Multiple ABAP clients using SAML2

Hi Experts,

question for SAML2 authenticaton (SP initiated). Is it required to enable SAML2 for every SAP client in order to use SAML2 authentication, or are there better ways?

I was not able to find information about that use case, but guess this work has to be done. In this case a 3 system landscape has 14 productive SAP clients and thus I need to setup SAML2 for every single client, exchange IDP metadata, install certs etc. Means to have at the end 42 relying party trusts in the IPD and lots of efforts for the configuration, whenever a IDP signature cert is changing or the likes.

Any documentation or best practices about that scenario available?

I know about other ways to authenticate users such as Kerberos, X.509 etc. please dont ask, it has to be SAML in this case ;)

Regards,

Carsten