Skip to Content

How to use different authentication methods for SICF-services on the same AS ABAP

Hi guys,

how to configure SAP IdP (Java) and SAP SP (ABAP) to support different HTTPS authentication contexts enabled on the SAP IdP? I've enabled Password, Kerberos (SPNEGO) and TOTPLoginModule on the IDP.

Target:

  • User 1 is consuming NWBC on the SP should be authenticated from the IDP using SPNEGO
  • User 2 is consuming Launchpad on the same SP should be authenticated from the IDP using a different Login Module such as TOTPLoginModule

Of course, having various authentication modules on the AS ABAP (ICM) itself is working, here I am talking about "pure SAML2" where the requirement is to control the authentication method used on the IdP for different SICF applications. Should be something the SP hands over to the IdP via AuthnRequest, but I wasn't able to find such settings, besides the generic list of supported authentication contexts one can configure on the SP under Trusted Providers.

Should work, what do you think?

Cheers

Carsten

Add comment
10|10000 characters needed characters exceeded

  • Hi Carsten,

    Not sure if I understood your scenario. What do you mean by "to control the authentication method used on the IdP for different SICF applications"?

    Are you trying to use different authentication contexts to different services?

  • Get RSS Feed

1 Answer

  • May 15 at 04:41 PM

    Hi Geferson,

    exactly that is the challenge. My first idea was to achieve that using IDP initiated SSO like this way: https://<IDP>:<PORT>/saml2/idp/sso?saml2sp=<SPNAME>‚ĄúlayState=<SICF-Service> but wasn't able to find a way influencing the authentication used. Can this be done using Policy-based access on AS Java implementing a policy? Unfortunately, currently I haven't got time to find it out by myself and hope someone had a similar requirement.

    Cheers

    Carsten

    Add comment
    10|10000 characters needed characters exceeded