Show TOC Start of Content Area

Component documentation SAML Authentication Service  Locate the document in its SAP Library structure

Purpose

The AS Java supports the use of the Security Assertion Markup Language (SAML) for Single Sign-On. SAML is an XML-based markup language, that is being developed and standardized by the Organization for the Advancement of Structured Information (OASIS). It is used for exchanging security-related information between communication partners.

The AS Java supports SAML in the scenario where a user is authenticated on an external authentication system that acts as an SAML authority. Based on this authentication, the user can access the desired resource, in this case, an application on the AS Java.

Note

The AS Java accepts SAML assertions for Single Sign-On. However, it cannot act as an SAML authority that issues such assertions.

The SAML service is the AS Java service that requests and accepts SAML assertions from the authenticating server site.

Implementation Considerations

The SAML specification requires that the data exchange is protected using transport level security. Therefore, when using SAML on the AS Java, you must activate SSL. For more information, see SSL Provider Service and Configuring the Use of SSL on the AS Java.

Note

SSL is required by the SAML specification. Therefore, per default, its use is activated in the SAML configuration. However, for testing purposes, you can disable the enforcement of SSL for the SAML-based document exchanges. In this case, you receive warnings in the log files, but you can still process the communication requests.

Integration

The SAML authentication process uses the SAML login module for requesting and processing SAML assertions. Therefore, this login module must be registered in the currently active data source.

Features

The use of SAML assertions provides for a Single Sign-On environment, even across system boundaries and using standard formats and protocols. Therefore, no system or application-specific technologies are necessary.

See also:

·        Using SAML Assertions for Single Sign-On

      Organization for the Advancement of Structured Information at Link to external website www.oasis-open.org. See the information under the Technical Committees for Security Services.

 

 

 

 

End of Content Area