Start of Content Area

Function documentation Logon via SAML  Locate the document in its SAP Library structure

Use

For each ICF service, you can define whether you want to allow logon via SAML (Security Assertion Markup Language). This procedure makes it possible to exchange logon and authorization information between business partners for using XML-based web services. Using this procedure, you can avoid having to log on repeatedly when using web services of the same kind.

Prerequisites

The logon procedure you are using is either Standard or Alternative Logon Order. In the logon procedures Required with Client Certificate and Required with Logon Data, the SAML application is not active.

Integration

The SAML logon procedure is listed as last but one (position 6) in the logon procedure in both the standard logon order and the alternative logon order (default setting).

Note

If you explicitly deactivate the SAML logon procedure, it will not be used in the standard logon order either.

Caution

If you use the alternative logon order and want to use SAML, you need to activate the procedure and must not remove it from the list of logon procedures.

Activities

If you want to allow logon via SAML, proceed as follows:

       1.      In transaction SICF, double-click the required service or service node.

       2.      Choose This graphic is explained in the accompanying text Change.

       3.      Choose logon data and define one of the following options for SAML:

     SAML active: Logon via SAML is allowed for this service

     SAML not active: Logon via SAML is not allowed for this service

     Not specified. The corresponding settings are taken (inherited) from higher-level nodes

       4.      Choose SAML Configuration and define whether you want to take over the configuration settings from higher-level nodes. If you want to make a configuration of your own for this service, remove the selection for this option and maintain the displayed settings especially for this service.

       5.      Choose This graphic is explained in the accompanying text Take Over Data and save your entries by choosing This graphic is explained in the accompanying text.

Example

Example

For travel planning, a user is using web services on various web pages to book a flight, rent a car and reserve a hotel room. If the relevant services use the SAML logon procedure, the user only needs to log on once (for the first activity) and can then perform all other services without needing to log on again.

Additional Information

For more details about using SAML in SAP Web AS, see

     SAML Assertions for Single Sign-On

 

 

 

 

 

End of Content Area