After establishing the trust between the SAML 2.0 IdP and SP and activating the IdP in SAP Gateway, the ABAP system is configured for SAML 2.0 logons. An easy way to test if SAML 2.0 is working is to log on to SAP WebGui for HTML. This is a standard service delivered always. Therefore, it is also available for NPL. The default logon procedure for ICF is to check if SAML 2.0 is enabled and Read more…
Current state is that a trust between Gateway as SP and Keycloak as IdP is established. While the previous step established the trust, the IdP is not enabled in SAP Gateway. Meaning that SAML2.0 logons are not possible. For this to work, the IdP must be enabled. Currently, enabling is not possible and will fail, as the NameID configuration is missing. NameID is needed to enable the mapping of the SAML 2.0 user ID to Read more…
This is the final step of the task to establish a trust between SAP Gateway and Keycloak. The Keycloak SAML 2.0 IdP Metadata file downloaded in previous step is now imported into SAP Gateway as a IdP. This creates the trust on the SAP Gateway. Import SAML 2.0 IdP Metadata file Import the previously from Keycloak downloaded SAML 2.0 IdP Metadata file to NW ABAP. Tx: SAML2 Switch to tab Trusted Providers Click on Add Read more…
As SAML 2.0 depends on trust, it is necessary to establish this trust by exchanging the metadata of the IdP and SP. When the SAML 2.0 client for Gateway (NPL001) was created, the metadata of the Gateway SP was important to Keycloak. In this step, the metadata of the IdP is exported from Keycloak to be able to import it to Gateway. This concludes the task of establishing a trust between SAP Gateway and Keycloak. Read more…
In this step a new SAML 2.0 client is created in Keycloak by importing the Gateway SP metadata. After activating and configuring SAML 2.0 in Gateway, a Service Provider (SP) was created. A metadata file for that SP is available at the saml2 Web Dynpro ABAP application. This metadata file needs to be exported and imported in Keycloak. SAML 2.0 is based on trust between the IdP and SP. The trust is established by importing Read more…
Keycloak is an identity and access management solution. Among its list of supported authentication mechanisms are SAML 2.0 and OpenID Connect. It is open source and can be installed via Docker. This simplifies the installation and makes it easy to start with Keycloak. You only have to ensure pass a few configuration options to the Docker run command like port and user/password. Run Keycloak To run the latest version of Keycloak in Docker on port Read more…
Some time passed since I last wrote about OBS. In 2014, I started using OBS as a streaming solution for an event in Sao Paulo. I had quite some time to convince the co-organizers that streaming to an app and YouTube at the same time is a good idea, and that OBS is a good software for achieving this. In the end, my idea was accepted and SITSP video was captured with OBS and streamed Read more…
Before you can start to configure SAML 2.0 in SAP NetWeaver ABAP, SAML 2.0 support must be activated. The saml2 Web Dynpro ABAP app is used for this. In the NPL Developer Edition system the app is activated by default and can be accessed by opening this URL in the browser: https://vhcalnplci:44300/sap/bc/webdynpro/sap/saml2?sap-client=001 In a more generic way, the URL is: /sap/bc/webdynpro/sap/saml2?sap-client=nnn Start SAML 2.0 configuration Open the URL in the browser and the SAML 2.0 Read more…
Raspbian is based on Debian. Upgrading it to the latest version is done the same way as upgrading a normal Debian distribution. To not make this my shortest blog ever, I’ll show how I upgrade one of my Raspberry Pi. The upgrade to release N is performed by starting the process release N-1. For each upgrade: Update current release Prepare configuration for next release Run upgrade Clean up Validate result of upgrade Update your current Read more…
When in the last 15+ years someone asked me how to become a senior consultant, I answered: “Get hired as one.” I meant it as a joke as there are enough companies out there searching for senior consultants. Why? Get maximum value out of a person and client. Assign a senior on a project, charge for a senior. Sometimes you only needed to understand how HR works to be hired as a senior consultant. The Read more…