cancel
Showing results for 
Search instead for 
Did you mean: 

How to use different authentication methods for SICF-services on the same AS ABAP

Colt
Active Contributor

Hi guys,

how to configure SAP IdP (Java) and SAP SP (ABAP) to support different HTTPS authentication contexts enabled on the SAP IdP? I've enabled Password, Kerberos (SPNEGO) and TOTPLoginModule on the IDP.

Target:

  • User 1 is consuming NWBC on the SP should be authenticated from the IDP using SPNEGO
  • User 2 is consuming Launchpad on the same SP should be authenticated from the IDP using a different Login Module such as TOTPLoginModule

Of course, having various authentication modules on the AS ABAP (ICM) itself is working, here I am talking about "pure SAML2" where the requirement is to control the authentication method used on the IdP for different SICF applications. Should be something the SP hands over to the IdP via AuthnRequest, but I wasn't able to find such settings, besides the generic list of supported authentication contexts one can configure on the SP under Trusted Providers.

Should work, what do you think?

Cheers

Carsten

geferson_hess
Participant
0 Kudos

Hi Carsten,

Not sure if I understood your scenario. What do you mean by "to control the authentication method used on the IdP for different SICF applications"?

Are you trying to use different authentication contexts to different services?

Accepted Solutions (0)

Answers (1)

Answers (1)

Colt
Active Contributor
0 Kudos

Hi Geferson,

exactly that is the challenge. My first idea was to achieve that using IDP initiated SSO like this way: https://<IDP>:<PORT>/saml2/idp/sso?saml2sp=<SPNAME>ℜlayState=<SICF-Service>; but wasn't able to find a way influencing the authentication used. Can this be done using Policy-based access on AS Java implementing a policy? Unfortunately, currently I haven't got time to find it out by myself and hope someone had a similar requirement.

Cheers

Carsten