Symptom
We want to configure the SAML-integration with our ADFS. Which instructions do we have to follow?
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Resolution
- Add a new Relying Party Trust
- Import Process Manager metadata. Please choose your correct system platform: (Replace the placeholder <workspace ID> with the workspace ID of your tenant. You can find the workspace ID in the Process Manager Explorer > Help > Workspace information. Alternatively, you can download the metadata directly from the Process Manager Explorer under Setup > SAP Signavio Collaboration Hub Authentication > Download the SAML service provider metadata.)
- EMEA-System: https://editor.signavio.com/api/v2/saml/v2/tenant/<workspace ID>/metadata
- AU-System: https://app-au.signavio.com/api/v2/saml/v2/tenant/<workspace ID>/metadata
- US-System: https://app-us.signavio.com/api/v2/saml/v2/tenant/<workspace ID>/metadata
-
Create a new outgoing claim rule, which will send LDAP attributes as claims. For this purpose, map the following outgoing claim types to LDAP attribute.
LDAP-Attribute Outgoing Claim TypeGiven Name Given Name first_name Surname last_name E-Mail Addresses email SAM-Account-Name Name ID (from the drop-down menu - As described in our user manual, please add the SAML metadata from your ADFS to the metadata field in the Process Manager.
- Please note that your request must be signed in ADFS with "Sign authentication request". You can find more information about this here.
- Once the configuration on both sides has been completed, you can test the SSO via this URL (Please choose the appropriate infrastructure for your link)
-
EMEA-System: https://<ADFS-SERVER>/adfs/ls/IdpInitiatedSignon.aspx?loginToRp=https://editor.signavio.com/api/v2/saml/v2/tenant/<workspace ID>/metadata
-
AU-System: https://<ADFS-SERVER>/adfs/ls/IdpInitiatedSignon.aspx?loginToRp=https://app-au.signavio.com/api/v2/saml/v2/tenant/<workspace ID>/metadata
-
US-System: https://<ADFS-SERVER>/adfs/ls/IdpInitiatedSignon.aspx?loginToRp=https://app-us.signavio.com/api/v2/saml/v2/tenant/<workspace ID>/metadata
-
Keywords
KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To