Hello Jones,
Assuming you have ADFS configured, you can use that as an identity provider (IdP) for SAML authentication. You would then set up your SAP system as a service provider (SP) via transaction SAML2. At that point, you would be able to utilize the Fiori Client to use the Windows username and password.
However, we have seen that once you close the Fiori Client, it will prompt for credentials again. This is not a seamless SSO solution, and we are testing the SAP SSO 3.0 solution to see if it will better achieve an easier user experience. If you have an MDM that can handle creating the tickets first, you may be able to avoid the need for SAP SSO. I have heard of some companies where you log in once a day and that the authentication is good for the day, but we do not have that set up.
With SAP SSO, you need a Java stack to act as the IdP which can just pull the user accounts from AD. It sounds like your Portal is already set this way, so you would just configure the Java stack that the SSO is running on the same way. If you don't have a Windows AD IdP, then getting SSO would allow you to set up an IdP for your SAML SP's. Plus you would be able to utilize the SAP Authenticator as well.
We've also had some success by using Azure AD as the IdP by setting the email as NameID in the SAML claim. However, it still would time out after a few hours. From what we could tell, it never got the second assertion from Azure that creates a longer login validity.
This guide is a good one to follow on how to get SAML set up for ADFS and SAP. http://sapassets.edgesuite.net/sapcom/docs/2014/07/4e233a50-5a7c-0010-82c7-eda71af511fa.pdf
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.