Support for SSO with SAML (Enhanced) 

Use

SAML is a standard driven by the Organization for the Advancement of Structured Information Standards (OASIS). SAML is a protocol for encoding security-related information (assertions) into XML and exchanging this information between systems.

You can use SAML for Single Sign-On in a scenario where a user is authenticated on an authentication system that acts as an SAML authority. Based on this authentication, the user receives an SAML assertion that he or she can use to access a resource on a different system without having to authenticate again.

The support of Single Sign-On using the SAML Browser/Artifact Profile is enhanced by the following security functions:

●      The portal can function as the source site for the creation of SAML assertions for SSO access using the SAML Browser/Artifact Profile.

●      Users can access the AS ABAP as a SAML assertion receiver in a combined AS ABAP and AS Java installation.

Effects on System Administration

Security Administrators use the trusted systems management functions in SAP NetWeaver Administrator (NWA) to configure the necessary parameters for issuing SAML browser artifacts in the portal. System administrators can also use the trusted systems management functions in NWA to configure the relevant parameters for the destination systems that accept authentication using the SAML Browser/Artifact Profile to log on users with SSO

To access AS ABAP resource as a SAML destination site requires a double stack installation where the SAML service of the AS Java performs the SAML protocol execution with the source site. Therefore, administrators configure the AS Java for a SAML destination, configure RFC destinations on the AS Java and the AS ABAP and on the AS ABAP enable access to ICF services with SAML browser artifacts.