Mapping SAML Principals to SAP J2EE Engine User IDs 

When using SAML for Single Sign-On, the source site provides the user’s ID (SAML principal) in his or her SAML assertion in the element NameIdentifier. If this user ID does not match the user’s ID on the SAP J2EE Engine, then you must provide a user mapping module that determines the user’s ID on the SAP J2EE Engine. Insert the mapping module into the login module stacks for the applications or templates that use SAML assertions.

When processing the login module stacks, the SAP J2EE Engine then passes the assertion information that it obtains from the SAML Login Module to the mapping module using the shared state of the login module stack.

For more information, see Adjusting the Login Module Stacks for Using SAML.

 

For an example of such a module and how it is used, see The SAML Test Application