• Print
• My Downloads ()

• Support
• Technical Documentation
• Cloud Access Manager 8.1.1
• Cloud Access Manager 8.1.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Cloud Access Manager 8.1.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Table of Contents  

Dell™ One Identity Cloud Access Manager 8.1.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 Prerequisites and requirements

Supported versions DNS settings

User mappings NetWeaver configuration (Service Provider Role) Dell™ One Identity Cloud Access Manager configuration - (Identity Provider Role) NetWeaver configuration

Dell™ One Identity Cloud Access Manager as an Identity Provider (IDP) Enabling SSO to SAP NetWeaver® applications

Legal notices

• Viewing Topics 5 - 8 of 11

×

User mappings

In the following example Cloud Access Manager is deployed using Active Directory® as the user store, and the logon ID of NetWeaver internal users matches the sAMAccountName of Cloud Access Manager users.

•	NetWeaver configuration (Service Provider Role)

•	Dell™ One Identity Cloud Access Manager configuration - (Identity Provider Role)

NetWeaver configuration (Service Provider Role)

To configure NetWeaver (Service Provider Role)

1	In the SAP NetWeaver® admin interface, navigate to Configuration|Security|Authentication and Single Sign-On. Select the SAML 2.0 tab.

2	Click Enable SAML 2.0 support.

3	In the Provider Name field, type NetWeaver and click Next.

4	Click Browse, located next to the Signing Key Pair field. In the Select Keystore Entry box, click Create. In the Entry Settings window under Entry Name, type test and click Next.

5	In the Subject Properties window, in the Common Name field type test. Click Finish, and then click OK.

6	Click Next to advance to Service Provider Settings.

7	Under Identity Provider Discovery, switch Selection Mode to Automatic.

NOTE: This hides the NetWeaver home realm discovery interface. It is not needed here since Dell™ One Identity Cloud Access Manager is the only configured identity provider.

8	Click Finish.

9	Click Edit then click the Service Provider Settings tab.

10	Click Add in the Relay State Mappings section and insert the following entry to facilitate IDP-initiated SSO later:

RelayState = portal

Path = /irj/portal

11	Click OK and then Save.

Dell™ One Identity Cloud Access Manager configuration - (Identity Provider Role)

To configure Cloud Access Manager (Identity Provider Role (IDP))

1	Log in to the Administration Console using the desktop shortcut Cloud Access Manager Application Portal and select Add New from the Applications section on the home page.

2	Click Configure Manually. Select Using SAML, and then click Next.

3	Under Federation Settings, set Recipient value to:

https://<NetWeaver_server_fqdn>:<port>/saml2/sp/acs

Where <NetWeaver_server_fqdn> is the fully-qualified domain name of your SAP NetWeaver® server, and <port> is the port number used by the NetWeaver server to listen on, for example https://srvnwce73.demo.sap.corp:50001.

4	Set Audience / SP Identity to NetWeaver and click Next.

5	On the Subject Mapping page, select Derive the username from an attribute, and enter sAMAccountName in the attribute name. Do not add extra claim mappings. Click Next.

6	Choose whether to proxy the application. Select Proxy this application if you want to expose your NetWeaver application to users on the Internet. If you choose this option, then you must:

a.	Set the value of the application URL to https://<NetWeaver_server_fqdn>:<port> for example https://srvnwce73.demo.sap.corp:50001. Click Next.

b.	Set the proxy URL to the publicly-accessible proxy URL for the application. Click Next.

7	Allow a role which includes your sample user to access the application. Click Next.

8	Name the application SAP NetWeaver. Click Next.

9	In the Application Portal section, change the title of the first entry to SAP NetWeaver Portal.

10	Switch the SSO Mode to IDP initiated. In the Relay State (optional) field type portal.

11	Click Finish. On the Application Created page, click Download Metadata and then Download Certificate. Save both files to a location that can be accessed by the NetWeaver admin browser. Click Close.

NetWeaver configuration

Dell™ One Identity Cloud Access Manager as an Identity Provider (IDP)

To configure Cloud Access Manager as an Identity Provider

1	In NetWeaver administration on the Configuration|Security|Authentication and Single Sign-On|SAML 2.0 page, click the Trusted Providers link. Click Add, and choose by uploading metadata file.

2	In the Select Metadata step, choose the CloudAccessManagerMetadata.xml document downloaded in step 11 of Cloud Access Manager configuration (Identity Provider Role) and click Next.

3	In the Metadata Verification step, choose the certificate (PEM file) downloaded in step 11 of Cloud Access Manager configuration (Identity Provider Role) and click Next.

4	In the Provider Name step, type the alias name Cloud Access Manager and click Next.

5	In the Signature and Encryption step, change the Single Sign-On Authorization Request Sign parameter to Never and click Next.

6	Click Next through to the end, then click Finish.

7	Click Edit, then under the Identity Federation tab, click Add to add a Name ID format.

8	Under Format Name, choose Unspecified. Under Source Name, choose Logon ID.

9	Click OK and then Save.

10	Click Enable.

•  Previous
• Viewing Topics 5 - 8 of 11
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to One Identity Support

You can find online support help for*product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center