Logon using SAML
Use
For each ICF service, you can define whether you want to allow logon via SAML (Security Assertions Markup Language). This procedure makes it possible to exchange logon and authorization information between business partners for using XML-based web services. Using this procedure, you can avoid having to log on repeatedly when using web services of the same kind.
Prerequisites
The logon procedure you are using is either Standard or Alternative Logon Order. In the logon procedures Required with Client Certificate and Required with Logon Data, the SAML application is not active.
Integration
The SAML logon procedure is listed as last but one (position 6) in the logon procedure in both the standard logon order and the alternative logon order (default setting).
If you explicitly deactivate the SAML logon procedure, it will not be used in the standard logon order either.
If you use the alternative logon order and want to use SAML, you need to activate the procedure and must not remove it from the list of logon procedures.
Activities
If you want to allow logon via SAML, proceed as follows:
1. In transaction SICF, double-click the required service or service node.
2.
Choose 
Change.
3. Choose SAML Configuration on the Logon Data tab and define whether you want to take over the configuration settings from higher-level nodes. If you want to make a configuration of your own for this service, remove the selection for this option and maintain the displayed settings especially for this service.
4.
Choose 
Take Over Data and save your entries by
choosing 
.
Example
For travel planning, a user is using web services on various web pages to book a flight, rent a car and reserve a hotel room. If the relevant services use the SAML logon procedure, the user only needs to log on once (for the first activity) and can then perform all other services without needing to log on again.
More Information
For more details about using SAML in SAP Web AS, see
Using SAML
2.0