Create user in NetWeaver via SAML 2.0 – 1 – Extend BADI

Published by Tobias Hofmann on

2 min read

The BADI you have to extend to be able to create or update a user in the SAP NW system based on the SAML 2.0 information is BADI_SAML20_USER_CREATE_UPDATE. It offers two methods, one for creating a new user, one for updating an existing user. Keep in mind that the SAP user identified by these methods depends on the SAML IdP identity. If the same user is logging in using different IdPs, there will be different SAP users, one for each IdP. Also, in case the user already exists in the SAP NW system (created as a normal SAP user), that user is not affected by the create or update methods.

Extend BADI_SAML20_USER_CREATE_UPDATE

The BADI to extend is part of package SAML2_COMMON. SAP delivers an example implementation, making it easy to implement your own method.

Package: SAML2_COMMON
Badi: BADI_SAML20_USER_CREATE_UPDATE
Example: CL_SAML20_USER_BADI_EXAMPLE
SE80

The BADI has two methods: one for creating a user, one for updating an existing user.

  • Create user: CREATE_USER_TO_FEDERATE
  • Update: UPDATE_FEDERATED_USER
ABAP interface

The provided example class shows how to implement these methods.

Note

You cannot simply use the provided sample class. This class only works with pre-defined IdPs. These IdPs are SAP internal.
SE80

To use the example code, it is necessary to remove the check for the SAP internal dummy IdPs. The in the below picture the lines that must be adjusted. The if condition checks for some internal IdPs from SAP Labs in Sofia. If you do not delete these, an exception will be raised. At least we know where the BADI was developed.

ABAP source code
Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.