Cloud Access Manager 8.1.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Chat now with support

Live-Hilfe anfordern
Registrierung abschließen

Anmelden

Preisinformationen anfragen

Vertrieb kontaktieren

Dell™ One Identity Cloud Access Manager 8.1.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Prerequisites and requirements

Supported versions DNS settings

User mappings NetWeaver configuration (Service Provider Role) Dell™ One Identity Cloud Access Manager configuration - (Identity Provider Role) NetWeaver configuration

Dell™ One Identity Cloud Access Manager as an Identity Provider (IDP) Enabling SSO to SAP NetWeaver® applications

Legal notices

User mappings

In the following example Cloud Access Manager is deployed using Active Directory® as the user store, and the logon ID of NetWeaver internal users matches the sAMAccountName of Cloud Access Manager users.

•

NetWeaver configuration (Service Provider Role)

•

Dell™ One Identity Cloud Access Manager configuration - (Identity Provider Role)

NetWeaver configuration (Service Provider Role)

To configure NetWeaver (Service Provider Role)

In the SAP NetWeaver® admin interface, navigate to Configuration|Security|Authentication and Single Sign-On. Select the SAML 2.0 tab.

Click Enable SAML 2.0 support.

In the Provider Name field, type NetWeaver and click Next.

Click Browse, located next to the Signing Key Pair field. In the Select Keystore Entry box, click Create. In the Entry Settings window under Entry Name, type test and click Next.

In the Subject Properties window, in the Common Name field type test. Click Finish, and then click OK.

Click Next to advance to Service Provider Settings.

Under Identity Provider Discovery, switch Selection Mode to Automatic.

NOTE: This hides the NetWeaver home realm discovery interface. It is not needed here since Dell™ One Identity Cloud Access Manager is the only configured identity provider.

Click Finish.

Click Edit then click the Service Provider Settings tab.

Click Add in the Relay State Mappings section and insert the following entry to facilitate IDP-initiated SSO later:

RelayState = portal

Path = /irj/portal

Click OK and then Save.

Dell™ One Identity Cloud Access Manager configuration - (Identity Provider Role)

To configure Cloud Access Manager (Identity Provider Role (IDP))

Log in to the Administration Console using the desktop shortcut Cloud Access Manager Application Portal and select Add New from the Applications section on the home page.

Click Configure Manually. Select Using SAML, and then click Next.

Under Federation Settings, set Recipient value to:

https://<NetWeaver_server_fqdn>:<port>/saml2/sp/acs

Where <NetWeaver_server_fqdn> is the fully-qualified domain name of your SAP NetWeaver® server, and <port> is the port number used by the NetWeaver server to listen on, for example https://srvnwce73.demo.sap.corp:50001.

Set Audience / SP Identity to NetWeaver and click Next.

On the Subject Mapping page, select Derive the username from an attribute, and enter sAMAccountName in the attribute name. Do not add extra claim mappings. Click Next.

Choose whether to proxy the application. Select Proxy this application if you want to expose your NetWeaver application to users on the Internet. If you choose this option, then you must:

Set the value of the application URL to https://<NetWeaver_server_fqdn>:<port> for example https://srvnwce73.demo.sap.corp:50001. Click Next.

Set the proxy URL to the publicly-accessible proxy URL for the application. Click Next.

Allow a role which includes your sample user to access the application. Click Next.

Name the application SAP NetWeaver. Click Next.

In the Application Portal section, change the title of the first entry to SAP NetWeaver Portal.

Switch the SSO Mode to IDP initiated. In the Relay State (optional) field type portal.

Click Finish. On the Application Created page, click Download Metadata and then Download Certificate. Save both files to a location that can be accessed by the NetWeaver admin browser. Click Close.

NetWeaver configuration

Dell™ One Identity Cloud Access Manager as an Identity Provider (IDP)

To configure Cloud Access Manager as an Identity Provider

In NetWeaver administration on the Configuration|Security|Authentication and Single Sign-On|SAML 2.0 page, click the Trusted Providers link. Click Add, and choose by uploading metadata file.

In the Select Metadata step, choose the CloudAccessManagerMetadata.xml document downloaded in step 11 of Cloud Access Manager configuration (Identity Provider Role) and click Next.

In the Metadata Verification step, choose the certificate (PEM file) downloaded in step 11 of Cloud Access Manager configuration (Identity Provider Role) and click Next.

In the Provider Name step, type the alias name Cloud Access Manager and click Next.

In the Signature and Encryption step, change the Single Sign-On Authorization Request Sign parameter to Never and click Next.

Click Next through to the end, then click Finish.

Click Edit, then under the Identity Federation tab, click Add to add a Name ID format.

Under Format Name, choose Unspecified. Under Source Name, choose Logon ID.

Click OK and then Save.

Click Enable.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem

Cloud Access Manager 8.1.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

User mappings

NetWeaver configuration (Service Provider Role)

Dell™ One Identity Cloud Access Manager configuration - (Identity Provider Role)

NetWeaver configuration

Bitte wählen Sie Ihr Produkt aus: