Hi,

we have a gateway system connected to nonSAP external indentity provider, which authentize user by SAML2 protocol. Our gateway system is also connected to backend SAP system, where the users, who are in external nonSAP system also exists in backend SAP system in HR master data (in PA00XX tables). Now we want to create some SAPUI5 apps for those users. We have sucessfully set up SAML2 connection between gateway and nonSAP external system, users who have access to external system are redirected back to our testing SAPUI5 application and successfully logged in, but we have problem where and how to read "user name" of the user authenticated in external nonSAP system - we don't want to create duplicate users in gateway system - it's a nonsense when we have SAML2. I can see in sec_diag_tool in our GW system, that SAML2 response from our indentity provider (external nonSAP system) contains some SAML2 attributes which can solve our problem with user name:

<saml:Attribute Name="https://whoami.cesnet.cz/attribute-def/tcsPersonalID"  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

   <saml:AttributeValue xsi:type="xs:string">

     23060@vutbr.cz

   </saml:AttributeValue>

</saml:Attribute>

where I can see personal number(23060), but I don't know where and how I can read these attributes in my ABAP code for my gateway service.

Many thanks for any solution Jiri