Show TOC

Integrating SAML-Enabled Applications in the PortalLocate this document in the navigation structure

Prerequisites

  • The SAML service of the portal server is running.

  • You have configured the portal as a source site.

    For more information, see Configuring a Portal as a SAML Source Site .

  • You have configured the destination site for SAML.

    For more information about using SAP NetWeaver Application Server (AS) Java as the destination site, see Configuring AS Java as a Destination Site .

  • If the application is a resource on AS ABAP, you must configure a connection between AS ABAP and AS Java, and the resource must be activated for SAML.

Context

When you integrate applications that accept SAML in the portal, the portal automatically generates the correct URL for accessing the application. The URL includes information such as the SAML artifact, the target URL for the application, and portal-specific information such as the theme used.

Procedure


  1. In the portal, create a system object for the system on which your target application is running.

    For more information, see Creating Systems .

    Note

    Make sure you create a system alias for the system. For example, for a Web Dynpro application running on an AS Java, create a system object of type R/3 System with Load Balancing .

  2. Define the connection data for the system.

    For more information, see Editing System Properties .

    Example

    In the example of a system object for a Web Dynpro application, in the property category Web Application Server , enter data for WAS Host Name and WAS Protocol .

  3. Define the SAML data for the system as follows:

    1. In the property editor of the system object, choose the property category User Management .

    2. Enter data in the fields as follows:

      Logon Method = SAML Browser/Artifact

      SAML Partner Name = Name of the set of PartnersOutbound parameters for the destination site in the configuration adapter. For example, MyDestinationPartner .

    3. Save your entries.

  4. Create an iView for the application and specify the alias of the system object you created above.

Results

We recommend that before testing you close all browser windows to reset the user context. You can then call up the preview of the iView in the iView editor and access the iView through SAML without having to explicitly provide any form of authentication. Assign the iView to a role and assign the role to users as required.

For more information, see Assigning iViews to Users .