Skip to Content

How to configure SAML authentication for XS Advanced applications?

Hi,

I've been reading the XS Advanced developer guide (HANA 2.0 SPS 02) and it mentions in several places that you can configure custom IdP's (assuming they can provide SAML 2.0) as authentication services. In xsa-admin application I have been able to add a SAML 2.0 Identity Provider but what seems confusing to me is how we are supposed to use this IdP as a source for authentication in our XSA apps.

The basic guide shows that if you use authentication in your apps then you have to either create a UAA service or bind the application to an existing one. Is there a way to configure a UAA service to use one of the configured IdPs? If yes then how should it be done? For example we want our users to log in to some of the apps using IdP A but for logging into other apps the user should be validated against IdP B? Is this something that can be done with the current architecture of XSA or do we maybe have to disable the UAA authorization in the XSA configuration and then develop our own in-app authorization for that?

Thanks,

Rauno

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Feb 01 at 05:59 PM

    Hello Rauno.

    We have to do the same task here in my project.

    We are working in a HANA 2.0 SPS02 and we need to configure SSO with IDP MS Azure (ADFS).

    Did were you succed in this achivement?

    Thanks!

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 19 at 03:44 PM

    Hello Rauno,

    trusted identity providers are basically transparent to applications in XSA, so you cannot control them or choose specific providers only. When e.g. three IdPs are configured in the system, and a user accesses your application, the displayed login page will simply ask the user to choose the IdP to use for login. So it's completely the user's choice and not the choice of the application.

    Kind regards

    Heiko Ettelbrück

    SAP Development Support

    Add comment
    10|10000 characters needed characters exceeded