on 01-07-2015 8:18 AM
Hello,
We are implementing SAP Fiori as a Central Hub Deployment model, front end is NW 740 SP8, Back end is SAP ECC EHP7 on HANA. We want to integrate SAP Fiori with LDAP so that user's can use their AD user id and password. We are not using SAP NW SSO or SAP EP.
Can you please let me know how this can be achieved ? Since User ID's should be same in front end, back end and HANA, how do i map user id's ?
Please help
Thanks,
Ravi
Hi Ravi,
SAP Identity Management (SAP IdM) is one of the solution that is being used by customers to
synchronize all the users across the landscape. For Fiori enablement, check out following example for Mobile SSO (SAP Authenticator) scenario:
Regards,
Kiran
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the links. Looks like SAP NW SSO is most widely used solution
We do not have SAP NW SSO, IDP or SMP servers. I think the only option is ABAP stack integration to LDAP , in this case i am not sure how far this serves as depends on the firori apps , clients can make calls directly to either fronted or to HANA XS.
Regards,
Ravi
Hi Ravidnran and Aoki,
what is the decision based on your research?
We are in similar situation, Users access FIORI app from Internet. Our Gateway server is separated and sits in corporate network.
we have LDAP to authenticate , but need to understand how did you guys approached? We do not have SAML, SMP,or NW SSO tools .
Please provide some guidance or Input.
Thanks
Krish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Ravi,
I,m late with the SAML configuration. The ADFS was installed by the customer for test purposes but already intending to be a future production service, but when we tried to import the metadata file generated by SAML2 transaction on SAP Gateway/ Fiori appears an validation error such as 'SAML2 service not accessible'.
I checked the SICF and metadata file content and the configuration appears OK. They match the screenshots on pdf guide 'SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS" made by Navin Sahadev.
The metadata 'URL https://<server>:<port>/sap/saml2/sp/metadata?sap-client=200' works fine but not the 'https://<server>:<port>/sap/saml2/sp/acs/200' test executed by ADFS. Does acs service provided by SAP IDM as mentioned above?
Do you have a idea about what is wrong here? I´m not using the default HTTPS port. Could be this a problem?
Regards,
Rodrigo Aoki
Hi Ravi,
Based on the setup you mentioned for Hub based landscape , so we have a Web dispatcher, Gateway server, ERP and HANA DB.
Are you suggesting SAML authentication with Microsoft ADFS server is the best approach for using Fiori on Mobile and PC.
Can you provide with heads on setting up SAML with ADFS.
Thanks
Jayesh
Hi Ravi,
I'm facing the same issue here. We need to sincronize the windows passwords to Fiori application, and we do not have the SSO. By chance, could you get implement the solution without SSO?
Regards
Amanda
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Amanda, Former Member
I have managed to configure SAML authentication to Fiori front-end and logon tickets to HANA DB. SSO in Fiori infra works fine now. You will have to setup SAML in front end using with SAML2 T-code and import the cert file from your IDP to ABAP, Import your ABAP cert to IDP.
Are you configuring SSO using with SAML ?
Thanks,
Ravi
Hi Ravi,
I've read this blog: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c06d6ac9-5f4d-3210-0989-89a92bcfc...
Is this the arquitecture that you are using? We don't have licensed the SSO 2.0. I was trying to find a solution without this product.
Regards
Amanda
We don't have NW SSO license too, but i have done like this.
Our Fiori landscape is Hub based landscape , so we have a Web dispatcher, Gateway server, ERP and HANA DB.
Configured Gateway server for SAML authentication using with MS ADFS
Trusted RFC and STRUSTSSO2 between Gateway and ERP
Logon tickets to HANA DB
So the landscape is covered for full SSO.
Please use the following documentation to setup your gateway for SAML authentication
For logon tickets i hope you know how to do it.
Thanks,
Ravi
This solution using SAML 2.0 as abstraction level (HTTP layer integrated to ABAP) appears to be the response.
The customer doen´t have the ADS corporate domain federated so the idea must be tested and analyzing how to integrate to keep the assumption to using the user/password from AD as the main credential.
I´m following this path here...
Regards,
Rodrigo Aoki
Hi Ravi,
I'm facing the same issue here. We need to sincronize the windows passwords to Fiori application, and we do not have the SSO. By chance, could you get implement the solution without SSO?
Regards
Amanda
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Ravi
Please let me know if you have setup Fiori LDAP integration, we are also looking to implement the same LDAP- ABAP Integration
Thanks,
Bharathi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I already tried this configuration for LDAP integration on ABAP. Unfortunately this integration (transaction LDAP using LDAP connector) only enables the ABAP to identify groups and another characteristics from the LDAP server based on replication using the user id as key but NOT the password.
So, ABAP doesn´t authenticates with the user/password combination from the LDAP server.
Regards,
Rodrigo Aoki
SAP Basis
Fiori Infra Experts - Please help if anyone has integrated Fiori front end with LDAP .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.