Configuring a Trust Relationship for SAML Token Profiles Without Logon Ticket Configuration

If you do not want to use logon tickets in your system landscape, you need to manually configure the trust relationship between the systems and exchange the certificates.

Prerequisites

The X.509 client certificates for the WS Security PSEs have been signed by a Certification Authority, so that encryption can be used. The certificate contains the CA v3 extension Subject Key Identifier.

Procedure

Export the WS provider system certificate.
More information:
- Exporting the AS ABAP Certificate
- Exporting the AS Java Certificate
Import the WS provider system certificate into the WS consumer system.
- If the provider system is an AS ABAP, refer to Trust Manager.
- If the provider system is an AS Java, refer to Importing Certificate and Key From the File System.
Export the WS consumer system certificate.
More information:
- Exporting the AS ABAP Certificate
- Exporting the AS Java Certificate
Import the WS consumer system certificate into the WS provider system.
- If the consumer system is an AS ABAP, refer to Trust Manager.
- If the consumer system is an AS Java, refer to Importing Certificate and Key From the File System.
Include the imported certificates in the access control lists of systems, if necessary