Solved: How do you configure SAML Authentication (IDP init...

taryckbensaili · ‎11-08-2018

Hi all,

I've founded documenation on how to configure and generate SAML Assertion for SOAP WS.

However now I'm looking for a way to use SAML Asertion with OData to logon a user.

Do you have documentation on this suject ?

Our situation is the following :

The user connect to a third party application using it's own logon process (Azure AD).

This application contact a IBM DataPower with a JWT (JSON Web Token). Once verified the DP should generate a SAML assertion and push the OData request to the SAP NW GW.

For instance the request could by :

GET /sap/opu/odata/SAP/YTBE_SAML_SRV/?$format=json

Any help or guidance will be appreciated as documentation barely exists at SAP.

ThomasBailleul · ‎12-11-2018

Hello Taryck,

as checked this scenario is currently not supported.

SAML tokens can be used for achieving principal propagation with SOAP Webservices and OAuth2.

Thomas

Andre_Fischer · ‎11-08-2018

Hi Taryck,

have you tried Google?

https://www.google.de/search?q=saml+sap+gateway&ie=&oe=

The first three hits deliver:

Single Sign-On with SAML 2.0 - SCN Wiki - SAP.com

https://wiki.scn.sap.com/wiki/.../Single+Sign-On+with+SAML+2.

Diese Seite übersetzen09.06.2017 - The first is an explanation of how SAML 2.0 based authentication works from the public internet to an SAP NW Gateway server. The second is ...

‎Availability of SAML 2.0 ‎List of topics ‎SAML 2.0 in AS Java ‎SAML 2.0 in AS ABAP sap saml web dispatcher sap saml log saml identity federation sap sap saml 2.0 abap sap secure login server saml sap sicf saml

Andere suchten auch nach

SAML 2.0 at SAP Gateway and MSFT ADFS - SAP.com

https://www.sap.com/.../4e233a50-5a7c-0010-82c7-eda71af511f.

Diese Seite übersetzen

This guide describes how you can install and configure SAML 2.0 on Microsoft ADFS server and SAP NetWeaver AS ABAP server.

Configuring SAML for Use in SAP Gateway - SAP Help Portal

https://help.sap.com/doc/.../1610%20001/en-US/frameset.htm.

Im Cache

Diese Seite übersetzen

The following is an overview of the sequence of tasks for configuring SAML for use in SAP Gateway: Complete the listed processes in the SAP Gateway host.

ceterum censeo RAP esse utendam

taryckbensaili · ‎11-09-2018

Of course :

Microsoft ADFS : We do not have. It's not a classic user redirecting scenario => do not apply to our case
Single Sign-On with SAML 2.0 : This is only for SOAP. It's require SAML Asserting to be sended within the HTTP POST Body. However OData work with many other HTTP verb like GET PUT PATCH DELETE that might not have body at all => do not apply to our case
Configuring SAML for Use in SAP Gateway : Already done. However we do not know what is an expected request. Where should be locate SSO elements.

With SOAP we've found within note 1254821 the expected SAML assertion format supported by SAP.

We've made the SAML2 configuration for both Trust IDP and STS. Thay are activated however the SSO Failed and we do'nt know why.

That's why I'm looking for a documented how like the one in note 1254821 (that is for SOAP) but for OData SAML.

AND/OR for OData OAuth that seams more complex.

Note 2443156 (SAML 2.0 SSO with AS ABAP - Guided Answers) provide a question tree to trouble shout the SMAL 2.0 SSO but we can't chose and answer to the 2nd question so we do not get any guidance...

ThomasBailleul · ‎12-11-2018