There are two different methods you can use to access the application using SAML assertions:
· Directly
In this case, you have to pass the SAML assertion to the application in the URL.
· Using the SAML receiver on the AS Java
The AS Java provides a generic SAML receiver that you can use as a single entry point to access all applications that accept SAML assertions. The SAML receiver then redirects the user to the desired application.
· The target application is configured to accept SAML assertions.
For applications on the AS Java:
○ The login module stacks for the applications contain the SAMLLoginModule.
Even if you use the SAML receiver, the login module stack for the target application has to contain the SAMLLoginModule.
○ The name of the parameter to use for the SAML artifact is specified in the ParameterNameArtifactparameter (default: SAMLart).
For applications on the AS ABAP:
○ SAML authentication is in the list of authentication methods for the application.
○ The name of the URL parameter containing the assertion artifact must be SAMLart.
When you test the connection between the AS ABAP and the AS Java, if the AS Java has a different setting for this parameter, it is reported as a warning because both stacks are not consistently configured. This also has implications if requests are sent to the artifact receiver servlet on the AS Java. The receiver servlet redirects the requests to the AS ABAP with the same SAMLart name as in the incoming requests. If the URL parameter names are different, the AS ABAP will not recognize the parameter.
● If you are using the SAML receiver, the parameter to use for the target application is specified in the PartnerNameTarget parameter (default: TARGET).
For more information about the configuration parameters, see SAML Parameters.
· The SAML Service is running on all of the AS Java server instances.
You can access the Web application directly and transfer the SAML artifact as a URL parameter.
Example:
https://myHost/myResource?SAMLart=3f6zdlU7...
Alternatively, you can access the application using the SAML receiver. The SAML receiver on the AS Java is the sap.com/tc~sec~saml~app application. Access it using the path /saml/receiver in the URL. Include the parameters for the target application and the SAML artifact in the URL.
Example URL:
https://.../saml/receiver?TARGET=http%3A%2F%2FmyHost...&SAMLart=3f...
Note the URL encoding to represent the target URL in the URL TARGET parameter.
The SAML receiver does not return the requested data itself but sends an HTTP redirect command to the target application, which then analyzes the SAML artifact using the SAMLLoginModule for the AS Java or in the Internet Connection Framework for the AS ABAP.
If the SAML artifact can be successfully verified, then access to the target resource is allowed.