The easiest way to trust a SAML 2.0 service provider is to import its metadata XML file. The metadata XML file includes the following:
The address and name of the service provider
The list of endpoint configurations the service provider supports
The public-key certificates for decryption and checking of the service provider's digital signature
This procedure explains how to access the metadata XML file of the service provider of the SAP NetWeaver Application Server (AS) ABAP.
The SAML service provider is enabled.
You have configured the endpoints that you want to support for Single Sign-On (SSO), Single Log-Out (SLO), artifacts, and SOAP. Any endpoints you configure later require you to manually reconfigure your identity provider or reimport the metadata XML file.
You have determined how you want to access the metadata XML file.
The host name and protocol generated for the service provider endpoints in the metadata XML file are the same as the host name and protocol you use to access the metadata XML file. Use the same host name and protocol you expect the identity provider to use when it accesses the service provider endpoints. If you use a host name that the identity provider cannot resolve, or a protocol that the identity provider cannot use, connections from the identity provider fail.
You have the following options for accessing the metadata XML file:
Download the metadata XML file from the AS ABAP.
Access the URL of the metadata XML file on the AS ABAP.
You have determined whether metadata must be digitally signed or not.
A digital signature ensures that other systems that trust the service provider check that the metadata XML really comes from that service provider.
To access the metadata XML, you can either download the metadata XML file or access the URL of the metadata XML file. The first option is preferable.
Downloading the Metadata XML File
Start the SAML 2.0 configuration application (transaction SAML2).
On the Local Provider tab, choose the Metadata button, and then the Download Metadata pushbutton.
Save the XML file.
Accessing the URL of the Metadata XML File
Create a service on the AS ABAP for the download of the metadata XML, including the following ABAP class in the handler list: CL HTTP EXT SAML20.
For more information, see Creating and Configuring an ICF Service.
When configuring the service providers you want your SAML identity provider to trust, enter the URLs for the services. The URLs must have the following format: <protocol>://<host>:<port>/saml2/sp/metadata?sap-client=<client>