This is work in progress. I’ll add more information as I go along setting up the landscape.
Having problems using SAML on AS ABAP 7.4/7.5 together with ADFS 3.0, with or without WAP, as IdP? Even a simple Connection Test in SM59 fails for the destination?
You should know that recent ADFS (and WAP) versions require client SNI. By default, SAP systems have it switched off. Non-SNI client connections will be disconnected, you’ll see SSSLERR_CONN_CLOSED errors in the ICM trace.
To make AS ABAP talk to ADFS / WAP, set the following instance profile parameter on AS ABAP
icm/HTTPS/client_sni_enabled = TRUE
the parameter can be set dynamically, so no need to restart the SAP system.
It is also recommended to set the client cipher suite, do it by setting the instance profile parameter on AS ABAP
ssl/client_ciphersuites = 150:PFS:HIGH
the parameter can’t be set dynamically, so the system needs to be restarted.