Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how/where to configure URL to direct users to iDP to begin SAML assertion in AS ABAP?

paulvipond
Explorer

‎06-06-2022 7:07 PM

0 Kudos

Hello,

I am about to configure SAML for AS ABAP on NW 740, and I have a question about how to configure a URL that will direct the end user to the iDP where they will logon and then be redirected to AS ABAP. I will need to configure a URL in both a SAP GUI as well as a SAP CRM logon screen in the browser.

I have been referring to this SAP documentation (link below) on configuring AS ABAP as a service provider. In this documentation I haven't located anything mentioning how to direct end users to the iDP?

https://help.sap.com/docs/SAP_NETWEAVER_731_BW_ABAP/f118a8960caf41808bd374e28a834f58/4ab6df333fec6d8...

I understand that this begins the SAML assertion process and would expect there to be mention of a URL direction to the iDP and perhaps it's mentioned as a technical reference I'm not familiar with.

Can anyone comment on this?

Appreciate the help.

4 REPLIES 4

HammerM
Active Participant

‎06-06-2022 9:39 PM

0 Kudos

Have you seen this blog?

https://blogs.sap.com/2017/12/01/enabling-the-saml-2.0-service-provider-in-sap-netweaver-abap/

As part of the configuration you upload the meta data from your identity provider which has the url your users would be redirected to.

Hope that helps.

Mark

paulvipond
Explorer
In response to HammerM

‎06-06-2022 10:02 PM

0 Kudos

Hi Mark,

I have seen and read this blog, but it doesn't specifically mention that a URL will appear somewhere on the SAP GUI or SAP CRM logon screen where users would directed to. If after the metadata file is uploaded I'm wondering where the URL the iDP provided shows up?

Can you comment on where the URL would appear after the metadata file is uploaded? There isn't any mention or screenshot for this in the blog.

Thanks! Paul

HammerM
Active Participant

‎06-06-2022 10:25 PM

0 Kudos

Hi Paul

I'm sure this won't work for SAPGui based authentication. It needs a browser based authentication to SAP which in turn redirects to the IDP.

I've got SAML working with the SAP Business Client (as opposed to SAPGui) using this blog https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sap-netweaver-tutorial which may also help to clarify things for you as it has more screenshots. The url doesn't actually appear in a screen field etc it just appears in the browsers url during the redirection process.

Again hope that helps

Mark

paulvipond
Explorer

‎08-17-2022 7:34 PM

0 Kudos

I have answered this question for myself by completing the SAML configuration. Once the IDP has been setup and activated, the logon screen changes and present the option of continuing with a 'trusted SAML 2.0 Identity Provider'. By pressing the 'continue' button that is displayed you then start the SAML authentication process.

So once the SAML configuration is completed and the IDP activated the whole process becomes clear.