Skip to Content
Author's profile photo Former Member

Enabling the SAML 2.0 Service Provider in SAP NetWeaver ABAP

When we integrate SAP NetWeaver ABAP with identity providers, we need to perform several activities on SAP NetWeaver ABAP system and identity provider system. Enabling the SAML 2.0 service provider is one of the very crucial activities, which we need to perform on SAP NetWeaver ABAP System.

When I was performing integration activity between SAP NetWeaver ABAP system and identify provider, I need to do reference multiple documentation from help.sap.com and sap integration guides. I am writing this blog to cover this topic and make simple enabling the SAML 2.0 Service Provider in SAP NetWeaver ABAP. Use this procedure to enable SAML 2.0 support in SAP NetWeaver ABAP system and make basic configurations for a SAML 2.0 service provides.

 

Start the transaction code SAML2 on SAP system

Choose the Enable SAML 2.0 Support

Select “Create SAML 2.0 Local Provider”

Give service provider name and click Next Button. Here you can give any logical name.

Select default and choose Next Button

Select default setting and choose Finish Button. Once wizard finish, you will see following screen.

You can download metadata from this screen and send it to Identity Provider team. Once Identity Provider team send you a metadata file, you need to upload metadata to trusted provider tab.

You need to activate following two ICF services as part of Enabling the SAML Service Provider in SAP NetWeaver ABAP.

/default_host/sap/public/bc/sec/saml2

/default_host/sap/public/bc/sec/cdc_ext_service
Login to SAP system and run tcode SICF

Explore /default_host/sap/public/bc/sec/ service

Select saml2 and right click,

Select Yes when it prompt, “Do you want to activate service”

Perform same steps to activate server.

Hope this blog will help you to enable the SAML 2.0 service provider in SAP NetWeaver ABAP system.

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Steven Foo
      Steven Foo

      Hi,

      We are just exploring SAML 2.0 in one of test ABAP NW 7.50 (ERP 6.0) system.

      We have activate both

      /default_host/sap/public/bc/sec/saml2

      /default_host/sap/public/bc/sec/cdc_ext_service

       

      However after that when we launch Test Service, we encounter error below:

      • URL is not defined as a SAML 2.0 enpoint in client 000

      What is missing?

      ==> Resolve, still need to activate /default_host//sap/bc/webdynpro/sap/saml2 to user SAML2.

      Author's profile photo Steven Foo
      Steven Foo

      Hi,

       

      What do we need to do after we completed the below.?

      "You can download metadata from this screen and send it to Identity Provider team. Once Identity Provider team send you a metadata file, you need to upload metadata to trusted provider tab."

      Note: For Identify Provider, we will be using Azure AD.

      How to we continue setup the SSO and test for logon?

      Thanks.