07-29-2010 10:06 PM
I am trying to implement SAML to provide SSO between 3 web dynpro applications running on SAP Web AS 7.2 and a external non-SAP .NET SAML provider using web services instead of HTTP Post (Browser Artifacts).
The .NET SAML provider is available in both 1.1 and 2.0. Going with the web services approach instead of Browser artifacts because of the constraints in SAP Netweaver, as seen here.
http://help.sap.com/saphelp_nwce72/helpdata/en/94/695b3ebd564644e10000000a114084/frameset.htm
I could not find any best practices or any detailed description of how to acheive this?
Any help appreciated.
08-01-2010 10:38 PM
Faraz,
Did you read the section " Developing Authentication enhancements"
and all the articles realted to SAML?
&
This section
"Accessing an Application that Accepts SAML Assertions"
at this link, most of the SSO- SAML related information is available here
http://help.sap.com/saphelp_nwpi71/helpdata/de/89/b75a42bc993654e10000000a155106/frameset.htm
08-01-2010 10:38 PM
Faraz,
Did you read the section " Developing Authentication enhancements"
and all the articles realted to SAML?
&
This section
"Accessing an Application that Accepts SAML Assertions"
at this link, most of the SSO- SAML related information is available here
http://help.sap.com/saphelp_nwpi71/helpdata/de/89/b75a42bc993654e10000000a155106/frameset.htm
08-03-2010 9:49 PM
Franklin, the articles talk about browser artifacts only. They do not mention the way to use the web services side of the SAML SSO Authentication.
08-03-2010 10:27 PM
Hi Faraz ,
I just started practical work to use SAML I am not very proficient
But I do see that information at this link http://help.sap.com/saphelp_nw70/helpdata/EN/e5/4344b6d24a05408ca4faa94554e851/frameset.htm
Look at topic : Using Message Level Authentication ( This is for single sign on for Web services )
"Use
When you use message or SOAP document level authentication for WS access, the authentication credentials of the WS consumer are transported in the SOAP header of the SOAP envelop, using authentication token profiles. SAP NetWeaver enables you to use the following WS Security token profiles:
● Username token profile
● X.509 certificate token profile
● SAML Token Profile
In addition, SAP NetWeaver enables you to enable WS specific security and authentication mechanisms, such as XML encryption, XML signatures, Message Aging and WS Secure Conversation."