cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP Fiori LDAP Integration

Go to solution
Former Member

on ‎2015 Jan 07 8:18 AM

2,805

Hello,

We are implementing SAP Fiori as a Central Hub Deployment model, front end is NW 740 SP8, Back end is SAP ECC EHP7 on HANA. We want to integrate SAP Fiori with LDAP so that user's can use their AD user id and password.  We are not using SAP NW SSO or SAP EP.

Can you please let me know how this can be achieved ? Since User ID's should be same in front end, back end and HANA, how do i map user id's ?

Please help

Thanks,

Ravi

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
Former Member
‎2015 Sep 01 4:56 PM
0 Kudos

Hi Ravidnran and Aoki,

what is the decision based on your research?

We are in similar situation, Users access FIORI app from Internet. Our Gateway server is separated and sits in corporate network.

we have LDAP to authenticate   , but need to understand how did you guys approached? We do not have SAML, SMP,or NW SSO tools .

Please provide some guidance or Input.

Thanks

Krish

Show replies
Show replies
Former Member
‎2015 Sep 01 5:23 PM
0 Kudos

Hello Krish,

SAML authentication against Microsoft ADFS server is the best approach i come across, most of the customers has ADFS already in place. This is the best way to setup SSO for Fiori if you have HANA backend.

You dont need NW SSO license for this approach.

Ravi

Former Member
‎2015 Sep 01 5:48 PM
0 Kudos

Thanks Ravindran for quick response.

We do not have SAML IDP right now, is it free from SAP?

if we use SAML do we still need SAP NW SSO ?

if we don't have SAML , can we achieve this using SAP NW SSO with LDAP.

Thanks

Krishna

Former Member
‎2015 Sep 01 5:58 PM
0 Kudos

SAML 2.0 is the authentication type supported by SAP, You can try setting up Microsoft IDP if you don't have one. You don't need NW SSO license for this.

NW SSO supports SAML authentication too but you would need SAP IDM for that.

Ravi

Ramesh_Cirrus
Explorer
‎2015 Sep 02 7:43 PM
0 Kudos

Hello Ravi,

Is it possible to authenticate Fiori using LDAP which is inside our corporate network? We have NW SSO 2.0 and SAML. The issue is users don't want to remember another password to login to FIori app.

Please guide me thru some documentation on how to do this.

Thanks in advance,

Ramesh

former_member229961
Explorer
‎2015 Sep 02 8:08 PM
0 Kudos

Hello Ravi,

I,m late with the SAML configuration. The ADFS was installed by the customer for test purposes but already intending to be a future production service, but when we tried to import the metadata file generated by SAML2 transaction on SAP Gateway/ Fiori appears an validation error such as 'SAML2 service not accessible'.

I checked the SICF and metadata file content and the configuration appears OK. They match the screenshots on pdf guide 'SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS" made by Navin Sahadev.

The metadata 'URL https://<server>:<port>/sap/saml2/sp/metadata?sap-client=200' works fine but not the 'https://<server>:<port>/sap/saml2/sp/acs/200' test executed by ADFS.  Does acs service provided by SAP IDM as mentioned above?

Do you have a idea about what is wrong here?  I´m not using the default HTTPS port. Could be this a problem?

Regards,

Rodrigo Aoki

former_member227004
Explorer
‎2016 Aug 07 12:19 PM
0 Kudos

Hi Ravi,

Based on the setup you mentioned for Hub based landscape , so we have a Web dispatcher, Gateway server, ERP and HANA DB.


Are you suggesting SAML authentication with Microsoft ADFS server is the best approach for using Fiori on Mobile and PC.

Can you provide with heads on setting up SAML with ADFS.

Thanks

Jayesh

Ask a Question