Show TOC

Function documentationLogon via SAML Locate this document in the navigation structure

 

For each ICF service, you can define whether you want to allow logon via SAML (Security Assertion Markup Language). This procedure makes it possible to exchange logon and authorization information between business partners for using XML-based web services. Using this procedure, you can avoid having to log on repeatedly when using web services of the same kind.

Integration

The SAML logon procedure is listed as last but one (position 6) in the logon procedure in both the standard logon order and the alternative logon order (default setting).

Note Note

If you explicitly deactivate the SAML logon procedure, it will not be used in the standard logon order either.

End of the note.

Caution Caution

If you use the alternative logon order and want to use SAML, you need to activate the procedure and must not remove it from the list of logon procedures.

End of the caution.

Prerequisites

The logon procedure you are using is either Standard or Alternative Logon Order. In the logon procedures Required with Client Certificate and Required with Logon Data, the SAML application is not active.

Activities

If you want to allow logon via SAML, proceed as follows:

  1. In transaction SICF, double-click the required service or service node.

  2. Choose Change.

  3. Choose logon data and define one of the following options for SAML:

    • SAML active: Logon via SAML is allowed for this service

    • SAML not active: Logon via SAML is not allowed for this service

    • Not Specified: The settings are taken (inherited) from higher-level nodes.

    • Choose SAML Configuration and define whether you want to take over the configuration settings from higher-level nodes. If you want to make a configuration of your own for this service, remove the selection for this option and maintain the displayed settings especially for this service.

    • Choose Accept Data and save your entries with .

Example

Example Example

For travel planning, a user is using web services on various web pages to book a flight, rent a car and reserve a hotel room. If the relevant services use the SAML logon procedure, the user only needs to log on once (for the first activity) and can then perform all other services without needing to log on again.

End of the example.

More Information

For more details about using SAML in SAP Web AS, see