There are two different methods you can use to access the application using SAML assertions:
In this case, you have to pass the SAML assertion to the application in the URL.
The AS Java provides a generic SAML receiver that you can use as a single entry point to access all applications that accept SAML assertions. The SAML receiver then redirects the user to the desired application.
If you are using a portal as your SAML source site and users access the application through the portal, the portal automatically generates the correct URL for the application (direct access).
For applications on the AS Java:
Even if you use the SAML receiver, the login module stack for the target application has to contain the SAMLLoginModule .
For applications on the AS ABAP:
When you test the connection between the AS ABAP and the AS Java, if the AS Java has a different setting for this parameter, it is reported as a warning because both stacks are not consistently configured. This also has implications if requests are sent to the artifact receiver servlet on the AS Java. The receiver servlet redirects the requests to the AS ABAP with the same SAMLart name as in the incoming requests. If the URL parameter names are different, the AS ABAP will not recognize the parameter.
For more information about the configuration parameters, see SAML Parameters .
Accessing an Application Directly
You can access the Web application directly and transfer the SAML artifact as a URL parameter.
Example:
https://myHost/myResource?SAMLart=3f6zdlU7...
Accessing an Application Using the SAML Receiver
Alternatively, you can access the application using the SAML receiver. The SAML receiver on the AS Java is the sap.com/tc~sec~saml~app application. Access it using the path /saml/receiver in the URL. Include the parameters for the target application and the SAML artifact in the URL.
Example URL:
https://.../saml/receiver?TARGET=http%3A%2F%2FmyHost...&SAMLart=3f...
Note the URL encoding to represent the target URL in the URL TARGET parameter.
The SAML receiver does not return the requested data itself but sends an HTTP redirect command to the target application, which then analyzes the SAML artifact using the SAMLLoginModule for the AS Java or in the Internet Connection Framework for the AS ABAP.
If the SAML artifact can be successfully verified, then access to the target resource is allowed.