Skip to Content
0
Former Member
Mar 13, 2013 at 12:23 PM

Setup of Gateway cloud application scenario

41 Views

Hi,

The help.sap.com security pages for gateway mentions a possible setup for a cloud application scenario.

In this case the authentication is done by through SAML.

(ref http://help.sap.com/saphelp_gateway20sp06/helpdata/en/4e/d988395be24c12a29ea0b06b2dcbb6/frameset.htm)

We're looking at implementing this scenario together with Active Directory Federation Services 2.0 and Windows Azure cloud.

Unfortunately, the figure provides limited data, so it is not straightforward to identify the steps required for settings this up.

The general SAML setup for ABAP AS (and therefore gateway) is provided here:

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/b6df333fec6d83e10000000a42189c/content.htm?frameset=/en/46/631b92250b4fc1855686b4ce0f2f33/frameset.htm

The general SAML setup is quite straightforward, but I having some difficulties in identifying what the statements in the figure actually mean in practice:

"issuing SAML 2.0 assertion for an unsolicited request",

"issuing SAML 2.0 bearer assertion proving user's identity for OAuth 2.0 flow"

Can any help translate 😊

PS ideally I would like to first have the user perform a claim towards windows azure (an SAML SP) towards AD FS (SAML idp) and then have azure be a reverse proxy towards SAP Gateway. The original claim should be provided to Gateway (an SAML SP) from Azure and verified against the same AD FS as Azure.