Security and Identity Management
Page tree
Skip to end of metadata
Go to start of metadata

This wiki page describes the procedure to export and import configuration of ABAP SAML 2.0 SP.

AS ABAP Releases

This functionality is planned to be released in the following future releases of SAP NetWeaver:

  • NW 7.02 SP15 and higher
  • NW 7.30 SP11 and higher
  • NW 7.31 SP10 and higher
  • NW 7.40 SP05 and higher

Restrictions

Export of the SAML 2.0 configuration doesn't include configured Web Services Policies

Exported configuration can be imported only on another system with the SP level. For instance if you export a configuration from 7.31 SP 10 system you can import it on another 7.31 SP10 system only.

Example

On your test system you have configured SAML 2.0 SP with the corresponding Identity Providers and you have successfully tested all desired scenarios. Now you want to create the same configuration on your production system. Instead of doing this manually you can export your configuration from your test system and import it on your production system.

Configuration export

  1. Open the UI of existing SAML 2.0 provider by starting transaction SAML2 or opening url https://<host>:<port>/sap/bc/webdynpro/sap/saml2?sap-client=XXX
  2. Choose the button "Export configuration"


  3. Export configuration dialog appears:

    Here you can choose to include the signature and encryption PSEs in the exported configuration. If the are not exported they will be created automatically on the target system during import.

  4. Export the configuration by clicking the button "Download configuration".
    Note: Your browser must be allowed to open pop-ups from the host of the ABAP system in order to save the configuration.

Configuration import

  1. Open the SAML 2.0 UI on an ABAP system where SAML 2.0 local provider is not configured. Click the button "Enable SAML 2.0 support" and from the drop down choose"Import SAML 2.0 configuration":
  2. Import configuration dialog appears:
  3. Here you must select the configuration file and choose to import signature and encryption PSEs or not. If you choose not to import them the system will use the existing signature and encryption SAML 2.0 PSEs on this ABAP client. If they don't exist they will be automatically created.
  • No labels

2 Comments

  1. Former Member




  2. Alper AKBAL

    Hi Angel,

    Is it possible to export SAML configuration in SAP SSO (IdP) server as well? I want to migrate my SSO server to another NW Java system.

    I can export key stores(SAML, Secure Login, etc), but I could not export existing SAML configuration(especially, Trusted Providers).

    Thanks in advance