Hi ,
please follow the path
Changing the Startup Mode of the SAML Service
First, ensure that the SAML service always starts when you launch the SAP J2EE Engine:
1.Start SAP J2EE Visual Administrator.
2.Log in to SAP Visual Administrator.
3.In the tree view in the left pane, expand Server 0 > Services > Configuration Adapter.
4.In the tree view in the right pane, expand Configurations > cluster_data > server > cfg > services.
5.Switch to edit mode by clicking the button with the pencil icon. Click Yes when SAP Visual Administrator prompts you to confirm.
6.In the right pane, scroll down and double-click "Propertysheet tcsecsaml~service-runtime."
7.The Change Configuration dialog box is displayed.
8.Click the second row, startup-mode.
9.The "Change property entry" dialog box is displayed.
In the Custom field, type always and click "Apply custom."
10.The settings are shown in the "Display configuration" dialog box that is then displayed.Click OK.
Creating a Destination for the SAML SOAP Receiver
Next, create an HTTP destination for the SAML SOAP receiver in Access Manager:
1.In the left pane of SAP Visual Administrator, click the Cluster tab and expand Server 0 > Services > Destinations.
2.Click the Runtime tab in the right pane and expand Destinations > HTTP.
3.Click the New button and type a name for the new destination in the text field, for example, SunAM. Click OK.
4.Under Connection Settings, type in the URL text field the URL of Access Manager's SAML SOAP receiver, for example, http://ephost.companyxyz.com:8080/amserver/SAMLSOAPReceiver.
As a test here, use an insecure channel with no client authentication, that is, the None setting under Authentication. In a production environment, specify a secure channel with client authentications, such as BASIC, SSL, and the like.
Configuring the SAML Service
Now configure the SAML service on the SAP J2EE Engine:
1.In the left pane of SAP Visual Administrator, click the Cluster tab and expand Server 0 > Services > Configuration Adapter.
2.In the right pane, click the Runtime tab and scroll down. Expand SAML > Configuration > PartnersInbound.
3.Switch to edit mode by clicking the button with the pencil icon. Click Yes when SAP Visual Administrator prompts you to confirm.
4.Right-click the PartnersInbound node and choose Create Sub Node from the context menu.
5.Type a name for the partner in the text field, for example, SunAM. Click Create.
6.Expand the newly created node and specify the values as follows:
7.Destination Name: Type the name of the destination you created in the preceding section.
8.SourceID: Type the site ID of Access Manager you obtained in a previous section. That ID starts with B64, for example, B64:Gz5Ie6oAgITQsmjxfsDyru/jtiM=.
9.As a test, set the PermitInsecureConnections parameter under Configurations > saml > Configuration > Settings to true
Adding the SAML Login Module to the Application's Login Module Stack
Next, add the SAML login module to the application's login module stack, as follows. In this example, you modify the ticket template used by SAP EP.
1.In the left pane of SAP Visual Administrator, click the Cluster tab and expand Server 0 > Services > Security Provider.
2.Click the Policy Configuration tab and select ticket in the Components pane.
3.Switch to edit mode by clicking the button with the pencil icon. Click Yes when SAP Visual Administrator prompts you to confirm.
4.Click Modify on the right pane and adjust the login module stack, close SAP Visual Administrator.
Test of SSO
Finally, test the SSO mode in SAP EP with SAML assertions:
Go to the SSO trigger for SAP EP, for example, http://ephost.companyxyz.com:8080/amserver/SAMLAwareServlet?TA RGET=http://ephost.companyxyz.com:50100/irj/portal.
SAP EP prompts you to authenticate to Access manager.
1.Log in as one of the usersu2014for example, Administratoru2014you created in a previous section.
2.SAP EP displays the welcome page.
Regards
nag
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.