Skip to Content

SAP Cloud Platform Identity Authentication Service on other platforms


how it is possible to use the sap cloud platform Identity Authentication Service to authenticate business users for applictions which are running in other clouds than the SAP Cloud Platform.

In the documentation( there are only integration scenarios for SAP products and Azure Microsoft.

Is it possible to use the identity provider to do authentication from an Spring Boot application which is running on other cloud platforms so that it is possible to keep the

SAP Cloud Platform Identity Authentication Service as identity provider if you migrate an application to another platform?

I mean that the application uses the SAP Cloud Platform Identity Authentication Service directly to authenticate business users who want to get access to the application, not the surrounding environment, like in the SAP NEO Environment.

I couldn't find anything besides the integration scenario for Azure Microsoft.

Update: After diving al little bit deeper in details, I'm trying at the moment to integrate the SAP Identity provider saml-authentication in my spring boot application with spring security.

I followed this example:

At the moment it doesn't work, the metadata of the SAP Authentication Identity Service isn't accepted.

Did somebody try this in the past and can offer some help?



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Dec 12, 2017 at 09:44 PM

    Hi Marcel,

    I've used Spring, but inside Cloud Platform Cloud Foundry. The identity integration patterns we'd use there don't match with what you are describing. I've found Spring's security classes to be quite reliable if sometimes a bit confusing to set up.

    The first documentation link you cited is worded poorly; it references a few common usage patterns as "related links" but never describes the more general case. That's captured in this section: -- an Application in IAS terminology is just a SAML Service Provider or Relying Party.

    The Spring example you mention uses ssocircle as the SAML IdP -- ssocircle is a free service. Have you validated your application works with that? I'd strongly suggest getting that combination working first in order to prove your code is functioning as expected -- only then reconfigure for SAP IAS.


    Add comment
    10|10000 characters needed characters exceeded

    • Hi Marcel, Riley,

      Can you please share some of the hints to integrate SAP IDP with spring boot application (outside of Hana or Cloud Foundry)? So far the application is successfully integrated with OKTA, though when we use a similar pattern for SAP IDP, it returns 400 (bad request) instead of providing the login form.

      Any help is really appreciated.