Skip to Content
avatar image
Former Member

SAP Identity Provider Design & Config

Hi Experts,

There are 2 SAP Java stack systems in our landscape. Following are the details about the system:

Java stack 1 : Secure Login Server and Identity Federation component (Domain A)

Secure Login server issues X.509 certificates to provide SSO to ABAP systems.

Identity Federation compoenent i.e Identity Provider to provide cross domain SSO

Java stack 2 : SAP IDM system (in a different domain & company). (Domain B)

I've configured Service Provider on Java stack 2 to trust Identity Provider of Java stack 1.


When a user from Domain A tries to access resources on Java stack 2  (Domain B) using https://<IP>:<port>/idm he should be redirected to Java stack 1 (Identity Federation component) for authentication.

If a user has valid X.509 certificate issued from Secure Login Server, he should be authenticated to Identity Federation in java stack 1 with out entering password and SAML2.0 assertion should be sent back to Java stack 2 . Then Java stack 2 will create a session for authenticated user.


  1. I've configured Secure Login Server, Identity Provider and Service Provider as mentioned in the document. User has a valid X.509 certificate issued by Secure Login Server. But when the user tries to access resource on java stack 2, he is never redirected to Identity provider.Did I miss something in the config? It would be great if you can share the document on this. I've already done everything based on a wiki guide.

2.   Is it possible to use X.509 certificate to autheticate with Identity Provider?  Is this a  limitation with SAP Identity Provider product?

Please advice if I'm on the correct track.


IDM is just an example. I want to extend this design to to other Java stack systems which are out of our domain

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Aug 10, 2012 at 03:41 PM

    This question was answered in thread.

    Add comment
    10|10000 characters needed characters exceeded