Recently I have some customers asking to implement Fiori authentication. They don't want the users to key in the SAP username / password. Instead, everyone shall enter their Active Directory username / password.

First we install a brand new SAP J2EE instance, then point the UME to LDAP

5b1fe981c1767.jpg
5b1fe98a6015f.jpg

Then we install the Identity Federation component, using SUM
5b1fe9fc8369e.jpg

Now configure SAML2 in J2EE NWA. Make sure when you create the service, the operation mode needs to be "Identity Provider and Service Provider"

5b1fea6b44da9.jpg

Finally download the metadata for next step

5b1feaa9010b1.jpg

Recently I have some customers asking to implement Fiori authentication. They don't want the users to key in the SAP username / password. Instead, everyone shall enter their Active Directory username / password. First we install a brand new SAP J2EE instance, then point the UME to LDAP ![5b1fe981c1767.jpg](serve/attachment&path=5b1fe981c1767.jpg) ![5b1fe98a6015f.jpg](serve/attachment&path=5b1fe98a6015f.jpg) Then we install the Identity Federation component, using SUM ![5b1fe9fc8369e.jpg](serve/attachment&path=5b1fe9fc8369e.jpg) Now configure SAML2 in J2EE NWA. Make sure when you create the service, the operation mode needs to be "Identity Provider and Service Provider" ![5b1fea6b44da9.jpg](serve/attachment&path=5b1fea6b44da9.jpg) Finally download the metadata for next step ![5b1feaa9010b1.jpg](serve/attachment&path=5b1feaa9010b1.jpg)

Project 'Clam' founder

Go to ABAP instance, in this case, the S/4 server, run tcode SAML2, then create the local provider, then download metadata xml file

5b1feb5183dc1.jpg

In Trusted provider, upload the metadata xml file which we exported in J2EE instance

5b1feba5f1ea7.jpg

Identity Federation, choose Logon ID

5b1febdc02dd0.jpg

Now go back to J2EE Instance, upload the metadata xml file which we've just downloaded from the ABAP instance (via tcode SAML2)

5b1fec4ec8d06.jpg

Identity Federation, create the same with Logon ID

5b1feca914422.jpg

Go to ABAP instance, in this case, the S/4 server, run tcode SAML2, then create the local provider, then download metadata xml file ![5b1feb5183dc1.jpg](serve/attachment&path=5b1feb5183dc1.jpg) In Trusted provider, upload the metadata xml file which we exported in J2EE instance ![5b1feba5f1ea7.jpg](serve/attachment&path=5b1feba5f1ea7.jpg) Identity Federation, choose Logon ID ![5b1febdc02dd0.jpg](serve/attachment&path=5b1febdc02dd0.jpg) Now go back to J2EE Instance, upload the metadata xml file which we've just downloaded from the ABAP instance (via tcode SAML2) ![5b1fec4ec8d06.jpg](serve/attachment&path=5b1fec4ec8d06.jpg) Identity Federation, create the same with Logon ID ![5b1feca914422.jpg](serve/attachment&path=5b1feca914422.jpg)

Project 'Clam' founder

Now go to the WebGUI or any SICF service of the S/4 ABAP instance, it will re-direct to the J2EE instance login page

5b1fed672c560.jpg

After login using the Active Directory user name / password, it will re-direct to the WebGUI page

5b1feda08b4db.jpg

Now go to the WebGUI or any SICF service of the S/4 ABAP instance, it will re-direct to the J2EE instance login page ![5b1fed672c560.jpg](serve/attachment&path=5b1fed672c560.jpg) After login using the Active Directory user name / password, it will re-direct to the WebGUI page ![5b1feda08b4db.jpg](serve/attachment&path=5b1feda08b4db.jpg)

Project 'Clam' founder

425
views
2
replies
0
followers
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft