cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD FS with NW 7.02 using UME

Go to solution
amrita_goswami
Participant

on ‎03-02-2016 11:05 AM

0 Kudos

Hi All,

In our landscape we are planning to implement SAML 2.0 across SAP and Non-SAP applications.

The Non-Sap Applications are hosted in the Cloud. These will use Active Directory Federation Service as IdP and the user repository will be AD.

The SAP applications are hosted on another cloud. We would like to use Netweaver 7.0 EhP2 as Service Provider.

  1. For IdP can we make use of the AD FS that is already installed in another cloud? We want to use UME as user Repository for access to Netweaver Portal.
  2. Is this setup possible and will Netweaver 7.02 support this setup.
  3. Do we need to separately install AD FS in our SAP Cloud environment?
  4. Secondly if we use NW IDM Federation with Netweaver 7.2, can the SAP IDM work as the sole IdP across the landscape validating users from UME and AD in both the domains?

Please let me know your thoughts.

Thanks,

Amrita

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

donka_dimitrova
Contributor
‎03-02-2016 11:21 AM
0 Kudos

Hello Amrita,

SAML 2.0 Service Provider is supported starting from these versions:

  • SAP NetWeaver AS Java 7.20 (or higher)
  • SAP NetWeaver AS ABAP 7.02 (or higher)

If you decide to use the SAML Identity Provider available with the SAP Single Sign-On product (license required), you will be able to integrate any SAP and non-SAP cloud and on premise solution that is working as a standard SAML Service Provider and your users could be validated against the UME and/or the Microsoft Active Directory.

Regards,

Donka Dimitrova

Show replies
Show replies
amrita_goswami
Participant
‎03-02-2016 12:25 PM
0 Kudos

Thanks for the prompt response Donka!

One additional question on this topic. Supposing we want to integrate SAP Fiori into the landscape. In that case would it suffice to install SAP NW Gateway and to configure that as a SAML Service Provider?

Netweaver IDM would still be the IdP.

donka_dimitrova
Contributor
‎03-02-2016 1:30 PM
0 Kudos

Hello Amirira,

There is a SAML IDP available with the SAP Identity Management product (license required) but with the SAP Identity Management product you get only the SAML IDP and not the Mobile SSO solution we offer with the SAP Single Sign-On product: SAP Fiori Client - SAP Library

See more details about the Mobile SSO with SAP Single Sign-On product here:

Mobile Single Sign-On for SAP Fiori - Step-by-Step Guide

See also this architectural guide for Fiori, where chapter 5 describes the Mobile SSO with SAP Single Sign-On:

http://a248.g.akamai.net/n/248/420835/e31e96ee7bd4894bbfb39d92d930463141dfb15172dc955b62d1bde2affde8...

Regards,

Donka Dimitrova

amrita_goswami
Participant
‎03-03-2016 6:45 AM
0 Kudos

One basic question

Mobile SSO = SAP Authenticator + Fiori Client to be installed on the Clients Device ?

Does this need a license ?

In case of Fiori deployment does the Gateway Server have to be configured as Service Provider with TOTP logic module?

donka_dimitrova
Contributor
‎03-07-2016 8:02 AM
0 Kudos

Hello Amrita,

Mobile SSO for the SAP Fiori using the SAP Single Sign-On product (license required) includes:

1) SAP Authenticator

2) SAML Identity Provider

3) SSO AUTHENTICATION LIBRARY 2.0

The SAP Authenticator itself is available for free but could be used for free only as a client for RFC 6238 passcodes generation solution. The server side for the two-factor authentication with OTP (one-time passwords) and also the Mobile SSO support via the SAP Authentication application requires license for the SAP Single Sign-On product.

Regards,

Donka Dimitrova

Answers (0)

Ask a Question