Show TOC

Procedure documentationAccessing the Metadata XML of a SAML Service Provider of an AS ABAP Locate this document in the navigation structure

 

The easiest way to trust a SAML 2.0 service provider is to import its metadata XML file. The metadata XML file includes the following:

  • The address and name of the service provider

  • The list of endpoint configurations the service provider supports

  • The public-key certificates for decrypting and checking of the service provider's digital signature

This procedure explains how to access the metadata XML file of the service provider of the SAP NetWeaver Application Server (AS) ABAP.

Prerequisites

  • The SAML service provider is enabled.

  • You have configured the endpoints for Single Sign-On (SSO), Single Log-Out (SLO), artifacts, and SOAP you want to support. Any endpoints you configure later require you to manually reconfigure your identity provider or reimport the metadata XML file.

  • You have determined how you want to access the metadata XML file.

    Caution Caution

    The hostname and protocol generated for the service provider endpoints in the metadata XML file are the same as the hostname and protocol you use to access the metadata XML file. Use the same hostname and protocol you expect the identity provider to use, when it accesses the service provider endpoints. If you use a hostname that the identity provider cannot resolve, or a protocol that the identity provider cannot use, connections from the identity provider fail.

    End of the caution.

    You have the following options for accessing the metadata XML file:

    • Download the metadata XML file from the AS ABAP.

    • Access the URL of the metadata XML file on the AS ABAP.

  • You have determined whether metadata must be digitally signed or not.

    A digital signature ensures that other systems that trust the service provider check that the metadata XML really comes from that service provider.

Procedure

To access the metadata XML, you can either download the metadata XML file or access the URL of the metadata XML file. The first option is preferable.

Downloading the Metadata XML File

  1. Start the SAML 2.0 configuration application (transaction SAML2).

  2. On the Local Provider tab, choose the Download Metadata pushbutton.

  3. Save the XML file.

Accessing the URL of the Metadata XML File

When configuring the service providers you want your SAML identity provider to trust, enter the following URL for the AS ABAP host system:

<protocol>://<host>:<port>/saml2/sp/metadata?sap-client=<client>