on 01-21-2016 8:53 AM
Hello,
We have two distinct business scenarios :
Fiori : End Users Access to the SAP Netweaver Gateway 7.4 through its HTTPS URL : https://srv-sap-gwpa.domain:44320/
HR Renewal : End Users Access to the SAP Netweaver Gateway 7.4 through the SAP WebDispatcher : https://srv-sap-wdsp.domain:44320
Both scenarios work fine ...
We had a request to configure SAML 2.0 for both scenarios, ADFS being the Identity Provider.
I believe that a Service Provider is called here a "Relying Party".
When configuring separately, Fiori OR HR Renewal, it works fine, users are authenticated into ADFS and their redirected to Fiori (Netweaver GAteway URL) or HR Renewal (SAP WebDispathcer).
The Problem is that we obviously need to configure both scenarios together, and here it does not work as expected, Fiori Users are bot redircted after authentication to the NEtweaver GAteway but are redirected to the Webdispatcher ... which is blocking for us
For Each scneario Webdispatcher (HR Renewal) and Netweaver Gateway (HR Renewal) we have a distincts Assertion Consumer Service (ACS) URL in ADFS :
We are really not familiar with ADFS, but there might be some trick, somehow , somewhere, to indicate to ADFS to redirect the URLs to the correct Service Provider/Relying Party.
Any help , hint would be appreciated
ADFS Settings For WebDispatcher :
For Netweaver Gateway :
Thanks
Hi All,
We have the same issue with internal and external reverse proxy and the only one possible Endpoint at ADFS side.
Is any solution for this?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Raoul,
This collaboration space if for content and questions related to the SAP Single Sign-On product. It seems that you are not using the SAML IdP we offer with SAP Single Sign-On product but you are using ADFS.
You can post your question in the collaboration space for SAP Fiori or the one for the SAP Web Dispatcher.
In the meantime you can also have a look at the recommended architecture for implementing SAP Fiori using a reverse proxy here:
and also the SAP documentation of the SAP Web Dispatcher solution here:
Regards,
Donka Dimitrova
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Donka,
Thanks but :
It is not a Fiori issue : Fiori works fine
We do not use the Sap Web-dispatcher on top of Fiori, so the reverse proxy documentation would not help us here. It is a SAML configuration issuee (agreed it is not the SAP Indetity Provider)
So where is the other area in the SCN Forum where I could get some help ?
Thank you
Hello Raoul,
My recommendation was to post this question in the SAP Fiori space not because it is a Fiori issue but because there could be somebody with experience for implementing SSO for Fiori using ADFS.
The other way is to look for help for ADFS SAML configurations in the Microsoft forums.
Regards,
Donka
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.