on 07-31-2015 11:38 AM
Hello Experts,
We want to configure SSO using SAML between Active Directory and SAP SRM system.
SRM system version is SRM 4.0 which does not support SAML so we are routing this authentication request (token) via SAP Enterprise portal which is on NW 7.31.
In SAP Portal one service provider is already configured for an alias created for Portal itself.
Now we have created another alias for SRM system and same needs to be configured in SAP EP so my query is
What should i do now,
1) Either i should ask IAM team to regenrate metadata again for new alias or
2) Can i create another service provider somehow in NW and download the proceed further.
Sorry if i sounded unaware about SSO terminologies as i am a newbie in this era.
Warm Regards,
Sumit Jha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Sumit,
You do not need multiple service providers on the Portal.
If you want that the Portal is accessed with different aliases then you can do the following, assuming you use Microsoft ADFS as an IDP:
- For each Portal alias add manually new Assertion Consumer Service (ACS) URL in ADFS for the Portal (trusted relying party), e.g. https://portal1.acme.com/irj/portal, https://portal2.acme.com/irj/portal, etc.
- On the Portal system in NWA -> Authentication & SSO -> SAML 2.0 -> Trusted Providers: select the entry for the ADFS and under "Authentication Requirements" select "Application URL" for the authentication response setting.
If the user accesses different URL on the Portal for the SRM scenario then instead of https://<portalalias>/irj/portal add this URL as ACS URL in the ADFS configuration.
Best regards,
Dimitar Mihaylov
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.