After establishing the trust between the SAML 2.0 IdP and SP and activating the IdP in SAP Gateway, the ABAP system is configured for SAML 2.0 logons. An easy way to test if SAML 2.0 is working is to log on to SAP WebGui for HTML. This is a standard Read more…
Current state is that a trust between Gateway as SP and Keycloak as IdP is established. While the previous step established the trust, the IdP is not enabled in SAP Gateway. Meaning that SAML2.0 logons are not possible. For this to work, the IdP must be enabled. Currently, enabling is Read more…
As SAML 2.0 depends on trust, it is necessary to establish this trust by exchanging the metadata of the IdP and SP. When the SAML 2.0 client for Gateway (NPL001) was created, the metadata of the Gateway SP was important to Keycloak. In this step, the metadata of the IdP Read more…
In this step a new SAML 2.0 client is created in Keycloak by importing the Gateway SP metadata. After activating and configuring SAML 2.0 in Gateway, a Service Provider (SP) was created. A metadata file for that SP is available at the saml2 Web Dynpro ABAP application. This metadata file Read more…
Keycloak is an identity and access management solution. Among its list of supported authentication mechanisms are SAML 2.0 and OpenID Connect. It is open source and can be installed via Docker. This simplifies the installation and makes it easy to start with Keycloak. You only have to ensure pass a Read more…
This blog shows how to use Keycloak for OAuth 2.0 and OpenID Connect. Keycloak is an identity and access management solution. Among its list of supported authentication mechanisms are SAML 2.0 and OpenID Connect. It is open source and can be installed via Docker. I wrote how to install Keycloak Read more…
After creating an OAuth 2.0 scope and client and assigning the scope to the client, we can test the configuration. To do this, we need to log on in Keycloak as the OAuth 2.0 client. Keycloak will then validate the client and provide the Access Tokens and the scope(s) assigned Read more…
After performing the previous steps in Keycloak, an OAuth 2.0 scope and client is available. To get the scope after the OAuth 2.0 client authenticates against Keycloak, you need to assign the scope to the client. Log on to Keycloak and go to clients and select oidclient. This is the Read more…
OAuth uses scopes to restrict access to resources. “Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to Read more…
In this article I will show how to add an OAuth 2.0 client in Keycloak. Log in to Keycloak and select a realm. In a new (empty) installation of Keycloak, the realm Master is selected by default. The realm name is important, as it is part of the URL used Read more…