当前位置: 动力学知识库 > 问答 > 编程问答 >

single sign on - SAP SAML SSO and WS-Trust

问题描述:

We have a SSO setup between SAP Netweaver and ADFS (acting as the STS).

So, some user will login on a custom application (ASP.Net) and this application will request a SAML assertion from ADFS to access the SAP system.

The thing is, according to SAP documentation the relying party identifier of the SAP system is not an URL (its just a name), and that way is specified en ADFS (eg: SAPSYSTEMRPID).

Now, how in earth i can get a token issued using WS-TRUST (which is what ADFS provides) when the AppliesTo field requires an Uri? Is there a default scheme, some convention?

I've been beating my head against the table for days now. I am obviously missing simething

网友答案:

Well, to close my own question after so much.

In the end the problem was ADFS naming of Relying Parties, once we switched the name to an URL (which took some convincing) it started working.

ADFS should be string in the name format for the RP identifier.

分享给朋友:
您可能感兴趣的文章:
随机阅读: