Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
The PingFederate SP server receives an assertion (see Service provider SSO configuration in the PingFederate
documentation), wraps the received attributes into OpenToken
, and
redirects to an application protected by NetWeaver. The PFLoginModule
configured in NetWeaver extracts the UserID
from OpenToken and
authenticates the user. Note that UserID
is the value of the “subject”
attribute in the OpenToken.
The following figure illustrates the request flow and how the PingFederate OpenToken SP Adapter wraps attributes from the assertion into OpenToken
and passes them to SAP NetWeaver (J2EE Engine):
Processing Steps
- The PingFederate SP server receives a SAML assertion from the IdP.
- The PingFederate SP server wraps the attributes from the SAML assertion into an
OpenToken
and redirects the token through the user’s browser to the application(s) deployed on the SAP J2EE Server. -
PFLoginModule
, installed in SAP J2EE Server, parses theOpenToken
and retrieves theUserID
. - The SAP J2EE server authenticates the user using this UserID and grants access to the SAP Application.