08-06-2010 11:44 PM
Hi ,
If we have a Corp AD configured on Windows 7/ Windows 8
but SAP-EP-UME is hooked up to the Corp AD ( read only ).
Can we consider the Active directory system(Windows ) to be the IDENTITY PROVIDER
and configure the SAP-EP ( portal to be the SERVICE PROVIDER) for SSO ?
Edited by: Franklin Jayasim on Aug 7, 2010 12:47 AM
08-10-2010 2:39 PM
Why not use kerberos authentication in that kind of setup. What is your drive to use SAML in this case?
08-10-2010 2:39 PM
Why not use kerberos authentication in that kind of setup. What is your drive to use SAML in this case?
08-13-2010 3:24 PM
Hi Michael Shea,
I am prototyping various SSO mecanisms
Regarding SAML: My client has hosted SAP lanscape with domain www.xyz.com & the portal to be configured is onsite www.abc.com. I thought SAML 2.0 will be perfect for this scenario (two different Domains)
08-17-2010 9:54 AM
SAML 2 is designed to work cross domain, so that would be a good choice.
-Michael
08-11-2010 12:27 AM
Hi,
I don't have any experience with AD as IdP but you can find on net that AD can be SAML 2.0 indentity provider. The question is if it's part of standard installation or there is an extra cost. SAP supports only subset of standard but I assume that it covers all basic scenarios so it should be possible.
But if you want to play then have a look at project [Shibboleth|http://shibboleth.internet2.edu/]. It's an open source project and it supports Active Directory as identity store. I want to test it by myself with CE7.2 but I don't know when I'll have time.
Cheers
08-24-2010 3:49 PM