cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to bypass the standard SAP Netweaver Logon screen?

Go to solution
Former Member

on ‎08-29-2013 7:04 PM

0 Kudos

Hi SSO and SAML2 experts,

We have several SAP Enterprise Portal systems. The SSO configuration is setup using SAML2, with the Portal as SAML2 service provider
and Touchstone as identity provider. When users click on link https://<server>:port#/irj/portal, they will see the SAP Netweaver Login screen with an Identity Provider box (which is Touchstone in our case). Once the user click on "continue" button at the signup screen, he/she will be redirected to the Identify Provider (Touchstone) , which is another screen. At that point (the touchstone screen), the user has options either to use a certificate or a Kerberos id, before signing up into the portal.

My question is this: Is it possible to bypass the initial SAP Netweaver Sign-up screen? In other words, can some thing be done(configurations/custom codes/other creative methods) so users would not be presented with the SAP logon screen, instead go directly to IdP Touchtone screen? The issue here is "user experience". Users need to click on "continue" on the SAP Netweaver login, then being redirected to IdP Touch stone screen, click again, finally land into portal.

Any feedbacks would be greatly appreciated!

Best regards,

Qian Kang

qiankang@mit.edu

qiankang@mit.edu

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member432219
Active Participant
‎09-02-2013 9:23 PM
0 Kudos

Hi Qian Kang

Have you seen Influencing the Identity Provider Used by the Service Provider, perhaps this is what you need?

Show replies
Show replies
Former Member
‎09-06-2013 2:43 PM
0 Kudos

Hi Patrick,

Thank you so much for pointing me to the right direction! I have not seen "Influencing the Identity Provider Used by the Service Provider" before. The instructions were very helpful. I changed the "Identity Provider Discovery Mode" from "manual" to "automatic", and users were routed automatically to our Touchstone IdP.

I do have another question. Since the sign-up of https://servicer:port/irj/portal is now automatically sent to IdP, when users click on "log off" button, they are automatically re-routed back to portal again. I understand we can set the "logoff" parameter to a specific site as a work-around easily. But are there other elegant options to deal with this infinite looping back issue?

Thanks again for your insights!

Qian

Answers (1)

Answers (1)

Former Member
‎09-06-2013 3:22 PM
0 Kudos

Hi Qian,

I'm sorry but there is not much you can do to get around the 'automatic logon' when using an IdP. The reason is based on your initial wish to redirect the authentication to someone else (the IdP) therefor the local logoff on the portal is no longer a real log off but only a 'discard my HTTP session on this server' request. I have seen three options implemented so far:

- a redirect to the logoff page on the IdP

- a landing page allowing to access the portal again

- the removal of the logoff button from the screen

Regards,

Patrick

Show replies
Show replies
Ask a Question