To authenticate a user with SAP Jam, the system uses assertion tickets based on
Security Assertion Markup Language, version 2.0 (SAML2).
Context
The basic SAML2 authentication flow is as follows:
- The back-end system is made known to SAP Jam in the form of an Identity Provider (IdP).
This happens when you make an entry in a specific company and provide the
IdP certificate. This establishes a trustworthy relationship between the
back end and SAP Jam.
- The back-end system provides an assertion that confirms that the specified user has been authenticated in the back-end system.
- This assertion is sent to SAP Jam.
As SAP Jam has a trustworthy relationship with the
back end, the user – assuming the user belongs to the company – is
considered to be registered.
- A session ID that the users use to identify themselves to SAP Jam for the next operation is issued.
To set up the identity provider in the current client, follow the procedure below.
Procedure
-
In Customizing for SAP NetWeaver, choose (or run transaction SAML2).
The SAML 2.0 Configuration of ABAP System screen appears.
-
On the Local Provider tab, leave all wizard settings at their default values.
Complete the following fields:
| Field |
Value |
| Provider Name |
Enter the name of your provider. The Provider Name is
needed later in Registering Identity Provider, so
it can be entered in the service provider‘s company.
Change the default by adding a company-specific prefix.
|
Operation Mode
|
Enter Service Provider.
|
-
Run transaction STRUST and look for the node SSF SAML2 Service Provider - S.
‘S’ stands for Signature – this is exactly what you need.
Note In some systems, this node may be entitled differently, for example, SSF
S2SVPS.
-
Double-click the SSF SAML2 Service Provider - S node.
The system displays the details.
-
In the Own Certificate group box, double-click the Subject field.
Note
To make sure that you select the correct file, check that the Subject field in the Own Certificate and the Certificate group boxes display identical data.
In releases lower than
SAP NetWeaver 7.4, the
Subject field was called
Owner.
-
Choose Export Certificate.
-
In the Select File dialog, specify where you want to save the
certificate. Select the Base64 option as the file format.
-
To save the file, choose Continue or choose Enter.
The File was saved message appears.