Skip to Content

Implement SAML 2.0 authentication for a select number of ICF services


I need to implement SAML 2.0 authentication for only a select number of ICF aliases/services. On the following Wiki page, I read that when "SAML 2.0 authentication is only required for a few ICF services, the best way to achieve this is to create a virtual host in SICF and to maintain those services in the virtual host for which SAML 2.0 authentication will be used." (Source: ICF logon procedures configuration for SAML 2.0 authentication -

If I create this new virtual host for SAML 2.0 authentication, how do I "disable" SAML 2.0 authentication on the default host?

Thanks in advance,


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Apr 04, 2018 at 12:57 PM

    Hello Roland,

    Thank you for following up.

    Even though Fiori isn't part of my solution, I used the following resource to do much of my configuration:
    Using SAML 2.0 Authentication to Access Fiori Apps from the Public Internet.

    I have also used the resource: Single Sign-On with SAML 2.0:

    In answer to my own question above, I have created a Virtual Host and will be putting the services/external aliases I want to use SAML authentication with there. For the Virtual Host I created a new domain name,

    My problem now is that my ADFS admin requested that I re-create the service provider metadata file to reflect the new endpoints ( In the browser-based SAML2 configuration screens, I do not find a way to indicate which endpoints to use.

    Any help is much appreciated!

    Best regards,

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 21, 2018 at 07:37 AM

    Hello Jill,

    just saw your question. Have you managed to solve it for your self?



    Add comment
    10|10000 characters needed characters exceeded