on 07-20-2016 6:15 PM
I have SAML 2.0 setup for GRC, providing SSO to our ABAP URL's. It works great, validating credentials against ADFS. Now, I want to extend that to cover the Web Dispatcher so we can enable Fiori for GRC.
I found a wiki that says to access the SAML 2.0 configuration application using http(s)://<web dispatcher/proxy host:<web dispatcher/proxy port>, then download the "Metadata" and send that to the Identity Provider. I'm expecting that this will update the trust with the Identity Provider so that the SAML 2.0 response will use the same host name and same port.
I reviewed my metadata.xml. It doesn't have any reference to the Web Dispatcher host name, so I question how the Identity Provider is going to successfully complete RelayState mapping.
Any thoughts or words of wisdom?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Nelis. This falls right in line with Note 2326063 - SAML2: How to configure when using proxy/web dispatcher.
I ran the URL to the SAML2 Configuration by way of my Web Dispatcher. (http(s)://<web dispatcher/proxy host>:<webdisp port>/sap/bc/webdynpro/sap/saml2?sap-client=<SAP Client>. I was then able to download the metadata.xml. However, when I look at the metadata.xml there is no reference whatsoever to my Web Dispatcher host. I can't find any endpoint URL's that would instruct ADFS to use a RelayState back to my Web Dispatcher instead of my ABAP Backend.
I even tried going through the Web Dispatcher Admin Console but it has nothing on SAML2.
... continuing to work through the wiki on Using Proxies referenced in the note.
This is the wiki I referenced.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.