Show TOC

Configuring AS Java as a SAML Destination SiteLocate this document in the navigation structure

Use

You can use this topic to configure the AS Java as a SAML destination site.

To configure the parameters necessary for using SAML on an SAP NetWeaver destination site, use the SAML configuration functions of the SAP NetWeaver Administrator. You specify general SAML settings as well as information that identifies the source site such as the source ID and the destination name for artifact resolution. We refer to these parameters as Partner Inbound parameters.

Prerequisites

  • The SAML service of the AS Java is running.

  • The administrator of the remote SAML source site has communicated to you the Source ID with which the source site system identifies itself.

  • A destination to the source site's responder service exists in the Destination service. The user's authentication information is also provided in the destination (either user ID and password or client certificate).

Activities

If you have a cluster installation, you only have to perform the configuration for a single server. The configuration applies to all of the servers.

  1. From the SAP NetWeaver Administrator, choose Start of the navigation path Configuration Management Next navigation step Security  Next navigation step  Trusted Systems  Next navigation step  SAML Browser/Artifact Profile  Next navigation step  Partners Inbound End of the navigation path.

  2. Maintain the parameters that apply to the source site partner:

    1. Switch to Edit mode.

    2. Select Partners Inbound .

    3. To add a new source site partner, choose Add . The Add New Inbound Partner dialog appears.

      Alternatively, you can choose a source site partner to edit it.

    4. Enter a unique Partner Key for your entry and choose Continue .

      The system creates a node for your entry.

    5. Enter the values for each of the parameters in the Details for the Selected Partner input fields. For more information about the parameters, see Inbound Partner Parameters .

      1. Choose the name of the Destination for callback to use for the connection to the source site's responder. You can use the navigation button to choose an HTTP destination specified in the AS Java Destinations.

      2. Enter the Source ID for the SAML source site and choose its format from the dropdown list. The value for this field is defined by the administrator of the external source site.

      3. Choose the SAML version that is used for the outgoing assertion request.

        Enter the URL parameter for target or use the provided default value. Change the default value TARGET only if your communication partner explicitly deviates from the standard name.

        The value for this field is used only for the artifact responder servlet. When the incoming request is sent directly to the resource, the content is not relevant.

    6. Adjust the login module stack for the policy configurations of applications that use SSO with SAML. For more information, see Adjusting the login module stack .