Accessing an Application that Accepts SAML Assertions (SAP Library

Accessing an Application that Accepts SAML Assertions

Use

There are two different methods you can use to access the application using SAML assertions:

· Directly

In this case, you have to pass the SAML assertion to the application in the URL.

· Using the SAML receiver on the J2EE Engine

The J2EE Engine provides a generic SAML receiver that you can use as a single entry point to access all applications that accept SAML assertions. The SAML receiver then redirects the user to the desired application.

Prerequisites

· The target application is configured to accept SAML assertions.

¡ Its login module stack contains the SAMLLoginModule.

Note

Even if you use the SAML receiver, the login module stack for the target application has to contain the SAMLLoginModule.

¡ The name of the parameter to use for the SAML artifact is specified in the ParameterNameArtifactparameter (default: SAMLart).

¡ If you are using the SAML receiver, then parameter to use for the target application is specified in the PartnerNameTarget parameter (default: TARGET).

Note

For more information about the configuration parameters, see Configuring the SAML Parameters.

· The SAML Service is running on all of the J2EE Engine server instances.

Note

Per default, the SAML Service is not active on the J2EE Engine. Therefore, you either have to start the service manually on all server instances or change the startup mode for the service. See Changing the Startup Mode for the SAML Service.

Procedure

Accessing an Application Directly

You can access the Web application directly and transfer the SAML artifact as a URL parameter.

Example

Example:

https://myHost/myResource?SAMLart=3f6zdlU7...

Accessing an Application Using the SAML Receiver

Alternatively, you can access the application using SAML receiver. The SAML receiver on the J2EE Engine is the sap.com/tc~sec~app application. Access it using the path /saml/receiver in the URL. Include the parameters for the target application and the SAML artifact in the URL.

Example

Example URL:

https://.../saml/receiver?TARGET=http%3A%2F%2FmyHost...&SAMLart=3f...

Note the URL encoding to represent the target URL in the URL TARGET parameter.

Note

The SAML receiver does not return the requested data itself but sends an HTTP redirect command to the target application which will then analyze the SAML artifact using the SAMLLoginModule.

Result

The application uses the SAMLLoginModule to analyze the SAML artifact. If the SAML artifact can be successfully verified, then access to the target resource is allowed.