Support for Security Assertion Markup Language (SAML) was added to Kapsel in SP05 of the SDK. The onpremise version of the SMP server added support for SAML in SP05.
The following samples were creating using SP07 PL01 of the SDK.
Here are a few terms that are used with SAML.
An identity provider maintains a directory of users and provides authentication.
A service provider is the web site or service that is being accessed.
A user is the person who has an account with the identity provider.
When a user logs in with the identity provider, a SAML token is returned that grants access to an application for a certain length of time. If the SAML token is compromised it is only valid for a limited length of time against a specific application. Multiple applications can use the same identity provider hence one user name and password or perhaps even a biometric like a fingerprint can be used.
For additional details on SAML see SAML 101 Video and Enabling Secure Onboarding Using SAML.
The following steps demonstrate how to configure the Logon example from the HCPms section to use SAML as the authentication provider for the application.
https://accounts.sap.com/saml2/idp/sso/accounts.sap.com
and it requests your SCN user name and password. "auth":
[
{
"type": "saml2.web.post"
}
],
cordova -d prepare
The following steps will demonstrate how to configure the SMP server to work with an identity provider and then use that identity provider as an authentication provider for the Logon sample. The identity provider used in this section is a hosted solution from SSOCircle that has free account registration to their hosted identity provider as well as paid offerings.
Other identity providers include Microsoft Active Directory Federation Services and Identity Provider for SAP Single Sign-On
c:\temp\saml\idp.ssocircle.com.xml
C:\temp\saml\smp-metadata.xml
c:\temp\saml\idp.ssocircle.com.xml
"auth": [
{
"type": "saml2.web.post",
"config": {
"saml2.web.post.authchallengeheader.name": "com.sap.cloud.security.login",
"saml2.web.post.finish.endpoint.uri": "/SAMLAuthLauncher",
"saml2.web.post.finish.endpoint.redirectparam": "finishEndpointParam"
}
}
],
Note the config section is optional. For additional details see Enabling Secure Onboarding Using SAML.cordova -d prepare
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
30 | |
19 | |
10 | |
10 | |
8 | |
7 | |
7 | |
7 | |
6 | |
6 |