Show TOC

 Accessing an Application that Accepts SAML AssertionsLocate this document in the navigation structure


There are two different methods you can use to access the application using SAML assertions:

  • Directly

    In this case, you have to pass the SAML assertion to the application in the URL.

  • Using the SAML receiver on the AS Java

    The AS Java provides a generic SAML receiver that you can use as a single entry point to access all applications that accept SAML assertions. The SAML receiver then redirects the user to the desired application.


    If you are using a portal as your SAML source site and users access the application through the portal, the portal automatically generates the correct URL for the application (direct access).

  • The target application is configured to accept SAML assertions.

    For applications on the AS Java:

    • The login module stacks for the applications contain the SAMLLoginModule .

      Even if you use the SAML receiver, the login module stack for the target application has to contain the SAMLLoginModule .

    • The name of the parameter to use for the SAML artifact is specified in the ParameterNameArtifact parameter (default: SAMLart ).

    For applications on the AS ABAP:

    • SAML authentication is in the list of authentication methods for the application.
    • The name of the URL parameter containing the assertion artifact must be SAMLart .

      When you test the connection between the AS ABAP and the AS Java, if the AS Java has a different setting for this parameter, it is reported as a warning because both stacks are not consistently configured. This also has implications if requests are sent to the artifact receiver servlet on the AS Java. The receiver servlet redirects the requests to the AS ABAP with the same SAMLart name as in the incoming requests. If the URL parameter names are different, the AS ABAP will not recognize the parameter.

  • If you are using the SAML receiver, the parameter to use for the target application is specified in the PartnerNameTarget parameter (default: TARGET ).

    For more information about the configuration parameters, see SAML Parameters .

  • The SAML Service is running on all of the AS Java server instances.

Accessing an Application Directly

You can access the Web application directly and transfer the SAML artifact as a URL parameter.




Accessing an Application Using the SAML Receiver

Alternatively, you can access the application using the SAML receiver. The SAML receiver on the AS Java is the application. Access it using the path /saml/receiver in the URL. Include the parameters for the target application and the SAML artifact in the URL.


Example URL:


Note the URL encoding to represent the target URL in the URL TARGET parameter.


The SAML receiver does not return the requested data itself but sends an HTTP redirect command to the target application, which then analyzes the SAML artifact using the SAMLLoginModule for the AS Java or in the Internet Connection Framework for the AS ABAP.


If the SAML artifact can be successfully verified, then access to the target resource is allowed.