Identity FederationPDF download from SAP Help Portal:http://help.sap.com/saphelp_nwidmic_72/helpdata/en/2b/e6c382b64347b5a90b34b2437808a6/content.htm

Created on September 02, 2014

The documentation may have changed since you downloaded the PDF. You can always find the latest information on SAP Help Portal.

NoteThis PDF document contains the selected topic and its subtopics (max. 150) in the selected structure. Subtopics from other structures are not included.

2014 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purposewithout the express permission of SAP SE. The information contained herein may be changed without prior notice. Some software products marketed by SAP SEand its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided bySAP SE and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not beliable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the expresswarranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and otherSAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and othercountries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

Table of content

PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved.

Page 1 of 4

Table of content1 Identity Federation1.1 Identity Provider for SAP NetWeaver Single Sign-On and SAP NetWeaver Identity Management1.2 Security Token Service for SAP NetWeaver Single Sign-On and SAP NetWeaver Identity Management

PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved.

Page 2 of 4

1 Identity FederationIdentity federation includes an SAML 2.0 identity provider and a security token service (STS) using the WS-Trust 1.3 standard.You can use the identity provider for single sign-on (SSO) with SAP or non-SAP service providers. As an identity provider, SAP NetWeaver Application Server( SAP NetWeaver AS ) Java can provide cross-domain SSO in combination with SAML 2.0 service providers and at the same time enable single log-out (SLO)to close all user sessions in the SAML landscape. SAML 2.0 also enables identity federation by defining a name ID to be shared between the identity providerand one or more service providers.You can use the STS to provide cross-domain SSO for web service providers. The STS converts what are often proprietary authentication methods from a Webservice consumer into a security token consumable by the web service provider. The STS supports X.509, SAML 1.1, and SAML 2.0 security token types.The identity federation component runs separately from the rest of SAP NetWeaver Single Sign-On . It can be installed together with the other components, butthere are no technical dependencies between the identity federation component and the other SAP NetWeaver Single Sign-On components.You can deploy this software on SAP NetWeaver AS Java release 7.2 SPS 2 with SAP Note 1471322 applied or SAP NetWeaver AS Java release 7.2 SPS3 or later. However, to use the security token service or the newest user interface improvements in the identity provider, you must install the latest identityfederation software component archive (SCA) and upgrade the host SAP NetWeaver AS Java to release 7.2 SPS 4 or later.

Related InformationIdentity Provider for SAP NetWeaver Single Sign-On and SAP NetWeaver Identity ManagementSecurity Token Service for SAP NetWeaver Single Sign-On and SAP NetWeaver Identity Management

Identity Provider for SAP NetWeaver Single Sign-On and SAPNetWeaver Identity Management

Document HistoryThe following table provides an overview of the most important document changes.

Table 1:

Security Token Service for SAP NetWeaver Single Sign-On andSAP NetWeaver Identity Management

Document HistoryThe following table provides an overview of the most important document changes.

Table 1:

Version Date Description1.0 6/9/2010 Initial release.1.05 12/6/2010 Added optional configuration for adding authentication

contexts and mapping to login modules. Addedconfiguration of metadata and metadata access. Movedconceptual description of identity provider proxy to firstchapter. Added configuration deletion function. Updatedsystem requirements. Updated description of SCAdownload.

1.10 7/18/2011 Updated the description of using common domain cookiefor identity provider discovery. Updated systemrequirements. Updated description of SCA download.

1.15 7/23/2012 Updated the scenarios of using identity provider proxy,including the configuration of the redirect application andthe setting of the scoping element. Updated the descriptionof using attributes in out-of-band account linking, inidentity federation with persistent pseudonyms, and inidentity federation with transient users.

2.0 11/12/2012 Updated the identity provider proxy scenario with thefeatures of the new field Default Proxy Target .

Version Date Description1.0 12/6/2010 Initial release.1.10 1/10/2011 Small changes reflecting the changes in the STS

user interface.The section about the service user is removed.

1.20 3/24/2011 Small changes reflecting the changes in the STSuser interface.The introductory sections are enhanced with moreinformation.

PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved.

Page 3 of 4

PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved.

Page 4 of 4