Skip to Content

Multiple ABAP clients using saml2 to authenticate against adfs

We have followed the documentation at and successfully setup login authentication in an ABAP client using SAML2 and ADFS. In some of our ABAP systems we have multiple clients (400, 410, etc) for testing. We have been unable to setup more than one client in each ABAP system.

In ADFS, we get the error that the relying party trust must be unique when trying to add the second ABAP client. I opened an SAP incident and the recommendation of SAP support was to use a virtual hostname to get around the uniqueness restriction in ADFS.

Is there any example documentation for setting up SAML2/ADFS authentication for multiple ABAP client numbers in the same SAP system?

Add comment
10|10000 characters needed characters exceeded

3 Answers

  • Posted on Feb 24, 2017 at 09:19 PM


    Sorry no answer to your question, but did you get working? Or could you elaborate on the answer you got from SAP support?

    We are facing the same issue (using saml2 authentification from 2 ABAP clients in the same system against a adfs)

    Thanks in advance

    Rolf Weber

    Add comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 30, 2019 at 02:03 PM


    Is anyone has any solution on this topic?


    Raja. G

    Add comment
    10|10000 characters needed characters exceeded

  • Posted on Mar 06 at 12:40 PM

    Hi Brian,

    We have the same problem described by you, but as I can see when I start transaction SAML2 in the second client, I get the "Local Provider" of the first client, therefore I think it's not possible to configure a second Local Provider in the second client inside ABAP system. From the perspective of the ADFS, the ABAP system is therefore one service provider regardless of how many clients it contains.

    But the metadata.xml file I export from the SAML2 transaction and import into the ADFS ends up with the first client in the redirect links back to SAP system. How can I change my SAML2 configuration so that the ADFS sends the user back to the correct client? How should a virtual hostname solve this problem? Thanks for any information.

    Kind regards

    Add comment
    10|10000 characters needed characters exceeded