3 Replies Latest reply: Jul 30, 2009 4:32 PM by Siarhei Pisarenka RSS

SAML configuration

Suresh Santhana
Currently Being Moderated

Hi All,

 

We have a requirement to configure SAML for SSO (Single-Sign-On) to SAP Enterprise Portal from an external system. Hence the portal would be the target system and the external system would be the source system. Assuming that the User IDs in both the systems are same, will SSO(SAML) work if the password expires in the target system.

 

Secondly, though the steps for configuring SAML is given in help.sap.com, certain things are not clear. In the section "Configuring the SAML Parameters", one of the steps talk about setting "SourceID" which is given as (20-byte sequence provided by the source site. Use the prefix Hex: or B64: to specify the format of the source ID as follows). How is this obtained?

 

Any pointers from someone who has experience configuring SAML would be greatly appreciated.

 

Thanks.

  • Re: SAML configuration
    Siarhei Pisarenka
    Currently Being Moderated

    Hi Suresh

     

    >Secondly, though the steps for configuring SAML is given in help.sap.com, certain things are not clear. In the section "Configuring the SAML Parameters", one of the steps talk about setting "SourceID" which is given as (20-byte sequence provided by the source site. Use the prefix Hex: or B64: to specify the format of the source ID as follows). How is this obtained?

     

    If you use NWA to configure SAML scenario you do not need to care about this. NWA -> SAML Browser/Artifact view provides a drop-down for the two SourceID formats. Moreover, in NWA you do not need to specify the 20-byte sequence by yourself, because the corresponding field is read-only and calculated automatically. The 20-byte sequence is generated based on URL property. When you change URL the SourceID will be regenerated by the UI.

     

    BR, Sergei

    • Re: SAML configuration
      Suresh Santhana
      Currently Being Moderated

      Thanks Sergei for your response. I have a few clarifications.

       

      Since we are configuring SAML on AS Java for providing SSO to an external system, the SAP AS Java would become the "Service Provider". The team related to the external system are asking for details such as

       

      1) How would the SAML request to SAP AS Java look like? What all parameters would be present in SAML request/assertion?

      2) How will the SAML response from SAP AS Java look like? What all parameters would they receive back?

      3) What will be the SAML error codes?

      4) How will the request timeout be handled?

       

      Also if we are using Visual Admin for configuration, will Source Id be NOT required (or need not be specified explicitly) as in the case of NWA.

       

      We were not able to get much info for these queries on net. Any help in this regard would be of great help.

       

      Thanks in advance.

Actions