We provide a sample application that you can use to demonstrate SAML-based Single-Sign-On with the SAP J2EE Engine. The application uses the following building blocks:
SAML Test Application Services and Modules
Service or Module |
Service Path or Module Name |
Source site application |
/samlssodemo_source/source |
Source site responder service |
/samlssodemo_source/responder |
Destination site application |
/samplssodemo_dest/destination |
Automatic set-up application |
/samlssodemo_source/setup |
Sample mapping module |
com.sap.security.core.server.saml.app. |
· The application sap.com/tc~sec~app is deployed on the SAP J2EE Engine and is running.
· The SAML Service is running.
· The user that executes the set-up module has the role SAMLSSODEMO_SETUP.
The set-up service automatically creates the users needed to demonstrate SAML-based Single Sign-On and assigns them the corresponding roles.
Each of the services or modules are responsible for the following activities:
· Source site application
Using this application, you specify the information that will be contained in the SAML assertion for the user (user name and the authentication method used) and the destination URL to which the user’s Web browser will be redirected.
For the test application, you must enter this information manually. In a productive SAML assertion provider, this information would be determined by the source site’s security engine.
· Source site responder service
This service handles the communication between the destination and source sites. It issues the SAML assertion for the user entered in the source site service.
· Destination site application
This application is the requested resource at the destination site.
· Automatic set-up application
Using this application, you can easily set up your SAP J2EE Engine for using the test application. It creates the necessary users, assigns them their roles and configures the destination site’s login module stacks.
· Sample mapping module
This module provides a very simple method for mapping the SAML name identifier to the user’s ID on the SAP J2EE Engine. It is provided to demonstrate how a mapping module can be created and how it can access the data resolved from the SAML login module.
For more information, see:
· Setting Up the SAML Test Application
· Using the SAML Test Application
· Outbound Partner Parameters Used by the Test Application
· Example SAML Mapping Module Used by the SAML Test Application