SAML 2.0
If you have implemented the security assertion markup language (SAML) version 2.0 as the method of SSO within your organization, you can configure the ABAP front-end server for use with SAML 2.0.
This authentication method provides the following advantages:
It includes extensive federation capabilities, which means that it works well in scenarios with federated user domains, where trust configuration can be complicated.
It includes extensive user mapping capabilities that enable you to map SAP users based on identity attributes, such as the SAP user name attribute or a user's e-mail address. This means that SAML 2.0 works well for scenarios with multiple user domains.
During logon, SAML 2.0 authentication requires access to an issuing system (Identity Provider). To enable Single Sign-On with SAML 2.0 in internet-facing deployment scenarios that leverage its federation capabilities, you must ensure that the SAML Identity Provider is securely accessible from outside your corporate network.
Note
In the SAP Fiori system landscape, SAML 2.0 is supported only for communication with the ABAP front-end server.
Configuration
For information about the configuration that is required for using SAML 2.0, see:
For SAP NetWeaver 7.31:
http://help.sap.com/nw731
Application Help
Function-Oriented View
Security
User Authentication and Single Sign-On
Integration in Single Sign-On (SSO) Environments
Single Sign-On for Web-Based Access
Using SAML 2.0
Configuring AS ABAP as a Service Provider
.For SAP NetWeaver 7.4:
http://help.sap.com/nw74 Application Help
Function-Oriented View
Security
User Authentication and Single Sign-On
Integration in Single Sign-On (SSO) Environments
Single Sign-On for Web-Based Access
Using SAML 2.0
Configuring AS ABAP as a Service Provider
.