Dear All,

I need to enable identity provider ADFS2.0  to create users in the service provider  SAP EP 7.3 which is integrated and using SAP R/3 UME.

The scenario is we should allow to auto generate users through SSO from ADFS 2.0 to SAP EP 7.3.

I configured SAP portal as SAML 2.0 service provider and ADFS 2.0 as Identity Provider.

Now SSO is working with same and different User ID's between IdP and Sp.

Now how do I enable IdP (adfs 2.0)  to automatically create users in Sp ( sap nw 7.3).?

In SAML 2.0 Configuration Page on NWA , I selected "Identity Federation" tab and in the "Supported Name ID Formats " table list I added Unspecified Name of Federation type "Persistent Users (Advanced) " and selected Allow Automatic Creation of Accounts check box and maintained

User ID Source as Assertion Subject NameID and User Id Mapping Mode as LogonID.  Also I specified Assertion based attributes and Default Roles.

When I log in to the Service Provider, it redirects me to Identity provider. I logged in with the user in identity provider. It then redirects me to service providers application but didn't create user. It lands on login page with the warning message, "Your account on identity provider [ADFS 2.0] is not federated with any local account ". When I click on the link New Here?Register Now and Federate Accounts  , It creates the account and assigns the user default roles and user attributes I maintained.

How to federate ADFS 2.0 user account with local account in SAP EP 7.3?

Regards,

Eben Joyson