It's full of stars!

  • All Content
  • About

sso

Basis SAP Security

SAML 2.0 – Automatic redirect to default IdP

SAP NetWeaver ABAP can be configured to use SAML 2.0 for Single Sign-on. You have to specify a default SAML 2.0 IdP to handle the user logons. After NW ABAP is configured, and the users are accessing a protected services like SAP WebGui, they are presented a screen asking you Read more…

By Tobias Hofmann, 4 yearsMarch 16, 2021 ago
SAP

Troubleshooting SAML 2.0 – SAML 2.0 trace with sec diag tool

SAP provides a nice trace tool for troubleshooting login errors with SAML 2.0: Sec Diag Tool. It is a WebDynpro ABAP application. Make sure to activate the necessary ICF services first before running the tool. URL: /sap/bc/webdynpro/sap/sec_diag_tool/ In NPL: https://vhcalnplci:44300/sap/bc/webdynpro/sap/sec_diag_tool/ With the tool you can start a SAML2 trace. When Read more…

By Tobias Hofmann, 5 yearsSeptember 24, 2020 ago
Basis Cloud SAP

Create user in NetWeaver via SAML 2.0 – 3 – Configure ICF

The ICF configuration is more complex than the standard SAML 2.0 configuration. Instead of just validating the SAML 2.0 response, the response must be validated, and a user created or update. To be able to create / update a user, the response received must be handled by a service user. Read more…

By Tobias Hofmann, 5 yearsSeptember 16, 2020 ago
Basis Cloud SAP

Create user in NetWeaver via SAML 2.0 – 1 – Extend BADI

The BADI you have to extend to be able to create or update a user in the SAP NW system based on the SAML 2.0 information is BADI_SAML20_USER_CREATE_UPDATE. It offers two methods, one for creating a new user, one for updating an existing user. Keep in mind that the SAP Read more…

By Tobias Hofmann, 5 yearsSeptember 10, 2020 ago
Basis SAP Security Technology

SSO Logon with X.509 certificate

SSO logon with an X.509 certificate offers some benefits. In this blog, I’ll cover the main benefits, problems and attention areas when using X.509 for SSO. As a practical example the X.509 logon with NetWeaver ABAP is shown. To access an ICM service on a NetWeaver ABAP system (NW ABAP), Read more…

By Tobias Hofmann, 5 yearsJuly 24, 2020 ago
Cloud SAP

SAML 2.0 Configuration with SAP Gateway as SP and Keycloak as IdP

This is the introduction blog on how to activate SAML 2.0 based logon on SAP NetWeaver ABAP systems. The example configuration shown here is using SAP Gateway. It is the same procedure for any SAP NetWeaver ABAP system that allows SAML 2.0 logons. The system used while writing the blog Read more…

By Tobias Hofmann, 5 yearsFebruary 20, 2020 ago
Basis OData SAP

FND – 44 – Configure SAP Gateway (FND) to accept assertion ticket from SAP backend (BEP)

Yes, this item should be under BEP and not HUB, but I am following SAP Help here, so sorry for the confusion! The configuration steps to be executed on the HUB system (FND) are detailed at SAP Help. The steps are for the OData Channel Service for backend system. Basic Read more…

By Tobias Hofmann, 10 yearsJuly 8, 2015 ago
Basis OData SAP

FND – 43 – Configure SAP backend system (BEP) to accept assertion ticket from SAP Gateway

Yes, this item should be under BEP and not HUB, but I am following SAP Help here, so sorry for the confusion! The configuration steps to be executed on the HUB system (FND) are detailed at SAP Help. The steps are for the OData Channel Service for backend system. Basic Read more…

By Tobias Hofmann, 10 yearsJuly 6, 2015 ago
  • Datenschutzerklärung
  • Impressum
  • Cookie-Erklärung
Hestia | Developed by ThemeIsle