SAML (Security Assertion Markup Language) is an XML-based standard for communicating identity information between organizations and service providers. It is commonly used for enabling the secure transmittal of authentication tokens and other user attributes across domains. If you’ve already implemented SAML version 2.0, you can then configure the ABAP frontend server for use with SAML 2.0 in conjunction with IDP (identity provider), like SAP IDP, Microsoft’s Active Directory Federation Service (AD FS). Compared to the Kerberos authentication, SAML 2.0 authentication is relatively easy to configure. To enable SSO outside your corporate network, make sure that SAML IDP is securely accessible from outside your network.
Advantages of using SAML 2.0
- Works well in scenarios with multiple user domains
- Works well where the trust configuration can be complicated
- Enables you to map SAP users based on username attributes or a user’s email.
In case, if you want to refer and purchase for a guide or a book on the same, below are some of our personal recommendations that we’ve absolutely loved:
In the SAP Fiori system landscape, SAML 2.0 is supported only for communication with the ABAP frontend server, not for SAP HANA.
SAP Logon Tickets
SAP logon tickets are nothing, but the cookies of a session that are stored in the client’s browser. For SAP logon tickets, you can either use the existing system like a portal that already issues logon tickets, or you can configure the ABAP frontend server to issue logon tickets. You must configure the required backend system (ABAP or SAP HANA) to allow and accept logon tickets. The SSO, then provides access to the SAP HANA database or any database, from any frontend application without the need to log in.
User mapping is not supported, so you must ensure that the users in ABAP system have the same user names as the database users in SAP HANA. If a customer uses all three types of SAP Fiori Apps, make sure that the user name complies with the sticker restriction rules from SAP HANA.
After the configuration is finished, the ABAP frontend server acts as a ticket issuing system while the ABAP backend server acts as a ticket accepting system. Thus, the authentication flow steps between ABAP frontend and ABAP backend servers are, as follows:
- The user logs in with the username and password to the ABAP frontend server.
- After the ABAP frontend verified the logging credentials, the user is logged onto the system and issued a logon ticket.
- User’s browser then stores the logon ticket and uses it for authentication on ABAP backend servers.
- The web browser then sends the issued logon ticket to the ABAP backend system.
- ABAP backend server verifies the tickets.
- Lastly, if the tickets are valid, then the user are provided access by the ABAP servers.
The SAP logon tickets are transferred as web browser cookies. Thus, you can only use this authentication if all the systems in the landscape are located within the same DSN.
In case, if you want to refer and purchase for a guide or a book on the same or even just a simple reference guide on SAP development, below is the one which is user-friendly and also friendly on the pocket!
Follow our Blog for more updates and current offers!
[hubspot type=form portal=5934508 id=b37ebdfc-5650-4300-9817-b74e08369d72]
Business Consultation and Business Model
At SAP Expert Solutions, apart from SAP services, we actively indulge ourselves in Business Consultation and improve ourselves for the good too, helping small-scale business to scale-up their business growth and individuals to make extra income!
Thus, we have started an initiative to help some of you, on a regular interval basis. Get our Business Guide on Top Successful Business Models & Ideas, specially designed and curated by our Business Support Team.
The Event Sale Timeline: 1st June 2019 – 1st October 2019
Follow and Stay tuned at SAP Expert Solutions for upcoming events and offers. So, gear up, brace yourselves and get ready for the Business Revolution!