Show TOC

Enabling the SAML Service ProviderLocate this document in the navigation structure

Prerequisites

You have created a keystore view named SAML2 and generated at least one key-pair certificate for digital signatures and encryption.

For more information, see Using the AS Java Key Storage .

Context

Use this procedure to enable Security Assertion Markup Language (SAML) 2.0 support and make the basic configurations for a SAML 2.0 service provider. This procedure only covers the first steps for preparing your SAP NetWeaver Application Server (AS) Java to operate as a SAML service provider.

Procedure

  1. Start SAP NetWeaver Administrator with the quick link /nwa/auth .
  2. Choose Start of the navigation path SAML 2.0 End of the navigation path.

    If you have never configured your system for SAML 2.0, the system displays the following message:

    System not configured to support SAML 2.0.

  3. Choose the Enable SAML 2.0 Support pushbutton.
  4. Enter a name for the provider.
  5. Configure the settings for signature and encryption.

    1. Select the keystore view and the key pairs your created for the provider.

    2. Determine whether you want to include the public-key certificate in any digital signatures.

      • If you are using a public-key infrastructure for your SAML network or if the trusted providers otherwise require the inclusion of certificates to verify digital signatures, include the certificate.

      • If you are using self-signed certificates, do not include a certificate.

    3. To provide a means for identity providers to validate the metadata of the service provider, sign the configuration metadata of the service provider.

  6. Continue with the service provider settings and enter data as desired.

    The SOAP binding for the single logout (SLO) service and all the types and bindings for the Manage NameID (MNI) Service are disabled by default. Enabling any of these configurations for SLO and MNI without using them slows down the general performance.

    Note

    This procedure only covers the initial basic configuration for enabling SAML 2.0 service provider. Once the service provider is enabled, you can modify the bindings and types supported by the service provider, trust a service provider, configure identity federation, and protect resources with SAML. For more information, see Configuring the AS Java as a Service Provider .

  7. Choose the Finish pushbutton.