Show TOC

Configuring Support for Enhanced Client or ProxyLocate this document in the navigation structure


The ECP knows or is capable of discovering which identity provider the service provider trusts.


The Enhanced Client or Proxy (ECP) profile of the SAML 2.0 specification is useful in the following situations:

  • You have a client with extended capabilities and you want the client to take on more responsibility in the exchange. For example, the client can determine the appropriate identity provider.

  • Your client has limited capabilities so you delegate some of these tasks to an enhanced proxy. For example, a wireless access point (WAP).

  • You cannot use other bindings. Some possible examples are as follows:

    • The client does not support redirects.

    • The client does not support Javascript, preventing auto form post.

    • A firewall prevents the identity provider and service provider from communicating directly, preventing the artifact binding.

The ECP profile enables the client to contact the identity provider with the authentication request generated by the service provider. Exchanges between the ECP and the service provider use PAOS.


  1. Start SAP NetWeaver Administrator.
  2. Choose Start of the navigation path Configuration Management Next navigation step Security Next navigation step Authentication and Single Sign-On Next navigation step SAML 2.0 Next navigation step Service Provider Settings End of the navigation path.
  3. Choose the Edit pushbutton.
  4. Under Assertion Consumer Service , make sure that you have selected PAOS as a supported binding.
  5. Save your entries.
  6. Configure the identity provider to support the PAOS solution.

    For more information, see the documentation supplied by the identity provider vendor.