
I tried tons of variants but cannot get it working :(

Any other idea?



Best,

alex


On 10/18/2014 07:12 PM, sampo@xxxxxxxxx wrote:
> Alexander Runge <runge@xxxxxxxxx> said:
>> Hi all,
>>
>> I have compiled the latest version 1.22 of mod_auth_saml for an
>> apache instance on SLES11.
>> I can already authenticate against an Idp. Now I would like to get rid
>> of the Idp selection page. I thought using the DEFAULTQS directive
>> should do the trick.
>> However, it appears this directive is completely ignored.
>> No matter what I use as the DEFAULTQS I'm still redirected
>> to the Idp selection page.
>>
>> Feel free to test, here's the URL:
>> https://fiori-00017-1001272-emea.sapdemocloud.com/
>>
>> And this is the relevant part of my apache config:
>>
>>    <Location /protected>
>>         Require valid-user
>>         AuthType "saml"
>>         ZXIDConf 
>> "URL=https://fiori-00017-1001272-emea.sapdemocloud.com/protected/saml";
>>         ZXIDConf "ANON_OK=/pers/"
>>         ZXIDConf "REDIR_TO_CONTENT=1"
>>       </Location>
>>
>>
>>       <Location /sap>
>>         Require valid-user
>>         AuthType "saml"
>>         ZXIDConf 
>> "URL=https://fiori-00017-1001272-emea.sapdemocloud.com/protected/saml";
>>         ZXIDConf 
>> "DEFAULTQS=https://fiori-00017-1001272-emea.sapdemocloud.com/protected/saml?e=&d=accounts.sap.com&l0=+Login+&fc=1&fn=prstnt&fr=%2Fsap%2Fbc%2Fui5_ui5%2Fui2%2Fushell%2Fshells%2Fabap%2FFioriLaunchpad.html&fq=&fy=&fa=&fm=&fp=0&ff=0";
>>       </Location>
> 
> Please see in zxid-faq.pd section 97.3.2 "Skipping IdP Selection:
> Hardwiring the IdP". Careful reading shows that DEFAULTQS should
> start with l0 (lowercase ell and zero) followed by entity ID
> of the desired IdP. Your DEFAULTQS seems to lack this prefix, or
> conversely where you have l0=+Login+, you should have l0IDPEID=1
> 
> What is the IdP entityID you are trying to use. To me it seems
> https://fiori-00017-1001272-emea.sapdemocloud.com/protected/saml
> is your SP entity ID. I do not see the IdP entityID anywhere.
> 
> Be sure to pay attention to URI escaping as well, as explained in
> the FAQ item.
> 
>> If I enter the QS directly into the browser it works like a charm.
> 
> Why it works, I am unable to explain. Perhaps the URL you pasted
> was slightly different from what you used in DEFAULTQS?
> 
> Hope this helps.
> 
> Cheers,
> --Sampo
> 
>> Here's the debug log:
>>
>>
>> 4965.7ff9a2995700 mod_auth_saml.c:341 chkuid            mas d ===== 
>> START 1.22 req=0x7ff9a3b193d8 
>> uri(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html) 
>> args((null)) pid=4965 cwd(/)
>>
>> 4965.7ff9a2995700 mod_auth_saml.c:497 chkuid            mas d chkuid: No 
>> active session() op(-)
>>
>> 4965.7ff9a2995700 mod_auth_saml.c:508 chkuid            mas d chkuid: 
>> other page: no_ses 
>> uri(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html) 
>> templ((null)) tf(idpsel.html) k((null))
>>
>> 4965.7ff9a2995700 zxidsimp.c:1485 zxid_simple_no_ses_cf         mas d 
>> chkuid: op(E) cf=0x7ff9a3030b08 cgi=0x7fff50153e20 ses=0x7fff50153cb0 
>> auto=6ea8 wd(-)
>>
>> 4965.7ff9a2995700  zxidecp.c:141 zxid_lecp_check        mas d chkuid: 
>> Neither ECP nor LECP request 0
>>
>> 4965.7ff9a2995700 zxidsimp.c:1524 zxid_simple_no_ses_cf         mas d 
>> chkuid: LECP check: ss(?)
>>
>> 4965.7ff9a2995700 zxidsimp.c:1536 zxid_simple_no_ses_cf         mas d 
>> chkuid: NOT CDC 0
>>
>> 4965.7ff9a2995700  zxidsso.c:158 
>> zxid_sso_set_relay_state_to_return_to_this_url         mas d chkuid: 
>> Previous rs(-)
>>
>> 4965.7ff9a2995700   zxutil.c:951 zxid_deflate_safe_b64_raw      mas d 
>> chkuid: z 
>> input(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html) len=58
>>
>> 4965.7ff9a2995700  zxidsso.c:168 
>> zxid_sso_set_relay_state_to_return_to_this_url         mas d chkuid: 
>> rs(0y9OLNBPStYvzTSNB2IgbaRfWpyRmpOjDyaL9ROTgCrcMvOLMn0SS_OSMwoSU_QySnJzAA==) 
>> from(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html) 
>> uri_path(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html) qs(-)
>>
>> 4965.7ff9a2995700 zxidsimp.c:844 zxid_simple_show_idp_sel       mas d 
>> chkuid: cf=0x7ff9a3030b08 cgi=0x7fff50153e20 templ(?)
>>
>> 4965.7ff9a2995700 zxidsimp.c:630 zxid_idp_select_zxstr_cf_cgi   mas d 
>> chkuid: HERE tf(idpsel.html) k((null)) t(<title>SP SSO: Choose 
>> IdP</title><link type="text/css" rel=stylesheet href="idpsel.css"><body 
>> bgcolor=white><h1 class=zxtop>SP Federated SSO (user NOT logged in, no 
>> session)</h1><form method=get action="!!URL"><div 
>> class=zxerr>!!ERR</div><div class=zxmsg>!!MSG</div><div 
>> class=zxdbg>!!DBG</div><h3>Login Using New IdP</h3><i>A new IdP is one 
>> whose metadata we do not have yet. We need to know the IdP URL (aka 
>> Entity ID) in order to fetch the metadata using the well known location 
>> method. You will need to ask the adminstrator of the IdP to tell you 
>> what the EntityID is.</i><p>IdP URL <input name=e size=60><input 
>> type=submit name=l0 value=" Login "><br>Entity ID of this SP (click on 
>> the link to fetch the SP metadata): <a 
>> href="!!EID">!!EID</a><p>!!IDP_LIST<h3>Technical options</h3><input 
>> type=hidden name=fc value=1><input type=hidden name=fn value=prstnt><!-- 
>> built-in defaults, see IDP_SEL_TEMPL in zxidconf.h and zxid-conf.pd for 
>> explanation --><input type=hidden name=fr value="!!FR"><input 
>> type=hidden name=fq value=""><input type=hidden name=fy value=""><input 
>> type=hidden name=fa value=""><input type=hidden name=fm value=""><input 
>> type=hidden name=fp value=0><input type=hidden name=ff 
>> value=0></form><div class=zxbot>!!VERSION (builtin)</div>) 
>> cgi=0x7fff50153e20
>>
>> open (vopen_fd_from_path): No such file or directory
>>
>> 4965.7ff9a2995700   zxutil.c:122 vopen_fd_from_path     mas E chkuid: 
>> templ: File(idpsel.html) not found errno=2 err(No such file or 
>> directory). flags=0x0 0, euid=30 egid=8 cwd(/)
>>
>> 4965.7ff9a2995700 zxidsimp.c:392 zxid_template_page_cf  mas d chkuid: 
>> Template at path(idpsel.html) not found. Using default template.
>>
>> 4965.7ff9a2995700 zxidmeta.c:846 zxid_my_ent_id_cstr    mas d chkuid: 
>> my_entity_id(https://fiori-00017-1001272-emea.sapdemocloud.com/protected/saml?o=B)
>>
>> 4965.7ff9a2995700 zxidmeta.c:846 zxid_my_ent_id_cstr    mas d chkuid: 
>> my_entity_id(https://fiori-00017-1001272-emea.sapdemocloud.com/protected/saml?o=B)
>>
>> 4965.7ff9a2995700   zxutil.c:128 vopen_fd_from_path     mas d chkuid: 
>> get_ent_by_sha1_name: Opened(/var/zxid/cot/aIHZ78Ex8smJDvnZ3rPkp3Kw1vs) 
>> flags=0x0
>>
>> 4965.7ff9a2995700     zxns.c:187 zx_xmlns_decl          mas d chkuid: 
>> New prefix(ns3) known URL(urn:oasis:names:tc:SAML:2.0:metadata)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <Transform> tok(0x3c0d04) as 1. child of <Transforms> 
>> tok(0x3c0a7b) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <Transform> tok(0x3c0d04) as 2. child of <Transforms> 
>> tok(0x3c0a7b) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <Transforms> tok(0x3c0a7b) as 1. child of <Reference> 
>> tok(0x3c0982) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <DigestMethod> tok(0x3c045d) as 2. child of <Reference> 
>> tok(0x3c0982) (0,1)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <DigestValue> tok(0x3c0a33) as 3. child of <Reference> 
>> tok(0x3c0982) (1,2)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <CanonicalizationMethod> tok(0x3c05fc) as 1. child of 
>> <SignedInfo> tok(0x3c09b0) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <SignatureMethod> tok(0x3c02e4) as 2. child of <SignedInfo> 
>> tok(0x3c09b0) (0,1)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <Reference> tok(0x3c0982) as 3. child of <SignedInfo> 
>> tok(0x3c09b0) (1,2)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <X509Certificate> tok(0x3c0154) as 1. child of <X509Data> 
>> tok(0x3c02c4) (0,3)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <Modulus> tok(0x3c01b0) as 1. child of <RSAKeyValue> 
>> tok(0x3c10bb) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <Exponent> tok(0x3c0f26) as 2. child of <RSAKeyValue> 
>> tok(0x3c10bb) (0,1)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <RSAKeyValue> tok(0x3c10bb) as 1. child of <KeyValue> 
>> tok(0x3c108b) (0,1)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <X509Data> tok(0x3c02c4) as 1. child of <KeyInfo> 
>> tok(0x3c1071) (0,3)
>>
>> 4965.7ff9a2995700 zxlibdec.c:228 zx_chk_el_ord          mas E chkuid: 
>> WRONG: Known <KeyValue> tok(0x3c108b) in wrong place as 2. child of 
>> <KeyInfo> tok(0x3c1071) (3,8)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <SignedInfo> tok(0x3c09b0) as 1. child of <Signature> 
>> tok(0x3c02de) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <SignatureValue> tok(0x3c02fc) as 2. child of <Signature> 
>> tok(0x3c02de) (0,1)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <KeyInfo> tok(0x3c1071) as 3. child of <Signature> 
>> tok(0x3c02de) (1,2)
>>
>> 4965.7ff9a2995700     zxns.c:187 zx_xmlns_decl          mas d chkuid: 
>> New prefix() known URL(http://www.w3.org/2000/09/xmldsig#)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <X509Certificate> tok(0x3c0154) as 1. child of <X509Data> 
>> tok(0x3c02c4) (0,3)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <KeyName> tok(0x3c0b12) as 1. child of <KeyInfo> 
>> tok(0x3c1071) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <X509Data> tok(0x3c02c4) as 2. child of <KeyInfo> 
>> tok(0x3c1071) (0,3)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <KeyInfo> tok(0x3c1071) as 1. child of <KeyDescriptor> 
>> tok(0x240ae6) (0,0)
>>
>> 4965.7ff9a2995700     zxns.c:187 zx_xmlns_decl          mas d chkuid: 
>> New prefix() known URL(http://www.w3.org/2000/09/xmldsig#)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <X509Certificate> tok(0x3c0154) as 1. child of <X509Data> 
>> tok(0x3c02c4) (0,3)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <KeyName> tok(0x3c0b12) as 1. child of <KeyInfo> 
>> tok(0x3c1071) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <X509Data> tok(0x3c02c4) as 2. child of <KeyInfo> 
>> tok(0x3c1071) (0,3)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <KeyInfo> tok(0x3c1071) as 1. child of <KeyDescriptor> 
>> tok(0x240ae6) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <KeyDescriptor> tok(0x240ae6) as 1. child of 
>> <IDPSSODescriptor> tok(0x240d44) (0,2)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <KeyDescriptor> tok(0x240ae6) as 2. child of 
>> <IDPSSODescriptor> tok(0x240d44) (2,2)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <SingleLogoutService> tok(0x2408f6) as 3. child of 
>> <IDPSSODescriptor> tok(0x240d44) (2,6)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <SingleLogoutService> tok(0x2408f6) as 4. child of 
>> <IDPSSODescriptor> tok(0x240d44) (6,6)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <SingleSignOnService> tok(0x240978) as 5. child of 
>> <IDPSSODescriptor> tok(0x240d44) (6,9)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <SingleSignOnService> tok(0x240978) as 6. child of 
>> <IDPSSODescriptor> tok(0x240d44) (9,9)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <Signature> tok(0x3c02de) as 1. child of <EntityDescriptor> 
>> tok(0x24056f) (0,0)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <IDPSSODescriptor> tok(0x240d44) as 2. child of 
>> <EntityDescriptor> tok(0x24056f) (0,3)
>>
>> 4965.7ff9a2995700 zxlibdec.c:215 zx_chk_el_ord          mas d chkuid: 
>> Right: Known <EntityDescriptor> tok(0x24056f) as 1. child of <root> 
>> tok(0x000054) (0,14)
>>
>> 4965.7ff9a2995700 zxidmeta.c:302 zxid_get_ent_file      mas d chkuid: 
>> GOT META sha1_name(aIHZ78Ex8smJDvnZ3rPkp3Kw1vs) eid(?)
>>
>> 4965.7ff9a2995700 zxidsimp.c:469 zxid_idp_list_cf_cgi   mas d chkuid: 
>> Starting IdP list processing... 0x7ff9a3b1ed10
>>
>> 4965.7ff9a2995700 zxidsimp.c:553 zxid_idp_list_cf_cgi   mas d chkuid: 
>> IdP list(<select name=d>
>>
>> <option class=zxidplistopt value="accounts.sap.com">  (accounts.sap.com)
>>
>> </select><input type=submit id=zxidplistlogin class=zxidplistbut 
>> name="l0" value=" Login "><br>
>>
>> )
>>
>> 4965.7ff9a2995700   zxutil.c:1063 zxid_unbase64_inflate         mas d 
>> chkuid: 
>> in(0y9OLNBPStYvzTSNB2IgbaRfWpyRmpOjDyaL9ROTgCrcMvOLMn0SS_OSMwoSU_QySnJzAA==) 
>> len=72 pessimistic_len=54
>>
>> 4965.7ff9a2995700 mod_auth_saml.c:341 chkuid            mas d ===== 
>> START 1.22 req=0x7ff9a3b04c58 
>> uri(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/idpsel.css) args((null)) 
>> pid=4965 cwd(/)
>>
>> 4965.7ff9a2995700 mod_auth_saml.c:497 chkuid            mas d chkuid: No 
>> active session() op(-)
>>
>> 4965.7ff9a2995700 mod_auth_saml.c:508 chkuid            mas d chkuid: 
>> other page: no_ses 
>> uri(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/idpsel.css) templ((null)) 
>> tf(idpsel.html) k((null))
>>
>> 4965.7ff9a2995700 zxidsimp.c:1485 zxid_simple_no_ses_cf         mas d 
>> chkuid: op(E) cf=0x7ff9a3030b08 cgi=0x7fff50153e20 ses=0x7fff50153cb0 
>> auto=6ea8 wd(-)
>>
>> 4965.7ff9a2995700  zxidecp.c:141 zxid_lecp_check        mas d chkuid: 
>> Neither ECP nor LECP request 0
>>
>> 4965.7ff9a2995700 zxidsimp.c:1524 zxid_simple_no_ses_cf         mas d 
>> chkuid: LECP check: ss(?)
>>
>> 4965.7ff9a2995700 zxidsimp.c:1536 zxid_simple_no_ses_cf         mas d 
>> chkuid: NOT CDC 0
>>
>> 4965.7ff9a2995700  zxidsso.c:158 
>> zxid_sso_set_relay_state_to_return_to_this_url         mas d chkuid: 
>> Previous rs(-)
>>
>> 4965.7ff9a2995700   zxutil.c:951 zxid_deflate_safe_b64_raw      mas d 
>> chkuid: z input(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/idpsel.css) len=49
>>
>> 4965.7ff9a2995700  zxidsso.c:168 
>> zxid_sso_set_relay_state_to_return_to_this_url         mas d chkuid: 
>> rs(0y9OLNBPStYvzTSNB2IgbaRfWpyRmpOjDyaL9ROTgCoyUwqKU3P0kouLAQ==) 
>> from(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/idpsel.css) 
>> uri_path(/sap/bc/ui5_ui5/ui2/ushell/shells/abap/idpsel.css) qs(-)
>>
>> 4965.7ff9a2995700 zxidsimp.c:844 zxid_simple_show_idp_sel       mas d 
>> chkuid: cf=0x7ff9a3030b08 cgi=0x7fff50153e20 templ(?)
>>
>> 4965.7ff9a2995700 zxidsimp.c:630 zxid_idp_select_zxstr_cf_cgi   mas d 
>> chkuid: HERE tf(idpsel.html) k((null)) t(<title>SP SSO: Choose 
>> IdP</title><link type="text/css" rel=stylesheet href="idpsel.css"><body 
>> bgcolor=white><h1 class=zxtop>SP Federated SSO (user NOT logged in, no 
>> session)</h1><form method=get action="!!URL"><div 
>> class=zxerr>!!ERR</div><div class=zxmsg>!!MSG</div><div 
>> class=zxdbg>!!DBG</div><h3>Login Using New IdP</h3><i>A new IdP is one 
>> whose metadata we do not have yet. We need to know the IdP URL (aka 
>> Entity ID) in order to fetch the metadata using the well known location 
>> method. You will need to ask the adminstrator of the IdP to tell you 
>> what the EntityID is.</i><p>IdP URL <input name=e size=60><input 
>> type=submit name=l0 value=" Login "><br>Entity ID of this SP (click on 
>> the link to fetch the SP metadata): <a 
>> href="!!EID">!!EID</a><p>!!IDP_LIST<h3>Technical options</h3><input 
>> type=hidden name=fc value=1><input type=hidden name=fn value=prstnt><!-- 
>> built-in defaults, see IDP_SEL_TEMPL in zxidconf.h and zxid-conf.pd for 
>> explanation --><input type=hidden name=fr value="!!FR"><input 
>> type=hidden name=fq value=""><input type=hidden name=fy value=""><input 
>> type=hidden name=fa value=""><input type=hidden name=fm value=""><input 
>> type=hidden name=fp value=0><input type=hidden name=ff 
>> value=0></form><div class=zxbot>!!VERSION (builtin)</div>) 
>> cgi=0x7fff50153e20
>>
>> open (vopen_fd_from_path): No such file or directory
>>
>> 4965.7ff9a2995700   zxutil.c:122 vopen_fd_from_path     mas E chkuid: 
>> templ: File(idpsel.html) not found errno=2 err(No such file or 
>> directory). flags=0x0 0, euid=30 egid=8 cwd(/)
>>
>> 4965.7ff9a2995700 zxidsimp.c:392 zxid_template_page_cf  mas d chkuid: 
>> Template at path(idpsel.html) not found. Using default template.
>>
>> 4965.7ff9a2995700 zxidmeta.c:846 zxid_my_ent_id_cstr    mas d chkuid: 
>> my_entity_id(https://fiori-00017-1001272-emea.sapdemocloud.com/protected/saml?o=B)
>>
>> 4965.7ff9a2995700 zxidmeta.c:846 zxid_my_ent_id_cstr    mas d chkuid: 
>> my_entity_id(https://fiori-00017-1001272-emea.sapdemocloud.com/protected/saml?o=B)
>>
>> 4965.7ff9a2995700 zxidsimp.c:469 zxid_idp_list_cf_cgi   mas d chkuid: 
>> Starting IdP list processing... 0x7ff9a3b1ed10
>>
>> 4965.7ff9a2995700 zxidsimp.c:553 zxid_idp_list_cf_cgi   mas d chkuid: 
>> IdP list(<select name=d>
>>
>> <option class=zxidplistopt value="accounts.sap.com">  (accounts.sap.com)
>>
>> </select><input type=submit id=zxidplistlogin class=zxidplistbut 
>> name="l0" value=" Login "><br>
>>
>> )
>>
>> 4965.7ff9a2995700   zxutil.c:1063 zxid_unbase64_inflate         mas d 
>> chkuid: in(0y9OLNBPStYvzTSNB2IgbaRfWpyRmpOjDyaL9ROTgCoyUwqKU3P0kouLAQ==) 
>> len=60 pessimistic_len=45