Hi together,
we are trying to integrate the SAP ID Service in some of our web applications to provide SSO for the users of our SAP internal Service Desk. Unfortunately I wasn't able to get this working so far and also there were several people involved in the SSO setup, so maybe I´m not yet familiar with all details.
We did the basic setup and meta data exchange and we have the identity provider configured. I´m not sure if the SAML Setup is correct, so I will just describe the problem I see at the moment.
We have created a test application which has an index.html. This resource will request other resurces (js, css etc.). When accessing the index.html I see an certificate prompt for access.sap.com, so the redirect to the SAP ID Service works. In the request I can see encoded form for the SAML Request. The index.html is then correctly delivered in the response and there´s also an encoded form with the SAML Response and a RelayState attribute, which I consider as the token. I can also see that in the response there is a cooke which is set for path '/'. The problem now seems to happen on all further requests, which are made in the index.html. for example when requesting another javascript resource the initially received cookie isn't sent along with the request. Maybe this has to do with the path for which the cookie is set, because our application doesn't come from the path '/', but from a deeper path. In the end all of our requested resources won't be delivered. Instead they return some html code. When I put this into a html file and run it with the browser, it tells my (for every resource) that I´m now authenticated. So I think it has to do with the request, which does not sent the token properly, which came from the index.html response initially.
Has anyone configured SSO/SAML2 for an NetWeaver ABAP and can help me with the setup?
Best Regards
Alexander