cancel
Showing results for 
Search instead for 
Did you mean: 

Authenticating an API using SAML assertion in SAP API Management

giridhar_vegi
Participant
0 Kudos

Dear Team,

I am having a requirement to authenticate the API exposed via API Management using the SAML Assertion with out using the third party like Azure. The external application does not generate the SAML Assertion. Is there any way where we can generate the assertion in API Management itself to authenticate the external Application?. From API management to SAP we can do that using SAML assertion policy . 

Please help me on this.

Regards

Giridhar

View Entire Topic
Martin-Pankraz
Active Contributor
0 Kudos

Hi @giridhar_vegi,

when generating the SAML assertion yourself in APIM you are essentially declaring it your identity provider. That is a severe security risk. Any error or exploitable gap would to lead to user compromise. Identity Providers are purpose-built for this. I am assuming you are bypassing another challenge by looking to implement this yourself. Feel free to share more, so the community can advise on solving the underlying challenge.

If you must explore further have a look at this javascript library and this ApiGee article how to generate your own in SAP APIM. Make sure to lock down access tightly. Either way, I highly discourage this.

KR Martin