Blog list

SAP Gateway – Activate and test SAML 2.0 Logon with SAP WebGui for HTML

After establishing the trust between the SAML 2.0 IdP and SP and activating the IdP in SAP Gateway, the ABAP system is configured for SAML 2.0 logons. An easy way to test if SAML 2.0 is working is to log on to SAP WebGui for HTML. This is a standard service delivered always. Therefore, it is also available for NPL. The default logon procedure for ICF is to check if SAML 2.0 is enabled and Read more…

SAP Gateway – Configure NameID and activate trusted SAML 2.0 IdP

Current state is that a trust between Gateway as SP and Keycloak as IdP is established. While the previous step established the trust, the IdP is not enabled in SAP Gateway. Meaning that SAML2.0  logons are not possible. For this to work, the IdP must be enabled. Currently, enabling is not possible and will fail, as the NameID configuration is missing. NameID is needed to enable the mapping of the SAML 2.0 user ID to Read more…

Keycloak – Download SAML 2.0 IdP Metadata

As SAML 2.0 depends on trust, it is necessary to establish this trust by exchanging the metadata of the IdP and SP. When the SAML 2.0 client for Gateway (NPL001) was created, the metadata of the Gateway SP was important to Keycloak. In this step, the metadata of the IdP is exported from Keycloak to be able to import it to Gateway. This concludes the task of establishing a trust between SAP Gateway and Keycloak. Read more…

Keycloak – Create a SAML 2.0 Client

In this step a new SAML 2.0 client is created in Keycloak by importing the Gateway SP metadata. After activating and configuring SAML 2.0 in Gateway, a Service Provider (SP) was created. A metadata file for that SP is available at the saml2 Web Dynpro ABAP application. This metadata file needs to be exported and imported in Keycloak. SAML 2.0 is based on trust between the IdP and SP. The trust is established by importing Read more…

Keycloak – Installation via Docker

Keycloak is an identity and access management solution. Among its list of supported authentication mechanisms are SAML 2.0 and OpenID Connect. It is open source and can be installed via Docker. This simplifies the installation and makes it easy to start with Keycloak. You only have to ensure pass a few configuration options to the Docker run command like port and user/password. Run Keycloak To run the latest version of Keycloak in Docker on port Read more…

NGINX with RTMP on Raspberry Pi as a streaming server for OBS

Some time passed since I last wrote about OBS. In 2014, I started using OBS as a streaming solution for an event in Sao Paulo. I had quite some time to convince the co-organizers that streaming to an app and YouTube at the same time is a good idea, and that OBS is a good software for achieving this. In the end, my idea was accepted and SITSP video was captured with OBS and streamed Read more…

Updating Raspbian

Raspbian is based on Debian. Upgrading it to the latest version is done the same way as upgrading a normal Debian distribution. To not make this my shortest blog ever, I’ll show how I upgrade one of my Raspberry Pi. The upgrade to release N is performed by starting the process release N-1. For each upgrade: Update current release Prepare configuration for next release Run upgrade Clean up Validate result of upgrade Update your current Read more…

Competence by Title Principle

When in the last 15+ years someone asked me how to become a senior consultant, I answered: “Get hired as one.” I meant it as a joke as there are enough companies out there searching for senior consultants. Why? Get maximum value out of a person and client. Assign a senior on a project, charge for a senior. Sometimes you only needed to understand how HR works to be hired as a senior consultant. The Read more…