+

Search Tips   |   Advanced Search

SAP NetWeaver - Configure Tivoli Federated Identity Manager with SAML for single sign-on

We can also use Tivoli Federated Identity Manager with Security Assertion Markup Language (SAML) for single sign-on to SAP NetWeaver Portal.

In such a scenario, Tivoli Federated Identity Manager with SAML is responsible for handling the authentication flow using Security Assertion Markup Language. For the SAP integration into HCL WebSphere Portal, the supported SAML scenario is named Service Provider initiated single sign-on. To use such a scenario, we need technical expertise for all three participating systems: HCL WebSphere Portal, IBM Tivoli Federated Identity Manager, and SAP NetWeaver Portal.

To use Tivoli Federated Identity Manager (Tivoli Federated Identity Manager) for single sign-on to SAP NetWeaver Portal with Integrator for SAP, follow these instructions:

  • Make sure the Tivoli Federated Identity Manager is configured correctly for authentication of the participating service providers and the users in a service-provider initiated single sign-on scenario. The service providers are the SAP NetWeaver Portal instance and the HCL WebSphere Portal instance.

    • For the navigation integration, set up a Web Service Single Sign On for the Web Service Client NavigationWS. This Web Service Client is hosted in the enterprise application IntegrationSAP in the WAS console.

    • For the SAP navigation integration, set up Web Single Sign On to the SAP NetWeaver Portal.

  • To make the Integrator for SAP, use Tivoli Federated Identity Manager do not set any other authentication configuration:

    • For the SAP navigation integration, do not set the parameters sap.CredentialSlotId and sap.SSOTokenUrl. Also, do not configure single sign-on for browsers as described under the topic about Configure basic authentication for single sign-on to SAP NetWeaver Portal.

    • Do not add the login or logout filter of the SAP integration to the filter chains.

  • To test and verify the environment use the SAP navigation integration. This test requires the web service single sign-on is configured.


Parent Configure Integrator for SAP

Related tasks:

Configure logout handling
Set service configuration properties

Related reference:

Configuration Service