Show TOC

Disabling IdP-Initiated and SP-Initiated SSO and SLOLocate this document in the navigation structure

Context

Under SAML, clients can initiate Single Sign-On (SSO) and Single Log-Out (SLO) at either the identity provider (IdP) or the service provider (SP). You can control whether the service provider accepts SAML messages initiated at the service provider or identity provider. Thus you determine what kind of access clients have to your SAML landscape.

Procedure

  1. Start SAP NetWeaver Administrator with the quick link /nwa/auth .
  2. Choose Start of the navigation path SAML 2.0 Next navigation step Local Provider End of the navigation path.
  3. Choose the Service Provider Settings tab.
  4. Under Assertion Consumer Service , deselect the supported types of SSO you do not want to allow.
  5. Under Single Log-Out Service , deselect the supported type of SLO you do not want to allow.
  6. Save your entries.