Hi All,
Recently, I integrated SAP Portal 7.4 with SuccessFactors and established Single Sing On (SSO) between the systems. In this post, I am sharing the steps I have followed to achieve the same.
Here, Portal system is the Identity Provider and SuccessFactors is the Service Provider. These systems are integrated using SAML 2.0 protocol.
By default the standard Portal systems acts as Service provider. The prerequisite to integrate the Portal with SuccessFactors is to enable the Portal as Identity Provider. To do so, we have to deploy an SCA file (IDMFEDERATION<release>.sca) on the Portal server.
Please refer the SAP Help document for more details on this:: Downloading and Installing the Federation Software - Identity Provider for SAP NetWeaver Single Sign-On and SAP NetWeave…
Upon successful deployment of the .sca file, we have to perform the below configurations:
1. Configure SAP Portal as Identity provider.
1.1 Click on Configuration --> Authentication and Single Sign-On --> Select SAML 2.0
Image may be NSFW.
Clik here to view.
1.2 Click on Enable SAML button and provide a name to the identity provider Image may be NSFW.
Clik here to view.
1.3 Click on “Next” button and select “Browse” button. On the popup screen, select “Create” button. Image may be NSFW.
Clik here to view.
1.4 Provide a name for the Identity provider and select the check box as shown below.
Image may be NSFW.
Clik here to view.
1.5 Enter the same name as mentioned in the previous step and click on “Finish” button.Image may be NSFW.
Clik here to view.
1.6 Finally click on “OK” button.
Image may be NSFW.
Clik here to view.
1.7 Continue with the initial wizard. No changes required in this screen, click on “Finish”. Image may be NSFW.
Clik here to view.
We have successfully configured Portal as the Identity provider. Next step is to define SuccessFactors system as Service provider.
2. Adding SuccessFactors system as Trusted Provider
2.1 Click on the link “Trusted Provider", Select Add button and select “Manually” option from the menu.Image may be NSFW.
Clik here to view.
2.2 Enter the name of the Service Provider and click “Next” to continue. Image may be NSFW.
Clik here to view.
2.3 Click on “Browse” button to import the SF certificate.Image may be NSFW.
Clik here to view.
2.4 Click on “Import Entry”. Select X.509 certificate and browser to select the SF certificate file shared from the SuccessFactors, once done, click “Import” button to import the SF certificate.
Image may be NSFW.
Clik here to view.
2.5 Select the newly imported SF certificate and click on “OK"Image may be NSFW.
Clik here to view.
2.6 Select the same SF certificate imported earlier as encryption certificate and click on “Next"Image may be NSFW.
Clik here to view.
2.7 Add Assertion Consumer Service as below. URL from SF looks similar to this:: https://Demo.SuccessFactors.eu/sf/saml2/SAMLAssertionConsumer?company=Dev
Image may be NSFW.
Clik here to view.
2.8 Add Single logout service as below. This configuration is required to log off from both the system when logoff button at portal level is clicked. URL from SF looks similar to this::https://Demo.SuccessFactors.eu/saml2/LogoutServiceHTTPRedirectResponse?company=Dev
Image may be NSFW.
Clik here to view.
2.9 Click on “Next” until the end and “Finish”. Once done, click on “Edit” button from the initial screen and click on “Add” under Supported Name ID formats. Select format “Unspecified” and add source as “Logon ID”. Finally Save and Enable the Trusted Provider.
Image may be NSFW.
Clik here to view.
2.10 We have successfully configured SuccessFactors system as service provider in SAP NWA. Next step is to export the Portal Certificate and Import in SF system.
3. Add Portal as Trusted Identity Provider in SuccessFactors
3.1 Click on Configuration --> Certificate and Keys, Select SAML 2.0 and the entry Portal certificate.Image may be NSFW.
Clik here to view.
3.2 Click on “Export Entry”, select Base64 and click on Download.Image may be NSFW.
Clik here to view.
3.3 Save the file and open it. Content should look like this.
Image may be NSFW.
Clik here to view.
Import this Certificate in SuccessFactors and do necessary configuration.
4. SuccesFactors Configuration
4.1 Login to SuccessFactors provisioning and navigate to Edit Company Settings --> Single Sign-On (SSO) Settings. Select SAML V2 SSO.Image may be NSFW.
Clik here to view.
- Entered SAML Asserting Party Name as SAP Portal 7.3 as this field can have any value.
- Entered SAML Issuer name same as mentioned in the Portal Identity Provider.
- Selected “Assertion” for field require Mandatory Signature.
- Enable SAML Flag is selected as “Enabled”
- Login request Signature is not selected.
- SAML Profile is set as Browser /post Profile
- Enforce Certificate Valid Period is selected as “No”
- We have pasted the Certificate shared with us.
- Selected Add Asserting Party after providing above details.
5. URL Iview configuration in Portal
5.1 As final step, create an URL Iview and provide the URL :: http://Portal7.3.demo.system/saml2/idp/sso
Add 2 parameters “saml2sp” and “RelayState” with the values similar to below url's. These URL's will be shared from SF team.
Saml2sp = https://Demo.SuccessFactors.eu/sf/start
RelayState = https://Demo.SuccessFactors.eu/sf/start/xi/ui/home/pages/home.xhtml
Image may be NSFW.
Clik here to view.
5.2 Save the URL Iview changes and close it. Create a Portal Role and assign the URL iview we created in previous step to this role.
Assign this role to a Portal user whose UserID is present in Portal as well as in SF system.
Upon successful login to Portal, SF content will be loaded in Portal content area as below. Image may be NSFW.
Clik here to view.
I hope this will be helpful to integrate the Portal with SuccessFactors and to enable SSO between the systems.
Best Regards,
Pavan