This is work in progress. I’ll add more information as I go along setting up the landscape.

Having problems using SAML on AS ABAP 7.4/7.5 together with ADFS 3.0, with or without WAP, as IdP? Even a simple Connection Test in SM59 fails for the destination?

You should know that recent ADFS (and WAP) versions require client SNI. By default, SAP systems have it switched off. Non-SNI client connections will be disconnected, you’ll see SSSLERR_CONN_CLOSED errors in the ICM trace.

To make AS ABAP talk to ADFS / WAP, set the following instance profile parameter on AS ABAP

icm/HTTPS/client_sni_enabled = TRUE

the parameter can be set dynamically, so no need to restart the SAP system.

It is also recommended to set the client cipher suite, do it by setting the instance profile parameter on AS ABAP

ssl/client_ciphersuites = 150:PFS:HIGH

the parameter can’t be set dynamically, so the system needs to be restarted.

 

 

 

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

Leave a Reply