Show TOC Start of Content Area

Procedure documentation Configuring the SAML Parameters  Locate the document in its SAP Library structure

Use

To configure the parameters necessary for using SAML, use the Configuration Adapter. You have to specify general SAML settings as well as information that defines the source site such as the source ID and the destination name for artifact resolution. We refer to these parameters as PartnerInboundparameters.

Note

There are also PartnerOutboundparameters that specify the information for a source site. You only need to set these parameters when using the SAML test application.

Note

If you have a cluster installation, then you only have to perform the configuration for a single server. The configuration applies to all of the servers.

Prerequisites

·        The SAML service is running.

·        A destination to the source site’s responder service exists in the Destination service. The user’s authentication information is also provided in the destination (either user ID and password or client certificate).

·        You know the rest of the parameters for the source site. These include:

¡        The source ID

The source ID is 20-byte sequence that the source site uses to identify itself uniquely in the assertion artifact.

¡        The name of the URL parameter that contains the target URL for the requested resource (Default = TARGET).

This parameter is only necessary if the request is sent to the artifact receiver and not to the resource directly.

Procedure

Using the Configuration Adapter:

...

       1.      Expand the Configurations  saml    Configuration nodes.

       2.      To maintain the parameters that apply to the partner site:

                            a.      Choose the symbol for Switch between view and edit mode (This graphic is explained in the accompanying text) to switch to edit mode. Confirm with Yes.

                            b.      Select PartnersInbound and choose the symbol for Create a node below the selected node (This graphic is explained in the accompanying text).

The Create dialog appears.

                            c.      For the node type, select Sub-configuration.

                            d.      Enter a name for your entry and choose Create.

The system creates a node for your entry.

                            e.      Choose Close window.

                              f.      Expand your entry and enter the values for each of the parameters as shown in the table below.

Parameters for Partner Information (PartnersInbound)

Parameter

Value

Comment

Active

<true, false>

Boolean value.

Indicates that requests are accepted from this partner.

Set to false to deny requests coming from this partner. In this way, you can deactivate partners without affecting the communication with other partners.

DestinationName

<dest_name>

String value.

The name of the HTTP destination specified in the Destinations service that will be used for the connection to the source site’s responder.

ParameterNameTarget

<target_name>

String value.

The parameter name used in the URL that indicates the actual target URL when using an artifact receiver (default= TARGET).

SourceID

<Hex, B64>:<source_ID>

String value.

20-byte sequence provided by the source site. Use the prefix Hex: or B64: to specify the format of the source ID as follows:

·        Hex: Specify the source ID as a 40 character sequence in hexadecimal form.

·        B64: Specify the source ID as a base 64- encoded string (28 character sequence that ends with an equal sign (=)).

       3.      To maintain the general settings:

                            a.      Expand the Settings node.

                            b.      Enter the values for each of the parameters as shown in the table below.

Parameters for General Settings

Parameter

Value

Comment

ParameterNameArtifact

<artifact_name>

String value.

The URL parameter name that contains the assertion artifact (default=SAMLart).

PermitInsecureConnections

<true, false>

Boolean value.

Allows for insecure communication (for testing purposes).

Note

The PartnersOutbound node is used to specify information for cases where the server is the SAML authority, for example, when using the SAML test application.

Example

The following is an example configuration whose communication partner is MyPartner with the responder URL https://mypartner.company.com:1080/saml_source/responder. The responder’s information is specified in the HTTP destination MyPartnerDest.

Example

HTTP destination MyPartnerDest

Name: MyPartnerDest

URL: https://mypartner.company.com:1080/saml_source/responder

Authentication: BASIC

Username: myuser

Password: mypassword

SAML Parameters

PartnersInbound

MyPartner

     Active=true

     DestinationName=”MyPartnerDest”

     SourceID=”Hex: FB6E8396EFD983CDBA6AEC1DF95AD2C5E0C3F4AF”

PartnersOutbound

Settings

  ParameterNameArtifact=“SAMLart“

  PermitInsecureConnections=false

Continue with Adjusting the Login Module Stacks for Using SAML.

 

End of Content Area