SAP Knowledge Base Article - Public

3160867 - On-Premise: SAML-Configuration of Microsoft Active Directory Federation Services (ADFS)

Symptom


If you are in our cloud, we would ask you to use the .


We want to configure the SAML-integration in the On-Premise version (12.12.+) with our ADFS. Which instructions do we have to follow?



Resolution


  1. Add a new Relying Party Trust
  2. Choose the option "Enter data about the relying party manually"
  3. Choose the "AD FS profile"-option
  4. Skip the certificate option

  5. Activate the checkbox "Enable support for the SAML 2.0 SSO service URL" and type the following URL: https://<Ihre Server-URL>/api/v2/saml/v2/tenant/<Workspace ID>/login
    (Replace the placeholder <workspace ID> with the workspace ID of your tenant. You can find the workspace ID in the Process Manager Explorer > Help > Workspace information.)
  6. Add the Server-URL from your configuration.xml as an identifier (Please note upper and lower case letters)
    Example: https://<Your Server-URL>/api/v2/saml/v2/tenant/<Workspace ID>/metadata
  7. Create a new outgoing claim rule, which will send LDAP attributes as claims. For this purpose, map the following outgoing claim types to LDAP attributes:


    LDAP-Attribute

    Outgoing Claim Type

    Given Namefirst_name
    Surnamelast_name
    E-Mail Addressesemail
    SAM-Account-NameName Id (from the drop-down menu)


  8. Once the configuration on both sides has been completed, you can test the SSO via this URL:
    https://<Your Server-URL>/p/hub



Keywords

KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To

Product

SAP Signavio Process Manager all versions ; Signavio Process Manager all versions