Chat now with support
Chat with Support

Cloud Access Manager 8.1.3 - How to Configure for SSO to SAP NetWeaver using SAML 2.0

Cloud Access Manager as an Identity Provider (IDP)

Cloud Access Manager as an Identity Provider (IDP)

To configure Cloud Access Manager as an identity Provider

  1. In NetWeaver administration on the Configuration | Security | Authentication and Single Sign-On | SAML 2.0 page, click the Trusted Providers link. Click Add, and choose by uploading metadata file.
  2. In the Select Metadata step, choose the CloudAccessManagerMetadata.xml document downloaded in step 11 of Cloud Access Manager configuration - (Identity Provider Role) and click Next.
  3. In the Metadata Verification step, choose the certificate (PEM file) downloaded in step 11 of Cloud Access Manager configuration - (Identity Provider Role) and click Next.
  4. In the Provider Name step, type the alias name Cloud Access Manager and click Next.
  5. In the Signature and Encryption step, change the Single Sign-On Authorization Request Sign parameter to Never and click Next.
  6. Click Next through to the end, then click Finish.
  7. Click Edit, then under the Identity Federation tab, click Add to add a Name ID format.
  8. Under Format Name, choose Unspecified. Under Source Name, choose Logon ID.
  9. Click OK and then Save.
  10. Click Enable.

Enabling SSO to SAP NetWeaver applications

To allow single sign-on (SSO) to your NetWeaver applications

  1. In NetWeaver Admin, select Configuration | Security | Authentication and Single Sign-On.
  2. On the Authentication tab, highlight the ticket policy configuration. On the Authentication Stack tab, click Edit.
  3. Under Login Modules, click Add. Choose SAML2LoginModule from the dropdown list. Click Add again, and choose CreateTicketloginModule from the list.
  4. Change the order and the flag status of the five login modules to match the following, then click Save. This will use federation, and fall back to forms if federation fails.

    EvaluateTicketLoginModule SUFFICIENT
    SAML2LoginModule OPTIONAL
    CreateTicketLoginModule SUFFICIENT
    BasicPasswordLoginModule REQUISITE
    CreateTicketLoginModule OPTIONAL

Related Documents