SAP Gateway – Configure NameID and activate trusted SAML 2.0 IdP

Published by Tobias Hofmann on

1 min read

Current state is that a trust between Gateway as SP and Keycloak as IdP is established. While the previous step established the trust, the IdP is not enabled in SAP Gateway. Meaning that SAML2.0  logons are not possible. For this to work, the IdP must be enabled. Currently, enabling is not possible and will fail, as the NameID configuration is missing. NameID is needed to enable the mapping of the SAML 2.0 user ID to the SAP user ID (simplified).

Configure NameID

Tx: SAML2

Open the tab Trusted Providers. Click on Edit, then on tab Identity Federation. The list of configured supported nameID formats is empty.

Click Add.

Select unspecified. This maps the NameID property transmitted by SAML 2.0 IdP to the Logon ID of the SAP System. So, if the user has an account with ID tobias in Keycloak, this will be set as NameID. The user needs to have the user ID tobias in Gateway to be able to log on.

Save.

Activate IdP

Now you can activate the trusted IdP. Select the IdP entry in the list.

Click on Enable

Result

IdP is active.

Now users can use the IdP as their identity provider and log on in SAP Gateway.

Let the world know
Categories: SAP
Tags:

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

SAP

SAP Development Tech Radar

4 min readThe SAP Development Tech Radar is available online. The source code is available at its GitHub repository. The information used for to place each technology on the radar is in the folder definitions. Read more…

SAP

What if … it is not the technology?

9 min readThe past The SAP Community Network (SCN) [1] went through some changes in the last 20+ years. 2011 a major change was planned, went live in 2012 and did not work as expected. Read more…

SAP

DSAG Technologietage 2024

10 min readMoin Hamburg. Ich bin nicht aus Zucker, ich bin aus Hamburg. Mehr muss man über das Wetter nicht wissen und zum Glück sind die Technologietage keine Freiluftveranstaltung. Montags bei der Anreise und dienstags Read more…