It's full of stars!

  • All Content
  • About

saml2

Basis SAP Security

SAML 2.0 – Automatic redirect to default IdP

SAP NetWeaver ABAP can be configured to use SAML 2.0 for Single Sign-on. You have to specify a default SAML 2.0 IdP to handle the user logons. After NW ABAP is configured, and the users are accessing a protected services like SAP WebGui, they are presented a screen asking you Read more…

By Tobias Hofmann, 4 yearsMarch 16, 2021 ago
Basis SAP Security

Troubleshooting SAML 2.0 – Error getting number

Szenario A trust between the SAML 2.0 IdP and SP is created. A user tries to log on for the first time to NetWeaver ABAP and after successfully logging in at the IdP, logging at the SP fails. The SAMLResponse is validated without errors, the NetWeaver ABAP system cannot create Read more…

By Tobias Hofmann, 5 yearsOctober 6, 2020 ago
Basis SAP Security

Troubleshooting SAML 2.0 – Update a federated user

Szenario Users are able to logon to NetWeaver ABAP via SAML 2.0 and get their user created automatically. A user information is now changed in the IdP and the corresponding information in NetWeaver must now be updated the next time the user logs on. Problem Updating the user information in Read more…

By Tobias Hofmann, 5 yearsOctober 2, 2020 ago
Basis SAP Security

Troubleshooting SAML 2.0 – Method create_user_to_federate throws exception

Szenario A trust between the SAML 2.0 IdP and SP is created. A user tries to log on to NetWeaver and after successfully logging in at the IdP, the SP is denying access. Problem An error in the BAdI create_user_to_federate is thrown. Exception type CX_SY_REF_IS_INITIAL. Trace Use the diag tool Read more…

By Tobias Hofmann, 5 yearsSeptember 30, 2020 ago
Basis SAP Security

Troubleshooting SAML 2.0 – CX_SAML20_CORE Message is not signed

Szenario A trust between the SAML 2.0 IdP and SP is created. A user tries to log on to NetWeaver and after successfully logging in at the IdP, the SP is denying access. Problem Using the diag tool to get a trace of the SAML 2.0 logon. The incoming request Read more…

By Tobias Hofmann, 5 yearsSeptember 28, 2020 ago
SAP

Troubleshooting SAML 2.0 – SAML 2.0 trace with sec diag tool

SAP provides a nice trace tool for troubleshooting login errors with SAML 2.0: Sec Diag Tool. It is a WebDynpro ABAP application. Make sure to activate the necessary ICF services first before running the tool. URL: /sap/bc/webdynpro/sap/sec_diag_tool/ In NPL: https://vhcalnplci:44300/sap/bc/webdynpro/sap/sec_diag_tool/ With the tool you can start a SAML2 trace. When Read more…

By Tobias Hofmann, 5 yearsSeptember 24, 2020 ago
Basis Cloud SAP

Create user in NetWeaver via SAML 2.0 – 2 – Implement BADI

SAP Help In the previous blog I detailed the BADI provided by SAP for creating and updating a user that logs on via SAML 2.0 and what to take care of. In this blog I’ll detail how to implement the BADI. The implementation means that some ABAP coding is needed. Read more…

By Tobias Hofmann, 5 yearsSeptember 14, 2020 ago
Basis SAP Security Technology

SSO Logon with X.509 certificate

SSO logon with an X.509 certificate offers some benefits. In this blog, I’ll cover the main benefits, problems and attention areas when using X.509 for SSO. As a practical example the X.509 logon with NetWeaver ABAP is shown. To access an ICM service on a NetWeaver ABAP system (NW ABAP), Read more…

By Tobias Hofmann, 5 yearsJuly 24, 2020 ago
Basis SAP Security

OAuth configuration 5 – Configure NameID and activate

Configure NameID After adding the OAuth IdP its status is set to disabled. It can only be enabled after the NameID format is configured. Tx: SAML2 In the tab trusted providers select OAuth 2.0 Identity Providers to see all OAuth IdPs. Select the IdP you want to activate and click Read more…

By Tobias Hofmann, 5 yearsApril 20, 2020 ago
Basis SAP

OAuth configuration 4 – Add trusted OAuth Identity Provider

After creating an OAuth client user assigning the permissions to call the OAuth protected OData service, it is time to start the actual OAuth client configuration. First, add an OAuth Identity Provider (IdP). The OAuth IdP NetWeaver ABAP accepts is a normal SAML 2.0 IdP. This is because NW ABAP Read more…

By Tobias Hofmann, 5 yearsApril 16, 2020 ago

Posts navigation

1 2 Next
  • Datenschutzerklärung
  • Impressum
  • Cookie-Erklärung
Hestia | Developed by ThemeIsle