Dear Techies
Can you please help me resolve an urgent issue when trying to use SAML 2.0 assertion. The ultimate aim is to get this working with UI5 / OData
as our ABAP server is not at a high enough Netweaver level to make use of OAuth 2.0 and SAML bearer assertion.
I am in the process of configuring SAML 2.0 assertion on a NW 7.02 SP 13 ABAP system with an external identity provider, Cloudminder.
The solution needs to be achieved Front End Channel i.e. HTTP POST/HTTP REDIRECT bindings
I have the following basic scenario working:
1) Configure SICF service to use SAML 2.0
2) Access service e.g. https://<hostname>:<port>/sap/bc/ping
3) Identity provider logon page displayed. Credentials entered
4) ACS endpoint reached successfully
5) User is redirected to service in 2)
I am have struggles achieving the next more challenging scenario.
The service needs to be called using Identity Provider SSO via a Service Mediation Layer.
The Service Mediation Layer will authenticate the user directly with the Cloudminder identity provider in advance
and receive a valid SAML 2.0 assertion token.
The SML will then call the service on the SAP Service Provider with the SAML 2.0 assertion token, and the
user is successfully authenticated on SAP without having to access identity provider logon page.
At this point in time SAP is completely ignoring the SAML 2.0 assertion and always directs the user to the logon page.
I am attempting to simulate the SAML 2.0 post in a rest client without success.
Operation: HTTP POST URL: https://<hostname.:<port>/sap/bc/ping?SAMLResponse=<encoded SAML 2.0>&RelayState=<encoded state>
Additional header parameters that have been tried without success are:
Content-Type: application/x-www-form-urlencoded
Content-Length: 11684
Connection: keep alive
Host: <hostname>
I attach a structure of SAML 2.0 response with dummy values.
Many thanks in advance for advice that leads to a successful resolution.
Mike