Create user in NetWeaver via SAML 2.0 – 2 – Implement BADI
In the previous blog I detailed the BADI provided by SAP for creating and updating a user that logs on via SAML 2.0 and what to take care of. In this blog I’ll detail how to implement the BADI. The implementation means that some ABAP coding is needed.
Tx SE80 Package: SAML2_COMMON Badi: BADI_SAML20_USER_CREATE_UPDATE
Click on Implement Enhancement Spot (or press F6).
You’ll have to create a BADI container first, then the implementing class. Let’s create the container for the BADI that contains the implementing classes.
Enhancement implementation: z_badi_saml2_createuser Short text: Create user via SAML2 logon
Create the implementing class.
BADI implementation: Z_BADI_SAML20_USER Class name: ZCL_BADI_SAML20_USER BADI Definition: BADI_SAML20_USER-CREATE_UPDATE
A message is shown asking if you want to start from scratch or use the provided example class as a starting point. Select the sample class and click on “Copy Sample Class”.
In the BADI, we can now see the created container and class in the tab “Enh. Implementation Elements”.
In the class, delete the lines that check for the SAP internal IdP. Delete:
"Check if the assertion was issued by the allowed IdPs IF iv_assertion_issuer_name <> 'idp904.saplabs.sofia' AND iv_assertion_issuer_name <> 'idp905.saplabs.sofia' AND iv_assertion_issuer_name <> 'idp906.saplabs.sofia'. "Assertion was issued by unknown issuer - we won't create a new user and we'll stop the authentication RAISE EXCEPTION TYPE cx_saml20 EXPORTING c_stack = cx_saml20=>create_callstack( ). ENDIF.
Save and activate the class. The runtime behavior must be “The implementation will be called”.