Single Sign-On For SAP Web Applications
Security Assertion Markup Language (SAML) is a Single Sign-On (SSO) method used in exchanging authentication and authorization between security domains. It is an XML-based protocol that allows Identity Providers (IdP) to pass authorization credentials to Service Providers (SP).
SAML-based authentication is the process of validating the user’s identity and login details such as password, two-factor authentication and so on.
Offering several options, SAP NetWeaver Single Sign-On can be accessed from any web clients (browsers) and helps in Logon tickets via either X.509 Client Certificates or SAML2 authentication methods.
Cryptographic library functions are used to support authentication procedures in the most secured manner. SSO login has significant upsides such as:
- No need to make use of the user logins
- No need to remember the passwords
Most of the organizations have identity maintained for all the users as they would be available on the Active Directory domain already.
Advantages of SAML
- Improved User Experience: Users can access multiple applications by signing into just one, without additional authentication and allowing faster and better experience for each service provider. It also eliminates password issues such as reset and recovery.
- Enhanced Security: Security is a key aspect in the software development, and when it comes to enterprise applications, it is extremely important. SAML provides a single point of authentication, which happens at a secure identity provider. It then transfers the identity to service providers. This form of authentication ensures that the credentials do not leave the firewall boundary.
- Reduced costs for every application (Service provider): With SAML, you don’t have to maintain account information across multiple services. The identity provider bears this burden.
How does SAML work?
SAML works by exchanging users’ information between Identity Provider (IdP) Service Providers (applications) through an exchange of Metadata XML file which is digitally signed.
SAML SSO Flow
The following diagram explains the SSO flow for Service Provider i.e., when the application is triggered via the SSO mechanism.
- Users can access the application using Internet Explorer.
- They would then get connected to the Service Provider through the browser with the help of an already existing active IdP or a new one.
- IdP established would then go through the authentication process via SAML tokens (XML File).
- This file contains user details like username and email address which would then be passed on to the Service Provider (application).
- The Service Provider identifies the Identity Provider and responds to the tokens based on the fingerprints (valid certificates).
- The access is then provided to the respective applications.
MOURI Tech’s SAP Basis team can help you implement Single Sign-On (SSO) for all web-based SAP applications.
- Single Sign-On SAML for FIORI applications:
- Single Sign-On setup for SAP Analytics Cloud applications:
Contact for further details
Vijay Bhaskar Reddy G
Technology Analyst – SAP Basis