cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Cloud Platform Identity Authentication Service on other platforms

former_member243168
Explorer

on ‎12-01-2017 1:08 PM

Hi,

how it is possible to use the sap cloud platform Identity Authentication Service to authenticate business users for applictions which are running in other clouds than the SAP Cloud Platform.

In the documentation(https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/1b607aace12240cf84904a04e5713c58.html) there are only integration scenarios for SAP products and Azure Microsoft.

Is it possible to use the identity provider to do authentication from an Spring Boot application which is running on other cloud platforms so that it is possible to keep the

SAP Cloud Platform Identity Authentication Service as identity provider if you migrate an application to another platform?

I mean that the application uses the SAP Cloud Platform Identity Authentication Service directly to authenticate business users who want to get access to the application, not the surrounding environment, like in the SAP NEO Environment.

I couldn't find anything besides the integration scenario for Azure Microsoft.

Update: After diving al little bit deeper in details, I'm trying at the moment to integrate the SAP Identity provider saml-authentication in my spring boot application with spring security.

I followed this example: https://docs.spring.io/spring-security-saml/docs/current/reference/html/chapter-quick-start.html

At the moment it doesn't work, the metadata of the SAP Authentication Identity Service isn't accepted.

Did somebody try this in the past and can offer some help?

Greetings

Marcel

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

rileyrainey
Product and Topic Expert
Product and Topic Expert
‎12-12-2017 9:44 PM

Hi Marcel,

I've used Spring, but inside Cloud Platform Cloud Foundry. The identity integration patterns we'd use there don't match with what you are describing. I've found Spring's security classes to be quite reliable if sometimes a bit confusing to set up.

The first documentation link you cited is worded poorly; it references a few common usage patterns as "related links" but never describes the more general case. That's captured in this section: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/61ad3b0796ca4f5bae706632a29... -- an Application in IAS terminology is just a SAML Service Provider or Relying Party.

The Spring example you mention uses ssocircle as the SAML IdP -- ssocircle is a free service. Have you validated your application works with that? I'd strongly suggest getting that combination working first in order to prove your code is functioning as expected -- only then reconfigure for SAP IAS.

Riley

Show replies
Show replies
former_member243168
Explorer
‎03-29-2018 9:01 AM

Hi,

yes it worked and I was able to set it up with the SAP IAS.

The problem was, that the certificate in the trust store was invalid and so the application wasn't able to download the metadata from the identity provider.

Greetings

Marcel

rileyrainey
Product and Topic Expert
Product and Topic Expert
‎04-02-2018 2:25 PM
0 Kudos

Hi Marcel,

I'm glad to hear you got it working. Enjoy!

Riley

Former Member
‎04-25-2018 5:56 AM
0 Kudos

Hi Marcel, Riley,

Can you please share some of the hints to integrate SAP IDP with spring boot application (outside of Hana or Cloud Foundry)? So far the application is successfully integrated with OKTA, though when we use a similar pattern for SAP IDP, it returns 400 (bad request) instead of providing the login form.

Any help is really appreciated.

Greetings,

Dmitry

swetha_konduru
Employee
Employee
‎06-08-2019 5:35 PM
0 Kudos

Hi Viktorov,

If you are still looking for integrating SAP IDP with spring boot application, then please have a look at this blog.

Show replies
Show replies
Ask a Question