You can use this topic to configure mapping of SAML principal IDs to user IDs in the AS ABAP.
When you use SAML assertions to access an AS ABAP application, you must always map the external ID of the SAML principal to the user ID in the AS ABAP even if the external ID and the AS ABAP ID are identical.
You can map users in view VUSREXTID of the AS ABAP as shown below:
<Partner Name> is the identifier of the partner as it appears in the SAML configuration for the inbound partners (see Inbound Partner Parameters ).
If the source site does not fill the Name Qualifier attribute, leave this part of the external ID empty.
Examples of external ID entries are:
If the saml:Assertion/saml:Subject/saml:Na meIdentifier element contains the SAP user ID, you can use the report RSUSREXTID to create the mapping for all users or a subset of users. For more information, see SAP Note 1254821.
When requesting access a SAML enabled AS ABAP application, the source site provides the user's ID (SAML principal) in his or her SAML assertion in the element NameIdentifier and an optional qualifier with the NameQualifier attribute. Based on the configured user mapping, the AS ABAP determines the user ID and authenticates the user.