cancel
Showing results for 
Search instead for 
Did you mean: 

How to deactivate the using of the parameter saml2=disabled?

mariella
Discoverer
0 Kudos

Hi Experts,

is there a way to prevent the use of the parameter saml2=disabled? This parameter enables users to bypass corporate Identity Provider authentication and use their username and password instead. This is a security concern.

Disabling the passwords altogether is not possible, since some scenarios still require password authentication, such as digital signatures, approval processes, etc.

Thank you,

Mariella

Accepted Solutions (1)

Accepted Solutions (1)

alexanderbrietz
Active Contributor

Hi Mariella,

AFAIK there is no option within SAP software to prevent this. I think you would need to use a decent tool in between like a proxy that filters this URL parameter. Apache and mod_rewrite should do the job.

Regards,

Alex

Answers (1)

Answers (1)

prrandhawa
Discoverer
0 Kudos

3280746 - How to enforce all web-based login to use SAML2 in ABAP system

Please check this note for the solution .