Dear Experts,

I have one very complex business scenario to be implement with in our landscape, would you please suggest or through your ideal views on this please.

we have developed one SAP UI5 application, whereas this application has been hosted on NW portal using with FIORI UI5 view & provided this app to end-user as an external access from NW Enterprise porta, this scenario is up n running successfully. [ current environment is S4HANA on Premise 2021 01 (02/2022) FPS + NW Enterprise Portal]

we are looking to provide these applications to end-user, rather SAP NW Enterprise portal, planning to provide access from BTP Neo Environment.

will this possible?

to archive this, I have completed below integrations successfully!

• Deployed SAP UI5 application in to BTP Neo Environment
• Successfully completed SSO between BTP Neo Environment with cloud Identity service [ IAS / IPS]
• Now able access above BTP application by using non s-user id, means one of user id which has created in cloud Identity service user management [ IAS / IPS].
• By using above USER ID can access UI5 applications which has deployed into BTP Neo environment.

Now next step is to connect or build SSO between SAP NW SSO 3.0 system & cloud Identity service [ IAS / IPS], so that BTP application can be able to access by using SAP NW SSO 3.0 Identity management.

Hope am clear here, in simple word, BTP application should able to access user from SAP NW SSO 3.0 user management.

Will it possible?

to archive this, I have completed with below steps:

• Exchange metadata file between cloud Identity service [ IAS / IPS] & SAP NW SSO 3.0, by creating application in Applications & Resources
• added corporate identity provider that provides user authentication to an application by using SAML 2.0 configuration.

Steps completed in cloud connector:

• added subaccount in cloud connecter administrator.
• Same subaccount added access control under cloud to on-premises & with ping able to reach successfully of SAP NW SSO 3.0.

Steps completed in BTP Neo environment:

• Activated Service: Identity Authentication Add-On
• Added destinations under Service Configuration: Configure Identity Authentication Add-On
• Destination i.e., SAP NW SSO 3.0 able to ping successfully.
• BTP Neo cockpit->Security->Trust->local service providerà connection type has been changed to custom.
• Hence after! Metadata downloaded & updated into cloud Identity service [ IAS / IPS]
• BTP Neo cockpit->Security->Trust->application Identity provider -> in Manage Trust Relationships and Federation Settings added trust identity provider.
• Hence after with above step we should be able to view Identity authorization admin console of SAP NW SSO 3.0 user management,
• In next step I can do set Configure basic authentication (authentication with username and password) for my above applications.
• Due some reason! Or could be wrong certification or metadata! am unable to view SAP NW SSO 3.0 Identity authorization admin console under application Identity provider TAB.
• Am missing this option, question is will it be possible by using BTP Neo environment to connect SAP NW SSO 3.0 user management??

Hope my scenario is clear, will you please through some light on my scenario will it possible by using BTP Neo environment.

Ref. SAP Note is: 2627538 - Does SAP BTP Neo support IdP-initiated SSO

Thank you.

Venu.