on 01-30-2018 7:16 PM
Hello,
I need to implement SAML 2.0 authentication for only a select number of ICF aliases/services. On the following Wiki page, I read that when "SAML 2.0 authentication is only required for a few ICF services, the best way to achieve this is to create a virtual host in SICF and to maintain those services in the virtual host for which SAML 2.0 authentication will be used." (Source: ICF logon procedures configuration for SAML 2.0 authentication -
wiki.scn.sap.com/wiki/display/Security/ICF+logon+procedures+configuration+for+SAML+2.0+authentication)
If I create this new virtual host for SAML 2.0 authentication, how do I "disable" SAML 2.0 authentication on the default host?
Thanks in advance,
Jill
Hello Roland,
Thank you for following up.
Even though Fiori isn't part of my solution, I used the following resource to do much of my configuration:
Using SAML 2.0 Authentication to Access Fiori Apps from the Public Internet.
I have also used the resource: Single Sign-On with SAML 2.0: https://wiki.scn.sap.com/wiki/display/Security/Single+Sign-On+with+SAML+2.0
In answer to my own question above, I have created a Virtual Host and will be putting the services/external aliases I want to use SAML authentication with there. For the Virtual Host I created a new domain name, saml2.host.domain.edu.
My problem now is that my ADFS admin requested that I re-create the service provider metadata file to reflect the new endpoints (saml2.host.domain.edu). In the browser-based SAML2 configuration screens, I do not find a way to indicate which endpoints to use.
Any help is much appreciated!
Best regards,
Jill
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I posted a separate question about re-creating the service provider metadata XML file (to reflect the new endpoints), and was finally able to answer it myself. Please see: SAML 2.0 config - How to change endpoints in metadata XML file
.
Cheers,
Jill
Hello Jill,
just saw your question. Have you managed to solve it for your self?
Regards
Roland
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jill,
do you have a solution for the question "how do I disable SAML 2.0 authentication on the default host?".
Thank you!
Regards
René
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.