cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using SAML 2.0 and Windows LDAP 2008

rezaejersbo
Participant

on ‎06-28-2016 8:49 AM

0 Kudos

Hello All,

I have a new SAP Portal 7.31 installation and my plan is use LDAP as Data Source in UME SAP Portal,

and configurer SSO  between SAP Portal And LDAP by using SAML 2.0.

Is it any bedste practices for this configuration?

I have seen a lot of explanation and I am quit confused.

Any help?

Thanks

Reza

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

donka_dimitrova
Contributor
‎06-28-2016 9:07 AM
0 Kudos

Hello Reza,

For such scenario you need a SAML Identity Provider and you can get such with the SAP Single Sign-On product (license required).

REgards,

Donka Dimitrova

Show replies
Show replies
rezaejersbo
Participant
‎06-28-2016 9:28 AM
0 Kudos

Hello Donka,

Thanks for replay.

My plan is to use LDAP/ADSF as Identity Provider and SAP Portal as SP (service provider) by using SAML 2.0 protocol.

I need som installation doc. bedste practices.

Do I need licensen to use SAML between SAP portal and LDAP? 

Thanks

Reza

donka_dimitrova
Contributor
‎07-05-2016 9:40 AM
0 Kudos

Hello Reza,

If you want to use SAML Identity Provider from SAP for this scenario, you need license for the SAP Single Sign-On product.

For this scenario you can use also any non-SAP standard SAML IDP that is capable to integrate with the LDAP.

Regards,

Donka Dimitrova

rezaejersbo
Participant
‎07-05-2016 10:36 AM
0 Kudos

Hello Donka,

I do not undertand what you mean I need license for this scenerio.

I just asking for an  best practices or some documentation for configuring connection from SAP Portal to ADFS.

Thanks

Reza 

donka_dimitrova
Contributor
‎07-05-2016 10:47 AM
0 Kudos

Hello Reza,

You can simply configure an LDAP Directory as a Data Source for the AS JAVA UME:

Configuring the UME to Use an LDAP Directory as Data Source - Identity Management - SAP Library

This way you will be able to configure the applications, running on AS JAVA Server (like the SAP Portal), to use the LDAP credentials. But this is simply authentication (no SSO).

SSO - single sign-on means the user to authenticate once to an identity provider (for example MS Domain or SAML IDP) and then to have SSO based on tokens (for example Kerberos/SAML) to all applications that trust this identity provider. This is SSO and if you need SSO for SAML 2.0 based applications (as you mentioned in your very first post), then you need a SAML Identity Provider.

If you don't need SAML 2.0 based SSO, you can simply go with configuring authentication based on the LDAP credentials.

Regards,

Donka Dimitrova

rezaejersbo
Participant
‎07-06-2016 5:41 PM
0 Kudos

Hello Donka,

Thanks for Replay, I am just confused, I have this SAP Portal and I want to configure SSO connection

Between SAP Portal and LDAP server, to use AD as Data Source in Portal UME.

For this solution i want to use spnego, do you know what is different to start spnego from:

http://java-server.port/spnego

or

Http://java-server:port/nwa -> sonfiguration and spnego from there?

I find this solution on sap note 994791.

Thanks

Reza

donka_dimitrova
Contributor
‎07-07-2016 7:19 AM
0 Kudos

Hello Reza,

Please, find here in the documentation how to implement SSO based on Kerberos/SPNEGO for applications running on AS JAVA server:

Kerberos and SAP NetWeaver AS for Java - User Authentication and Single Sign-On - SAP Library

Using Kerberos Authentication on SAP NetWeaver AS for Java - User Authentication and Single Sign-On ...

Here is also the wiki on this topic:

SPNego Kerberos Authentication - SAP Netweaver Application Server Java - SCN Wiki 

Regards,

Donka Dimitrova

Ask a Question