Pages

Friday, December 22, 2023

Single Sign On using SAML2 for SAP Netweaver Java

Problem:

Single Sign-On Configuration for SAP Netweaver based on Java

Solution:

1. Open the Authentication & Signle Sign-On Screen on your java system by using url http(s)://hostname.domain:<Port>/nwa/auth or nagivate to the Configuration --> Security --> Authentication and Single Sign-On --> SAML 2.0




2.  Now Click on Enable SAML 2.0 Support , to create the Local Provider Configuration.






3. Now provide the provider name in specified format https://<Name> e.g https://hostname.domain or https://<SID> and Click on Next.





4. Now you need to create a Signing Key Pair / Encryption Keypair, by clicking on browse button.



5. Now Click on Create on open pop-up screen.






6.  Provide the relevant information on all the mandatory field.



7. Now Provide the suitable CN name and Country Name for the properties and Click Next to move forward.




8.  Review all the shown information under subject properties and Click on Finish.



9. After clicking on Finish, below entry will be created and now click on OK.





















10.  Now you can see the signing and encryption key pair has been created. Click on Next to Move forward on next configuration step.



11. Now on the very next screen, Select Automatic under Selction Mode and Click on Finish to completed the intital configuration for Local Provider.




12.   Now Select the Metadata Tab for the created Local provider setting and updated the Digest Algorithm to SHA-256 and save the setting.





















13. Now you can download the Metadata of Netweaver Java system by clicking on Download Metadata. Share the Metadata to ADFS Team / Cloud Team / Cloud Identity  for the relying trust party and get their Federation XML and its certificate .


















14.  Now Click on Trust provider, then Add button and then Select the option Uploading Metadata File.



15.  Upload the Federation XML file which you have received in step 14.














16.  Now upload Federation signing certification. If your Team has provided the federation signing certificate in step 14, then you can manually extract the same from federation certificate content from under section <X.509 Certification> tag.Click on next till step 10.























17.  Choose the Comparison Method and Click on finish to complete the trust configuration.


















18. Now  Click on Identity Federation, Then on Add Button and then select the format Name through which you want to have authenticate the user. In my case I am using EMAIL.














19.  Now select the Signature and Encryption tab and check the Digest Algorithm.




20.  Now Click on Enable to activate the configuration.












21. Now Select the tab Authentication and select ticket to add the SAML2 login module in it.


























22.  Click on Add to Add the SAML2LoginModule with Flag SUFFICIENT.











23. Now Move the SAML2LoginModule to the top position by clicking on Move Up button and then Click on Save.






24. SSO configuration has been completed now. Make sure all the user should have email id assigned to their user in identity management.


Note:

To configure the SAML based authentication for abap system Please refer Link

at No comments:
Labels:
Subscribe to: Posts (Atom)