Show TOC

Triggering Identity Provider ProxyLocate this document in the navigation structure

Use

Configuring a URL Parameter

You can activate the proxying scenario with the service provider by specifying the saml2idp parameter in the URL for the AS ABAP service provider. The value of this parameter defines the authenticating identity provider. In the proxy scenario, the parameter is included in the authentication request from the service provider.

The value of the parameter defines the following cases:

saml2idp Parameter

Action

No such parameter.

Send authentication request to the default trusted identity provider.

The value of the parameter is an unknown identity provider.

  • If the proxy count is zero, the proxying fails.

  • If the proxy count is greater than zero, send authentication request to the default trusted identity provider.

The value of the parameter is an existing trusted identity provider.

Send authentication request to the existing trusted identity provider.

Configuring Proxy Count

Set the proxy count to limit the number of proxy layers between the service provider and the authenticating identity provider. Each layer consists of a proxy identity provider. SAML 2.0 uses a proxy count to limit how far authentication requests can go up and down a chain of providers. A provider can include a proxy count in the request. If you set zero for the proxy count, you specify only trusted identity providers and there is no proxying.

Procedure

To configure the proxy count, proceed as follows:

  1. Start the SAML 2.0 configuration application (transaction SAML2).

  2. On the Local Provider tab, choose the Service Provider Settings tab.

  3. Choose the Edit pushbutton.

  4. In the Proxying Settings section, enter the proxy count and save your entry.

    Note

    The proxy count is set to zero by default.