SAP Help: Enabling OAuth 2.0 Authentication for OData Services For the OData service used, see my blog Create an OData service from CDS. For each OData service you want to access through OAuth, a unique scope is needed. The scope is based on the OData service. The scope is needed Read more…
Scenario After you have enabled your NetWeaver ABAP system to be an SAML 2.0 Service Provider you want to download its metadata and get an error message: 403 Forbidden. Tx: SAML2 Call the SAML 2.0 configuration Web Dynpro app via transaction SAML2 and click on Metadata. Select what to include Read more…
I run an SAP NetWeaver ABAP Dev Edition system in a Virtual Box VM. Unfortunately, the update process for this software is to delete and reinstall after the DB license expires. Installing a new NW ABAP version is not overly complex: the SAP provided installer is easy to use and Read more…
This is the introduction blog on how to activate SAML 2.0 based logon on SAP NetWeaver ABAP systems. The example configuration shown here is using SAP Gateway. It is the same procedure for any SAP NetWeaver ABAP system that allows SAML 2.0 logons. The system used while writing the blog Read more…
Die DSAG Technologietage 2020 in Mannheim sind jetzt schon – leider – seit ein paar Tagen beendet. Genug Zeit die Menge an Informationen etwas im Rückblick und Abstand betrachten zu können. Mein Fokus in diesem Blog ist die SAP Fiori Story und wie sie an den zwei Tagen erzählt wurde. Read more…
After establishing the trust between the SAML 2.0 IdP and SP and activating the IdP in SAP Gateway, the ABAP system is configured for SAML 2.0 logons. An easy way to test if SAML 2.0 is working is to log on to SAP WebGui for HTML. This is a standard Read more…
Current state is that a trust between Gateway as SP and Keycloak as IdP is established. While the previous step established the trust, the IdP is not enabled in SAP Gateway. Meaning that SAML2.0 logons are not possible. For this to work, the IdP must be enabled. Currently, enabling is Read more…
This is the final step of the task to establish a trust between SAP Gateway and Keycloak. The Keycloak SAML 2.0 IdP Metadata file downloaded in previous step is now imported into SAP Gateway as a IdP. This creates the trust on the SAP Gateway. Import SAML 2.0 IdP Metadata Read more…
As SAML 2.0 depends on trust, it is necessary to establish this trust by exchanging the metadata of the IdP and SP. When the SAML 2.0 client for Gateway (NPL001) was created, the metadata of the Gateway SP was important to Keycloak. In this step, the metadata of the IdP Read more…
In this step a new SAML 2.0 client is created in Keycloak by importing the Gateway SP metadata. After activating and configuring SAML 2.0 in Gateway, a Service Provider (SP) was created. A metadata file for that SP is available at the saml2 Web Dynpro ABAP application. This metadata file Read more…