Skip to Content
avatar image
Former Member

How to access services via own SAML-based authentication solution

I have gone through tutorials but unable to find information below.

Problem: We would like to use our own SAML-based authentication solution and wanted to access service providers using new SDK.

So please guide us on what would be our request parameters for SAML requests. If you share sample curl SAML request or tutorial link also will helps.

Currently we have created sample app using iOS assistant which uses default web view based SAML authentication but in my organization we need to use our own solution.

Add comment
10|10000 characters needed characters exceeded

  • Former Member

    I have configured our own enterprise IdP in "SAP Cloud Platform Cockpit" and I got expected encoded SAMLResponse. (SAP Cloud Platform Cockpit -> Security -> Trust -> Application Identity Provider)

    SAMLResponse Type: "SAML Response with Signed Message & Encrypted Assertion"

    As mentioned above, I am getting SAML response with "Encrypted Assertion" and due to that I am unable to open finish/return url on browser and getting application 500 error.

    Error Message: "Authentication failed. Reason: SAML2Assertion received could not be decrypted."

    Please let me know if I have missed any configuration to handle "Encrypted Assertion".

    Any help would be grateful.

  • Get RSS Feed

2 Answers

  • Best Answer
    May 09, 2017 at 08:25 AM

    Viral,

    If you've configured your own custom IdP in the SAP CP Cockpit, you should actually not be required to do anything specific at all. The redirects and the handling in the SDK should automatically work just fine for you.

    If you indeed want to implement your own handling by connecting via the SDK to an endpoint directly (not going via Mobile Services), then you need to pursue the route that Robin suggested.

    In case you just want to control the web view yourself, that handles the authentication flow, you'll find more instructions also in the link that Robin shared - you'll want to read about the WebViewPresenters.

    Thanks
    Andreas

    Add comment
    10|10000 characters needed characters exceeded

  • May 04, 2017 at 01:48 PM

    Hi Viral,

    I haven't have any experience with the SDK and a 3rd party SAML solution, but I think modifying the generated `SAMLAuthViewController` class to point to your custom solution should suffice?

    Especially these URL's:

    let resourceURL = Constants.appUrl+"/SalesOrderHeaders"
    let authURL     = Constants.sapcpmsUrl.absoluteString+"/SAMLAuthLauncher"
    let finishURL   = Constants.sapcpmsUrl.absoluteString+"/SAMLAuthLauncher?finishEndpointParam=someUnusedValue"

    See https://help.sap.com/doc/978e4f6c968c4cc5a30f9d324aa4b1d7/Latest/en-US/Documents/Frameworks/SAPFoundation/Authentication.html for more info on the different SAML steps.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thank you for your answer.

      Could you please let me know below two details with respect to new SDK:

      1. How we can log/trace Webview request-response details. I tried this using default Webview delegate methods but those methods are not calling during SAML authentication.

      2. Is SAML authentication possible using custom login screen and not using webview? If yes, please let me know what are the request-response parameters I need to pass. If you share sample Curl command SAML request will helps.

      Any help would be grateful.