Create user in NetWeaver via SAML 2.0 – 2 – Implement BADI

Published by Tobias Hofmann on

3 min read

SAP Help

In the previous blog I detailed the BADI provided by SAP for creating and updating a user that logs on via SAML 2.0 and what to take care of. In this blog I’ll detail how to implement the BADI. The implementation means that some ABAP coding is needed.

Tx SE80

Click on Implement Enhancement Spot (or press F6).


You’ll have to create a BADI container first, then the implementing class. Let’s create the container for the BADI that contains the implementing classes.

Enhancement implementation: z_badi_saml2_createuser
Short text: Create user via SAML2 logon
SE80 create enhancement implementation

Create the implementing class.

BADI implementation: Z_BADI_SAML20_USER
Class name: ZCL_BADI_SAML20_USER
Create BADI implementation screen

A message is shown asking if you want to start from scratch or use the provided example class as a starting point. Select the sample class and click on “Copy Sample Class”.

Create implementation class

In the BADI, we can now see the created container and class in the tab “Enh. Implementation Elements”.

enhancement implementation

In the class, delete the lines that check for the SAP internal IdP. Delete:

"Check if the assertion was issued by the allowed IdPs
IF iv_assertion_issuer_name <> 'idp904.saplabs.sofia' AND
iv_assertion_issuer_name <> 'idp905.saplabs.sofia' AND
iv_assertion_issuer_name <> 'idp906.saplabs.sofia'.
"Assertion was issued by unknown issuer - we won't create a new user and we'll stop the authentication
c_stack = cx_saml20=>create_callstack( ).

Save and activate the class. The runtime behavior must be “The implementation will be called”.

Runtime behavior configuration

Let the world know

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.