Show TOC

Setting Up the WS Provider AS Java to Accept SAML Token ProfilesLocate this document in the navigation structure


  • You have configured your WS provider in the AS Java to use SAML token profiles, that is, you have set SAML Assertion in the individual configuration.

  • You have set up the trust relationship between the provider and the consumer. If you have configured your systems for the use of logon tickets, this relationship has already been set up. If the issuing system is an AS ABAP:

    • If it is contained in the System Landscape Directory, you can use the SSO2 assistant of the SAP NetWeaver Administrator as described in Configuring the AS Java to Accept Logon Tickets .

    • If it is not contained in the System Landscape Directory, configure the trust relationship manually, as described in Configuring the Trust Relationship for SAML Token Profiles Without Logon Ticket Configuration , in the section AS Java Trusts AS ABAP , in the AS ABAP documentation.

    If you do not want to use logon tickets, you need to exchange the certificates for both systems and, for AS ABAP, include them in the access control list.

    For more information, see Exporting the AS Java Certificate.

    For more information about importing the certificate of the WS consumer, see Importing Certificate and Key From the File System.

  • You know the issuer of the SAML assertion of the WS consumer.


    Note that the issuer of the SAML assertion is not the issuer of the certificate.

  • If the SAML token profiles of an AS Java are to be accepted, the users of the AS Java and AS ABAP must be identical.


For the AS Java to be able to accept SAML token profiles, you need to make the setting described below.


  1. In SAP NetWeaver Administrator, start Start of the navigation path Configuration Management Next navigation step  Security  Next navigation step  Trusted Systems  End of the navigation path.

  2. On the Web Services Security SAML page under Start of the navigation path Trusted Partners Next navigation step Trusted SAML Issuers End of the navigation path, enter the SAML assertion issuer.