Show TOC

Preparing SAML2Locate this document in the navigation structure

To authenticate a user with SAP Jam, the system uses assertion tickets based on Security Assertion Markup Language, version 2.0 (SAML2).

Context

The basic SAML2 authentication flow is as follows:

  1. The back-end system is made known to SAP Jam in the form of an Identity Provider (IdP).

    This happens when you make an entry in a specific company and provide the IdP certificate. This establishes a trustworthy relationship between the back end and SAP Jam.

  2. The back-end system provides an assertion that confirms that the specified user has been authenticated in the back-end system.
  3. This assertion is sent to SAP Jam.

    As SAP Jam has a trustworthy relationship with the back end, the user – assuming the user belongs to the company – is considered to be registered.

  4. A session ID that the users use to identify themselves to SAP Jam for the next operation is issued.

To set up the identity provider in the current client, follow the procedure below.

Procedure

  1. In Customizing for SAP NetWeaver, choose Start of the navigation path UI Technologies Next navigation step SAP Jam Integration> Next navigation step Enable SAML 2.0 Identity Provider End of the navigation path (or run transaction SAML2).
    The SAML 2.0 Configuration of ABAP System screen appears.
  2. On the Local Provider tab, leave all wizard settings at their default values.

    Complete the following fields:

    Field Value
    Provider Name Enter the name of your provider.

    The Provider Name is needed later in Registering Identity Provider, so it can be entered in the service provider‘s company. Change the default by adding a company-specific prefix.

    Operation Mode

    Enter Service Provider.

  3. Run transaction STRUST and look for the node SSF SAML2 Service Provider - S.

    ‘S’ stands for Signature – this is exactly what you need.

    Note In some systems, this node may be entitled differently, for example, SSF S2SVPS.
  4. Double-click the SSF SAML2 Service Provider - S node.
    The system displays the details.
  5. In the Own Certificate group box, double-click the Subject field.
    Note

    To make sure that you select the correct file, check that the Subject field in the Own Certificate and the Certificate group boxes display identical data.

    In releases lower than SAP NetWeaver 7.4, the Subject field was called Owner.
  6. Choose Export Certificate.
  7. In the Select File dialog, specify where you want to save the certificate. Select the Base64 option as the file format.
  8. To save the file, choose Continue or choose Enter.
    The File was saved message appears.

Results

You have successfully exported the IdP certificate. You need this certificate later for the procedure in Registering Identity Provider.