cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Webdispatcher and ABAP backend as two distinct Service Providers ?

Farid
Active Participant

on ‎01-21-2016 8:53 AM

0 Kudos

Hello,

We have two distinct business scenarios :

Fiori : End Users Access to the SAP Netweaver Gateway 7.4 through its HTTPS URL : https://srv-sap-gwpa.domain:44320/

HR Renewal : End Users Access to the SAP Netweaver Gateway 7.4 through the SAP WebDispatcher : https://srv-sap-wdsp.domain:44320

Both scenarios work fine ...

We had a request to configure SAML 2.0 for both scenarios, ADFS being the Identity Provider.

I believe that a Service Provider is called here a "Relying Party".

When configuring separately, Fiori OR HR Renewal, it works fine, users are authenticated into ADFS and their redirected to Fiori (Netweaver GAteway URL) or HR Renewal (SAP WebDispathcer).

The Problem is that we obviously need to configure both scenarios together, and here it  does not work as expected, Fiori Users are bot redircted after authentication to the NEtweaver GAteway but are redirected to the Webdispatcher ... which is blocking for us

For Each scneario Webdispatcher (HR Renewal) and Netweaver Gateway (HR Renewal) we have a distincts Assertion Consumer Service (ACS) URL in ADFS :

We are really not familiar with ADFS, but there might be some trick, somehow , somewhere, to indicate to ADFS to redirect the URLs to the correct Service Provider/Relying Party.

Any help , hint would be appreciated


ADFS Settings For WebDispatcher :

For Netweaver Gateway :

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

artem_kogut
Member
‎02-13-2020 3:13 PM
0 Kudos

Hi All,

We have the same issue with internal and external reverse proxy and the only one possible Endpoint at ADFS side.

Is any solution for this?

Show replies
Show replies
JoeGoerlich
Active Contributor
‎08-12-2016 2:34 PM
0 Kudos

maybe this could help you:

regards

Johannes Goerlich

Show replies
Show replies
Farid
Active Participant
‎08-15-2016 4:36 PM
0 Kudos

Thanks Johannes,

I will have a look

donka_dimitrova
Contributor
‎01-21-2016 10:22 AM
0 Kudos

Hello Raoul,

This collaboration space if for content and questions related to the SAP Single Sign-On product. It seems that you are not using the SAML IdP we offer with SAP Single Sign-On product but you are using ADFS.

You can post your question in the collaboration space for SAP Fiori or the one for the SAP Web Dispatcher.

In the meantime you can also have a look at the recommended architecture for implementing SAP Fiori using a reverse proxy here:

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60f9f0b6-9c39-3210-9284-843cd5ec3...

and also the SAP documentation of the SAP Web Dispatcher solution here:

Regards,

Donka Dimitrova

Show replies
Show replies
Farid
Active Participant
‎01-21-2016 10:29 AM
0 Kudos

Hello Donka,

Thanks but :

It is not a Fiori issue : Fiori works fine

We do not use the Sap Web-dispatcher on top of Fiori, so the reverse proxy documentation would not help us here. It is a SAML configuration issuee (agreed it is not the SAP Indetity Provider)

So where is the other area in the SCN Forum where I could get some help ?

Thank you

donka_dimitrova
Contributor
‎01-21-2016 10:36 AM
0 Kudos

Hello Raoul,

My recommendation was to post this question in the SAP Fiori space not because it is a Fiori issue but because there could be somebody with experience for implementing SSO for Fiori using ADFS.

The other way is to look for help for ADFS SAML configurations in the Microsoft forums.

Regards,

Donka

Ask a Question