You have configured target ABAP systems to trust logon tickets from the AS Java.
You have configured technical users on target ABAP systems to which users will be mapped.
Because of the temporary and anonymous nature of transient users on the AS Java and because multiple transient users are mapped to the same user on the AS ABAP, you should not use this configuration in scenarios with transient federation that have rigid auditing requirements.
This procedure enables you to create a user mapping to a reference ABAP system. The user mapping enables you to grant access to users for trusted ABAP systems using logon tickets. When configured, the AS Java issues logon tickets to the browsers of users with the mapped user ID to use in the ABAP system. When the user visits the ABAP system that accepts these logon tickets, the ABAP system logs the user on with the user ID in the logon ticket.
Scenario Overview
In this configuration, the identity provider sends SAML attributes that map to calculated roles or groups on the AS Java. When the service provider on the AS Java creates the user it assigns calculated roles or groups to the users based on the attributes sent by the identity provider. The service provider is also configured to assign user mappings based on the calculated roles or groups. If a user is assigned to a role or group of this type, the service provider checks if this assignment is configured to map to a user on the AS Java. If it is, the service provider takes the user mapping of this AS Java user and writes the name of the mapped ABAP user in the logon ticket of the user.
Users that match the calculated role or group assignment receive the user mapping assignment of the AS Java user you selected. In a way, the user is borrowing the user mapping configuration of another user.