When a user tries to access a resource on the AS ABAP, the Internet Connection Framework (ICF) determines which authentication mechanisms are allowed for the resource and which RFC destination should be used to access the AS Java that provides the SAML service. You must configure these settings in the service maintenance of the ICF beforehand as described in this section.
You can use these settings to enable and disable SAML authentication.
The connection between the AS ABAP and the AS Java is established. See Authentication and Single Sign-On → Integration in Single Sign-On (SSO) Environments → Single Sign-On for Web-Based Access → Using SAML Browser Artifacts → Using SAML with the AS ABAP → Establishing a Connection Between AS ABAP and AS Java.
If you configure data for a node and do not overwrite these settings on a subordinate node, you can apply the same configuration to multiple services.
If you choose Standard , the settings of the parent node are applied. If there is no other setting than Standard until the root node is reached, SAML authentication is possible because SAML authentication is part of the default list of logon methods.
The configuration settings for SAML authentication are as follows:
Choose Test Connection to verify that the AS Java can be reached and that the SAML service on the AS Java is running and has the proper version.
By restricting the allowed authentication methods, you impose stronger security constraints onto the user authentication to the source site. For example you can specify that only users that authenticated themselves to the source site using client certificates can access a resource on the AS ABAP with SAML.