Show TOC

Function documentationLogon via SAML Locate this document in the navigation structure


For each ICF service, you can define whether you want to allow logon via SAML (Security Assertion Markup Language). This procedure makes it possible to exchange logon and authorization information between business partners for using XML-based web services. Using this procedure, you can avoid having to log on repeatedly when using web services of the same kind.


The SAML logon procedure is listed as last but one (position 6) in the logon procedure in both the standard logon order and the alternative logon order (default setting).

Note Note

If you explicitly deactivate the SAML logon procedure, it will not be used in the standard logon order either.

End of the note.

Caution Caution

If you use the alternative logon order and want to use SAML, you need to activate the procedure and must not remove it from the list of logon procedures.

End of the caution.


The logon procedure you are using is either Standard or Alternative Logon Order. In the logon procedures Required with Client Certificate and Required with Logon Data, the SAML application is not active.


If you want to allow logon via SAML, proceed as follows:

  1. In transaction SICF, double-click the required service or service node.

  2. Choose Change.

  3. Choose logon data and define one of the following options for SAML:

    • Choose SAML Configuration and define whether you want to take over the configuration settings from higher-level nodes. If you want to make a configuration of your own for this service, remove the selection for this option and maintain the displayed settings especially for this service.

    • Choose Accept Data and save your entries with .


Example Example

For travel planning, a user is using web services on various web pages to book a flight, rent a car and reserve a hotel room. If the relevant services use the SAML logon procedure, the user only needs to log on once (for the first activity) and can then perform all other services without needing to log on again.

End of the example.

More Information

For more details about using SAML in SAP Web AS, see