Function documentationConfiguring Single Sign-On with SAML Token Profiles Locate this document in the navigation structure

 

Security Assertion Markup Language (SAML) is a standard that defines a language to exchange security information between partners. The SAML standard is driven by the Organization for the Advancement of Structured Information Standards (OASIS). SAML uses assertions that contain statements about a subject, authentication, authorization and attributes.

SAML Token Profile is developed by the OASIS Web Services Security (WS Security) Technical Committee as a standard to integrate and use SAML for Web Services Security.

Note Note

Although both the SAML token profile and SAML browser artifact use the SAML standard for transferring security information, they are used for different authentication purposes, as shown below:

  • SAML browser artifacts are used for authenticating Web-based access from a Web browser. For more information about using SAML browser artifacts in SAP NetWeaver, see Using SAML Browser Artifacts.

  • You use SAML token profiles for WS access authentication at the SOAP message level.

End of the note.

Prerequisites

You have set up a trust relationship between the WS provider system and the WS consumer system. If you have configured your systems for Using Logon Tickets , this relationship has already been set up.

Note Note

By default, the system PSE, which is based on DSA, is used for logon ticket configuration. This means that you cannot use this PSE if you want to send encrypted responses.

Note that:

In AS ABAP and AS Java, you can use a certificates other than the client’s signature certificate (which is based on the system PSE with DSA) for encryption by the provider.

If you do not want to configure your systems for the use of logon tickets, set up the required trust relationship between systems, as described in Configuring a Trust Relationship for SAML Token Profiles Without Logon Ticket Configuration.

End of the note.

Features

SAP NetWeaver AS ABAP enables you to use the sender-vouches and holder-of-key subject confirmation methods to confirm a subject with SAML token profile authentication.

If you have selected symmetric signature and encryption for connection security in the AS ABAP, use the holder-of-key method. For all other connection security mechanisms, use sender-vouches.

More Information