In this scenario, there is an existing Back-end Service deployed in Neo, but the Mobile Service is deployed in Cloud Foundry. We recommend customers to migrate the Back-end Service to Cloud foundry. If they can't, or they are in the interim period of migrating from Neo to Cloud Foundry, here are two types of "SSO Mechanism" apply to this kind of deployment:








It'll popup bellow window: 
Click the "Browse" button, select the "SAML Metadata" file downloaded in step 2.If the Back-end Service deployed in Neo uses OAuth2SAML Authorization, you can choose this type of "SSO Mechanism".
It'll popup bellow window: 




Copy the value of "Local Provider Name".



Navigate to {Your Global Account} > {Your Sub Account} > Security > Trust > Application Identity Provider page, click the "Add Trusted Identity Provider": 
It'll popup bellow window:
Click the "Browse" button, select the "SAML Metadata" file downloaded in step 3, and check the "Only for OAuth2 SAML Bearer flow" checkbox.
In this scenario, there is an existing Mobile Service deployed in Neo, but the Back-end is deployed in Cloud Foundry. We recommend customers to migrate the Mobile Service to Cloud foundry as well. If they can't, or they are in the interim period of migrating from Neo to Cloud Foundry, here is one type of "SSO Mechanism" applies to this kind of deployment:
In SAP Cloud Platform Cockpit, navigate to {Your Global Account} > {Your Sub-account} > Security > Trust Configuration page, click the "SAML Metadata" button to download it.
SSO Mechanism: OAuth2 SAML Bearer Assertion
Audience: In the SAML Metadata file got it in step 1, copy the value of "entityID".
Token Service URL: In the SAML Metadata file got it in step 1, find the xml node pattern as following:
<md:AssertionConsumerService Location="{Token Service URL}" Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" index="1"/>Copy the value of Location property.
Client Key: The "clientid" value of Back-end's XSUAA service instance .
Token Service Password: The "clientsecret" value of Back-end's XSUAA service instance.
SAML Assertion Issuer: Name a issuer.
Name ID Format: Set to "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified".


Click the "New Trust Configuration" button, in the popup window, click the "Upload" button, upload the "SAML Metadata" file got in step 3.
Give this trust configuration a name.You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| User | Count |
|---|---|
| 4246 | |
| 3359 | |
| 2603 | |
| 2153 | |
| 1983 | |
| 1255 | |
| 1164 | |
| 1122 | |
| 1100 |