Dear Readers
Do you want to know how to enable Single Sign-On from SAP IAS ??
SAP IAS - Identity Authentication Service
The single sign-on through SAP IdP is not turned on by default. When disabled, users can only access SAP Commissions through the SAP Commissions login page, using their user ID and password. To enable it, you need to follow the below steps to configure
Once set up, users authenticated with SAP IAS can log in to SAP Commissions without entering their ID or password. Unauthenticated Commissions users that attempt to access a Commissions URL will be redirected to the SAP Identity Access Management login page for authentication.
You will be provided with two URLs:
Login to SAP Identity Authentication Service [IAS] Portal
Download Metadata.xml
which will be used to upload in SAP Commission ( will be shown in below steps)
Navigate to Applications and choose the product you need to enable SSO
1. Type
Select SAML 2.0
2. SAML 2.0 Configuration and upload the sp.xml from SAP Commissions
3. Subject Name Identifier
4. Default Name ID Format
Choose either one for users login method
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
5. Assertion Attributes
User Attributes | Assertion Attributes |
Language | sapIdp.language |
User ID | sapIdp.uid |
Login Name | sapIdp.loginName |
First Name | sapIdp.firstName |
Last Name | sapIdp.lastName |
sapIdp.email | |
Groups | sapIdp.userGroups |
Update the values from the above table if incase if values are blank
Configure from below screen with corresponding sequence numbers in SAML Configuration Type Section
Admin should logout the page after SAML is configured and ask Users to login to SAP Commission Portal.
Users should able to see the login page of SAP IAS Login screen
Admin can see the Security logs in SAP Commission Portal for users Authentication mechanism (SAML)
Troubleshooting in IAS or to find audit logs ( download CSV)
Links
SAP Cloud Identity Services: https://community.sap.com/topics/cloud-identity-services
Identity Authentication service in a nutshell:
Troubleshooting Resources
Online & Browser Tools:
➢ Allows you to validate a SAML Response for Chrome (see example in next slide, FF uses SAML Tracer) - https://www.samltool.com/validate_response.php
➢ Allows you to debug your SAML based implementation (see example in next slide, it is a way to validate if all of the related entries are valid) -
https://chrome.google.com/webstore/detail/saml-message-decoder/mpabchoaimgbdbbjjieoaeiibojelbhm?hl=e...
➢ https://www.base64decode.org/ - Decode from Base64 format.
Thanks, for reading it till the end.
Hope you find that helpful! Let me know your thoughts on this in the comments section.
Don't forget to share this article with your friends or colleagues.
Feel free to connect with me on any of the platforms below! 🚀
yoganandamuthaiah |Twitter | LinkedIn | GitHub
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
13 | |
11 | |
10 | |
8 | |
8 | |
8 | |
7 | |
7 | |
7 | |
6 |