With SAP NetWeaver, you can use SAML to access applications both on the AS ABAP and the AS Java. In both cases the SAML service of the AS Java performs the SAML protocol execution with the source site.
In Using SAML Browser Artifacts for Single Sign-On you saw an example of what happens in the system when a client tries to access a protected resource on AS Java. You can use this section for information about using SAML for SSO access to a protected resource on AS ABAP.
On the AS ABAP, you can use SAML to access any resource that is registered in the Internet Communication Framework (ICF) of the AS ABAP and that can therefore be accessed with HTTP or HTTPS.
The figure below shows a server landscape with a source site (for example a portal), an AS ABAP as destination site, and a SAML service running on the AS Java.
The figure illustrates the system events that occur when a user tries to access a resource on the AS ABAP using SAML:
The resource on the AS ABAP can be any service that is registered in the Internet Communication Framework (ICF) of the AS ABAP.
The figure below illustrates the configuration steps required so that you can use SAML to access resources on AS ABAP. The numbers in the figure correspond to the numbers in the figure above. The letters define the configuration steps and are described below.
From the figure, you can see that the following configuration steps are required to set up SAML with a resource on AS ABAP:
A Make sure that the SAML service on the AS Java is running .
B Make sure that a connection is established between the AS ABAP and the AS Java (only necessary if you are accessing resources on AS ABAP with SAML). This requires an
C Configure the SAML source site. If you are using a portal as a source site, this requires creating a set of PartnersOutbound parameters. See Configuring a Portal as a SAML Source Site .
D Configure the AS Java as a destination site . This requires creating a destination to the source site's responder and defining a set of PartnersInbound parameters.
E Activate SAML for resources in the AS ABAP (only necessary if you are accessing resources on AS ABAP with SAML). Here you define the name of the RFC destination to the SAML service on the AS Java and you define that SAML is an allowed authentication method for the resource.
F You must map the external user IDs on the source site (SAML principal) to the user IDs in the AS ABAP even if the external ID and AS ABAP ID are identical (only necessary if you are accessing resources on AS ABAP with SAML).