on 09-28-2015 5:39 PM
Hello experts,
I am currently using a trial version of SAP JAM hosted on my trial Hana Cloud Platform (HCP) account.
I managed to authenticate an external application to JAM using the oauth SAML bearer assertion flow.
For SAML I used the local IDP (IDentity Provider) provided by Hana Cloud Platform.
I have a couple of questions:
1. Is it possible to configure an external IDP to log into SAP JAM? I don't want to pass through the standard SAP SAML login page
2. Is it possible to store an issued SAML assertion and use it in a second time to authenticate my application against JAM?
Thank you very much,
-
Raffaele
I am not sure what you are getting at with question 1, you already have code working using the SAML bearer assertion, are you trying to avoid this type of authentication? Or are you talking about when users manually log into Jam, you want them to see a different login page?
For number 2, the SAML assertion gets you an OAuth Token which is then used in every other OData request. This token as the header field is your authorization, and does not need to be regenerated for every call.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We managed to authenticate using the local HCP Identity Provider (IDP), but our scenario is a bit more complex.
We have 2 systems:
We’d like to provide SSO capabilities using the SAML protocol and an external IDP hosted in our customer’s Intranet. In order to put it in place we need to make both systems and the IDP trust each other. From the IDP side this is achieved by importing Service Provider descriptors (metadata.xml). In this case we need 2 metadata.xml files, one for the Gateway and one for JAM. The problem is that we are not able to get metadata from JAM. I think this is because our trial JAM instance is only reachable via our Hana Cloud Platform (HCP) trial account. Indeed we are able to export the Service Provider metadata from the HCP Cockpit (however we are not able to be redirected to JAM after SAML assertion is generated by our IDP).
Is there a way to directly expose JAM as a SAML service provider and configure trust relationship with our customer IDP? Is it a limitation of the trial edition (we plan to buy a JAM enterprise license)?
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.