cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extending SAML 2.0 to Web Dispatcher

Go to solution
richard_howard
Active Participant

on ‎07-20-2016 6:15 PM

0 Kudos

I have SAML 2.0 setup for GRC, providing SSO to our ABAP URL's.  It works great, validating credentials against ADFS.  Now, I want to extend that to cover the Web Dispatcher so we can enable Fiori for GRC.

I found a wiki that says to access the SAML 2.0 configuration application using http(s)://<web dispatcher/proxy host:<web dispatcher/proxy port>, then download the "Metadata" and send that to the Identity Provider.  I'm expecting that this will update the trust with the Identity Provider so that the SAML 2.0 response will use the same host name and same port.

I reviewed my metadata.xml.  It doesn't have any reference to the Web Dispatcher host name, so I question how the Identity Provider is going to successfully complete RelayState mapping.

Any thoughts or words of wisdom?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

nelis
Active Contributor
‎07-26-2016 1:41 PM

See my answer here:

Regards,

Nelis

Show replies
Show replies
richard_howard
Active Participant
‎07-27-2016 6:35 PM
0 Kudos

Thanks Nelis.  This falls right in line with Note 2326063 - SAML2: How to configure when using proxy/web dispatcher.

I ran the URL to the SAML2 Configuration by way of my Web Dispatcher.  (http(s)://<web dispatcher/proxy host>:<webdisp port>/sap/bc/webdynpro/sap/saml2?sap-client=<SAP Client>.  I was then able to download the metadata.xml.  However, when I look at the metadata.xml there is no reference whatsoever to my Web Dispatcher host.  I can't find any endpoint URL's that would instruct ADFS to use a RelayState back to my Web Dispatcher instead of my ABAP Backend.

I even tried going through the Web Dispatcher Admin Console but it has nothing on SAML2.

... continuing to work through the wiki on Using Proxies referenced in the note.

Answers (1)

Answers (1)

richard_howard
Active Participant
‎07-20-2016 6:16 PM
0 Kudos

https://wiki.scn.sap.com/wiki/display/Security/SAML+2.0+Service+Provider+for+AS+ABAP+and+Web+Dispatc...

This is the wiki I referenced.

Show replies
Show replies
Ask a Question