cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authenticating an API using SAML assertion in SAP API Management

giridhar_vegi
Participant

on ‎2024 May 28 10:47 PM

0 Kudos
1,176

Dear Team,

I am having a requirement to authenticate the API exposed via API Management using the SAML Assertion with out using the third party like Azure. The external application does not generate the SAML Assertion. Is there any way where we can generate the assertion in API Management itself to authenticate the external Application?. From API management to SAP we can do that using SAML assertion policy . 

Please help me on this.

Regards

Giridhar

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

Martin-Pankraz
SAP Champion
SAP Champion
‎2024 May 29 7:08 AM
0 Kudos

Hi @giridhar_vegi,

when generating the SAML assertion yourself in APIM you are essentially declaring it your identity provider. That is a severe security risk. Any error or exploitable gap would to lead to user compromise. Identity Providers are purpose-built for this. I am assuming you are bypassing another challenge by looking to implement this yourself. Feel free to share more, so the community can advise on solving the underlying challenge.

If you must explore further have a look at this javascript library and this ApiGee article how to generate your own in SAP APIM. Make sure to lock down access tightly. Either way, I highly discourage this.

KR Martin

Show replies
Show replies
Ask a Question