Setting Up the WS Provider AS Java to Accept SAML Token Profiles

You have configured your WS provider in the AS Java to use SAML token profiles, that is, you have set SAML Assertion in the individual configuration.

You have set up the trust relationship between the provider and the consumer. If you have configured your systems for the use of logon tickets, this relationship has already been set up. If the issuing system is an AS ABAP

• And is contained in the System Landscape Directory, you can use the SSO2 assistant of the SAP NetWeaver Administrator as described in Configuring the AS Java to Accept Logon Tickets .

• And is not contained in the System Landscape Directory, configure the trust relationship manually, as described in Configuring the Trust Relationship for SAML Token Profiles Without Logon Ticket Configuration , in the section AS Java Trusts AS ABAP , in the AS ABAP documentation.

If you do not want to use logon tickets, you need to exchange the certificates for both systems and, for AS ABAP, include them in the access control list.

More information:

• Exporting the AS Java Certificate

• Importing Certificate and Key From the File System , to import the certificate of the WS consumer

You know the issuer of the SAML assertion of the WS consumer.

• If the issuing system is an AS Java, refer to Preparing the SAML-Token-Profile-Issuing AS Java WS Consumer .

If the SAML token profiles of an AS Java are to be accepted, the users of the AS Java and AS ABAP must be identical.