Show TOC

Enabling the SAML Service ProviderLocate this document in the navigation structure


Use this procedure to enable Security Assertion Markup Language (SAML) 2.0 support and make the basic configurations for a SAML 2.0 service provider. This procedure only covers the first steps for preparing your SAP NetWeaver Application Server (AS) ABAP to operate as a SAML service provider.


  1. Start the SAML 2.0 configuration application (transaction SAML2).

    If you have never configured your system for SAML 2.0, the system displays the following message:

    Client <client_number> is not configured to support SAML 2.0.

  2. Choose the Enable SAML 2.0 Support pushbutton.
  3. Enter a name for the provider.
  4. Continue through the configuration wizard and enter data as desired.

    This procedure only covers enabling SAML 2.0. Once enabled, you can configure the bindings supported by the service provider, trust an identity provider, configure identity federation, and protect resources with SAML. The configuration creates two Secure Store and Forward (SSF) applications and associates Personal Security Environment (PSE) files with them. The PSE files contain the signing and encryption key pairs of the service provider.

    For more information, see Configuring AS ABAP as a Service Provider.

  5. Choose the Finish pushbutton.
  6. Activate the necessary Internet Communication Framework (ICF) services.

    To use the service provider, you must manually activate the following two ICF services:

    • /default_host/sap/public/bc/sec/saml2

    • /default_host/sap/public/bc/sec/cdc_ext_service