Setting the WS Provider AS Java to Accept SAML
Token Profiles
Use
For the AS Java to be able to accept SAML token profiles, you need to make the setting described below.
Prerequisites
● You have configured your WS provider in the AS Java to use SAML token profiles, that is, you have set SAML Assertion in the individual configuration.
● You have set up the trust relationship between the provider and consumer systems. If you have configured your systems for the use of logon tickets, this relationship has already been set up. If the issuing system is an AS ABAP
○
And is contained in
the System Landscape Directory, you can use the SSO2 assistant of the SAP
NetWeaver Administrator as described in
Configuring the AS
Java to Accept Logon Tickets.
○ And is not contained in the System Landscape Directory, configure the trust relationship manually, as described in Configuring the Trust Relationship for SAML Token Profiles Without Logon Ticket Configuration.
If you do not want to use logon tickets, you need to exchange the certificates for both systems and possibly include them in the access control list.
More information:
○ Exporting the AS Java Certificate
○ Exporting the AS ABAP Certificate
○ Importing Certificate and Key From the File System, to import the certificate of the WS consumer system
● You know the issuer of the SAML assertion of the WS consumer system.
○ If the issuing system is an AS ABAP, see Preparing the SAML-Token-Profile-Issuing WS Consumer AS ABAP.
○ If the issuing system is an AS Java, see Preparing the SAML-Token-Profile-Issuing WS Consumer AS Java.
● If the SAML token profiles of an AS Java are to be accepted, the users of the AS Java and AS ABAP must be identical.
Procedure
...
1. In SAP NetWeaver Administrator, start Configuration Management → Security → Trusted Systems.
2. On the Web Services Security SAML page under Trusted Partners → Trusted SAML Issuers, enter the SAML assertion issuer.
More
information:
Configuring Trusted
Partners and Attesters for SAML