Show TOC

SAP Web Dispatcher or Reverse Proxy ScenarioLocate this document in the navigation structure

You can use an SAP Web dispatcher for SAML 2.0 authentication between an AS ABAP service provider and a third-party identity provider.

In this scenario, an AS ABAP service provider trusts a third-party identity provider, which is usually outside your local network. The SAP Web dispatcher or proxy is located between the identity provider and your AS ABAP system that hosts the service provider.

Related Information

Configuring the Trust

Prerequisites

You have uploaded the identity provider metadata. For more information, see Trusting an Identity Provider.

Context

To configure the trust, you also have to provide the service provider metadata to the trusted third-party identity provider (IdP) so that this IdP can trust your service provider.

To download the metadata, proceed as follows:

Procedure

  1. Access the SAML 2.0 configuration application.

    The applications is accessed with the following URL: http(s)://<web dispatcher/proxy host>:<web dispatcher/proxy port>/sap/bc/webdynpro/sap/saml2?sap-client=<SAP client>

    Note

    For this scenario, it is recommended that SAML 2.0 configuration UI is accessed directly via URL using the web dispatcher or proxy host. Accessing the SAML 2.0 configuration UI by using web dispatcher or proxy host will ensure that service provider metadata will contain the correct endpoint URLs (URLs which are accessible by the identity provider).

  2. Choose Metadata to download the service provider metadata locally.
  3. Send the metadata to the identity provider so that the trust is configured on the IdP side.