SAML 2.0 support in SAP adapter

Juanal · June 30, 2014, 4:15am

I’ve been trying to find documentation around SAML 2.0 support in the webMethods Integration Server adapter for SAP.

I need Integration Server (IS) to mediate between a SharePoint system and SAP. A key part of this is to enable SAP to pick up the actual user that initiated the interaction in SharePoint, not just a generic account Integration Server’s adapter might be using when communicating with SAP.

Is SAML 2.0 supported by the SAP adapter?

rmg · June 30, 2014, 7:35pm

What is your IS/SAP Adapter version and current adapter fix level?

Also some notes on SAML 2.0 from the Empower:

Resolution:

Please refer to “8-2-SP1_Web_Services_Developers_Guide.pdf” (http://techcommunity.softwareag.com/ecosystem/documentation/webmethods/wmsuites/wmsuite8-2_sp2/Integration_Server/8-2-SP1_Web_Services_Developers_Guide.pdf) starting page 159 on section “How You Can Secure SOAP Messages with WS-Security”.

It mentions “Note: You can only use SAML tokens when using WS-SecurityPolicy. The Integration Server WS-Security facility does not support SAML tokens.”

Refer to “8-2-SP2_Administering_Mediator.pdf” (http://techcommunity.softwareag.com/ecosystem/documentation/webmethods/wmsuites/wmsuite8-2_sp2/Mediator/8-2-SP2_Administering_Mediator.pdf) on page 46, it mentions:-

“Require WSS SAML Token
When the ?Require WSS SAML Token? policy action is set for the virtual service, Mediator uses a WSS Security Assertion Markup Language (SAML) assertion token to validate service consumers. Mediator supports SAML 1.1 and 2.0 tokens, and supports sending SAML 2.0 Sender-Vouches tokens to the native service.”

and

“In order to use a SAML token, Mediator requires that you:
? Determine which Security Token Services (STS) to trust. The STS generates the SAML tokens that clients will submit. The client can use any STS provider that generates SAML 1.0 or 2.0 tokens.”

Also you may check with the SAG support about SAML2.0 support for SAP Adapter side of it.

HTH,
RMG

Juanal · July 2, 2014, 7:42am

Thanks, rmg, I’m suing webMethods SAP Adapter 7.1. As you pointed out there’s support for SAML in IS and Mediator. What’s not clear to me is whether there’s SAML 2.0 support in the adapter.

Juanal · September 12, 2014, 5:21am

Going back to my question, most likely, RFC doesn’t support SAML or an extensible authentication mechanism. If that was the case, no connector - including the one from Integration - would possibly be able to support it.

In that sense, possibly the best option would be to expose the SAP function as a Web service. Of course that loses the simplicity of using a direct SAP connector.

rmg · September 12, 2014, 6:42pm

Yes may be…But have you checked with SAG support team also the possible options if they can advise more wrt SAML2.0 support using SAP Adapter.

HTH,
RMG