Skip to Content

Hello everyone,

This time one of our customers give us with a new challenge. Deploy an application in SAP Cloud Platform, use SAP Cloud identity as an identity provider and obtain data from an on-premise system through a Gateway and odatas.

The first thing was to ask the best strategy to the SAP community: Question in SAP Community

Thanks to the answers I had it clear, I should use SAPAssertionSSO, so get to work…

In this part of the tutorial we will enable an instance of SAP Cloud Indenity to be used with our SAP Cloud Platform as identity provider

  • We enable a “Custom” identity provider in SCP:

    • Enter to the SAP Cloud Platform Cockpit and access to account and then into Subaccount: https://account.hana.ondemand.com/cockpit#

    • Goes to “Security” -> “Trust” and:

      • We select the tab “Local Service Provider” and change field “Configuration type” with value “Custom” 
      • When selecting the “Custom” option, the configuration data appears. We download the metadata file in the link that will appear
    • Create a new application in SAP Cloud identity and add SAP Cloud Platform configuration:

      • Access to the cloud identity tenand: https://<<Tenand-account>>.accounts.ondemand.com/admin/#
      • Create a new application in “Applications & Resources” -> “Applications” and press “+ Add” button:
      • In the new application, add the SAML 2.0 Configuration downloaded in file “Metadata.xml” in previos stepPress option “SAML 2.0 Configuration” and add metadata file and press “save”, when the file is loaded automatically, the configuration will be applied:
      • This point is very important if we want to use the users registered at the gateway. We select the option “Name ID Attribute” to determine which identity management field we map with SAP Gateway users:Select the option Login Name, this field must have the user ID registered at the gateway when creating the user in SAP Cloud Identity:
      • (Not configuration step!) This configuration is equivalent to the field “Login Name” when the new user is added
      • Download the SAP Cloud Identity configuration file to add in SAP Cloud Platform (metadata.xml): Goes to “Application & Resource” -> “Tenant Settings” and press button “Download Metadata File”.

 

  • Add SAML 2.0 configuration file (metadata.xml) from SCI to SCP

    • We add a new Trusted Identity in SAP Cloud Platform with option: “Security” -> “Trust” and click on tab “Applcation Identity Provider” and select option “Add Trusted Identity Provider”.

    • In the form we add the downloaded file of the SCI

We have finished, now we can create users in SCI to make the connection with our applications deployed in SCP. In part 2 we will see how to create a connection ticket with our SAP Gatway and be able to use the user in SAP on premise.

You can see the rest in Part II

Thank you all.

References: https://help.sap.com/viewer/68157309c6874ed7a3f83d0b0e5fd386/latest/en-US/c74a26a4150a425f8f4b87b695e5506c.html

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply