Skip to Content
Technical Articles

SSO on SAP Mobile BI Server – SAML2 with Trusted Authentication

SAP BI Mobile server provides a much simplified support for SAML since BI 4.2 SP06.

You can refer SAML configuration in Mobile BI Server section in Mobile Server Deployment and Configuration Guide.

8 Comments
You must be Logged on to comment or reply to a post.
  • Hi Ashutosh

    May I ask how and where you added your opensaml 2.4 library? Is it really possible to get SAML working with just Tomcat the way it is installed when you do a standard install? Or is there a need to add an apache server to get this to work? The blog is somewhat vague in that regard. You only mention opensaml 2.4 library at the very end of your blog but you never mentioned where it comes into play?

    I’m just struggling to understand the true requirements to get this working with Google SAML which we have available at our company.

    So to sum up my question: Can we get SAML working with the standard install or do we have to add Apache and shibboleth as well?

    Thanks for your blog! Much appreciated as the whole documentation around SAML is rather vague indeed.

    Stefan

    • Hi Stefan,

      opensaml 2.4 library was added along with the jars of mobile server deployment as i tried to code within Mobile BI Service App. These libraries assist you in parsing the SAML assertion ticket and extract the relevant username that you would use for trusted authentication.

      However, note that this does not eliminated the need of have an application server that needs to act as the service provider. Following link should he helpful here. Yes, you got it fairly right that you need to have Apache and Shibboleth as well.

       

      Regards,

      Ashutosh

      • Hi Ashutosh

        I appreciate your feedback. It has helped me a great deal and I’ll have another go at configuring it all over the coming weeks.

        Regards

        Stefan

         

  • We configured SAML2 for the BI Launchpad as described in the blog https://blogs.sap.com/2015/07/21/apache-shibboleth-sso-with-tomcat-for-bi-platform-using-trusted-authentication/

    For the parameter rusted.auth.user.retrieval REMOTE_USER is used.

    Our IPD is Iwelcome, and this works. The user gets redirected to the identity provider (Iwelcome). Here we enter the user and password, the we are redirected to the BO platform and BI Launchpad is started.

    Now we want to implement SAML2 authentication For the Mobileserver of the BO platform, because we want to use the SAP BI app on IOS and Android devices.

    We have done the configuration as shown above in this blog.

    When we try to login with the SAP Bi app we get the error message “Your request is invalid: verify the connection details or contact your administrator (MOB06009) (HTTP 404).

     

    Is we test with the test url http://<server&gt;:<port>/MobileBIService/MessageHandlerServlet?message=CredentialsMessage&requestSrc=ipad&data=<logon logonViaSSO=”true”/>in a browser, we get redirected to the idententy provider (Iwelcome). Here we enter the user and password, the we are redirected to the BO platform, and get the error message

    “”Expecting SAML2 authentication payload with request””

    When we test the Mobileserver: http://servername:port/MobileBIService/MessageHandlerServlet?message=GetVersion

    The we get the following result:

    <Result status=”success”><info><version productVersion=”14.2.2.1975″ internalVersion=”4.0″ lumira.version=”1.31″/></info></Result>

    Anyone idea’s what is wrong, and how to configure this?

     

    • Hello,

      I would recommend that you reach out to SAP support. Looks like this needs some debugging to understand what’s going wrong.

      I have changed roles, not close to Mobile BI code anymore and hence would not be able to answer this right away.

      Regards

      Ashutosh