Solved: SAML assertion Identity provider - SSO for ALL use...

Former Member · ‎08-06-2010

Hi ,

If we have a Corp AD configured on Windows 7/ Windows 8

but SAP-EP-UME is hooked up to the Corp AD ( read only ).

Can we consider the Active directory system(Windows ) to be the IDENTITY PROVIDER

and configure the SAP-EP ( portal to be the SERVICE PROVIDER) for SSO ?

Edited by: Franklin Jayasim on Aug 7, 2010 12:47 AM

MichaelShea · ‎08-10-2010

Why not use kerberos authentication in that kind of setup. What is your drive to use SAML in this case?

MichaelShea · ‎08-10-2010

Why not use kerberos authentication in that kind of setup. What is your drive to use SAML in this case?

Former Member · ‎08-13-2010

Hi Michael Shea,

I am prototyping various SSO mecanisms

Regarding SAML: My client has hosted SAP lanscape with domain www.xyz.com & the portal to be configured is onsite www.abc.com. I thought SAML 2.0 will be perfect for this scenario (two different Domains)

MichaelShea · ‎08-17-2010

SAML 2 is designed to work cross domain, so that would be a good choice.

-Michael

mvoros · ‎08-11-2010

Hi,

I don't have any experience with AD as IdP but you can find on net that AD can be SAML 2.0 indentity provider. The question is if it's part of standard installation or there is an extra cost. SAP supports only subset of standard but I assume that it covers all basic scenarios so it should be possible.

But if you want to play then have a look at project [Shibboleth|http://shibboleth.internet2.edu/]. It's an open source project and it supports Active Directory as identity store. I want to test it by myself with CE7.2 but I don't know when I'll have time.

Cheers

Former Member · ‎08-24-2010

This message was moderated.

SAML assertion Identity provider - SSO for ALL users