Configuring Trusted Partners and Attesters for SAML (SAP Library - Configuring Authentication and Single Sign-On)

Configuring Trusted Partners and Attesters for SAML

Use

You can use the Web services security SAML configuration functions of the SAP NetWeaver Administrator (NWA) to configure system trust between the systems involved in the SAML Token Profile SSO process.

You can use the following groups of configuration options to support the sender-vouches subject confirmation scenario.

● Trusted Partners – allows you to set up trust relationships to SAML-assertion-issuing systems.

● Local Attester – enables you to configure local attesters used to vouch for users who logged on to the SAML attesting system.

Procedure

...

1. In SAP NetWeaver Administrator, start Configuration Management → Security → Trusted Systems.

2. Select the link Web Service Security SAML.

Configuring the Trusted Partners

3. Configure the options for Trusted Partners Configuration.

a. Switch to change mode.

b. Enter the CN attributes for Trusted SAML Issuerin the provided field.

4. Choose Save to store your changes or Cancel to revert to the last saved state.

Configuring the Attesters

5. Configure the options for Local SAML Attesters.

a. Switch to change mode.

b. Choose Remove to remove an existing record for a local SAML attester.

c. Choose Add to add a new local SAML attester.

i. Enter the Attester Name.

ii. Choose the AS Java keystore view for the attester certificate.

iii. Choose a Private Key from the keystore view to use for signing the SAML assertion by the attester.

iv. Enter the Issuer Name that the attester vouches for.

6. Choose Save to store your changes or Cancel to revert to the last saved state.