HowTo: Setup Single Sign On between GeneXus and SAP Cloud Platform Fiori Application using SAML

Official Content

This article describes how to setup Single Sign On (SSO) between a GeneXus application and an SAP Cloud Platform (SCP) Portal Fiori application using SAML 2.0.

Prerequisites:

Setup link between SCP Portal app to GeneXus app

First of all, you have to create a link between your applications. To achieve this, you have to do the following:

1. On the SCP Portal application:

Go to your app’s Fiori Launchpad Configuration Cockpit. Once there, you have to select in the menu: Content Manager > Applications and create a new Application. You have to set the Application Type Property with the URL value. Then, you have to set the URL property with the link to your GeneXus application.

2. On GeneXus:

While there are many ways, the easiest solution is to create a Web Panel object and inside its Start Event, add a link to the Fiori application.

Setup Fiori App to use the same Identity Provider(IdP) as GeneXus

First, you have to log in to the SCP where you have your Fiori app. Then, select in the menu the “Trust” option. After that, on the “Local Service Provider” tab, select the Edit button and set the Configuration Type property with the Custom value. In consequence, three more options will appear:

  • Local Provider Name
  • Signing Key
  • Signing Certificate

image_201964145751_1_png

If the “Signing Key” and the “Signing Certificate” fields are blank, click on “Generate Key Pair” button.

image_201964145821_1_png

Then, click on the Save button, and after that, click the “Get Metadata” option:

image_201964145835_1_png

An XML file that contains the information to set up the SAML authentication will be downloaded.

Next, go to the Identity Provider Tab and click on “Add Trusted Identity Provider”.

image_201964145848_1_png

A new window will appear containing a form to include all the data about the Identity Provider.

image_201964145921_1_png

You can complete it all by yourself but if you go to your Administration Console for SAP Cloud Platform Identity Authentication and you select on the menu: Application and Resources > Tennant Settings > SAML 2.0 Configuration, there is a “Download Metadata File” button to download the metadata file needed to complete the previous form.

image_20196593632_1_png

After setting all this, you have to create a new application on the Administration Console for SAP Cloud Platform Identity Authentication. Once there, you have to enter to the Applications section and press the button to add a new application.

image_20196593644_1_png

Give a name to the application (for example, Login GeneXus-SAP) and press the Save button.

The following screen will appear. Select the SAML 2.0 Configuration option.

image_20196593657_1_png

The following screen will appear.

image_2019659378_1_png

Upload the SAP Cloud Platform metadata previously downloaded.

Once uploaded the XML, the SAML configuration will be automatically completed, and the app will be ready to use.

Consideration: The GeneXus app and the Fiori app must have different SCP Identity Authentication apps.

Setup SSO on GeneXus

To set up the SSO on the GeneXus app, first, you have to change your Knowledge Base Login screen by setting the  Login Object for Web property, available at the KB Version level, with the Web Panel GAMSSOLogin.

image_20196593828_1_png

After that, you have to go to the Web Panel GAMSSOLogin and open the Events Tab. On the Start Event change this code line:

GAMRepository.LoginGAMRemote()

by the following two code lines:

&AdditionalParameter.AuthenticationTypeName =  "<YourSAMLAuthenticationTypeName>"

&LoginOK = GAMRepository.Login(&UserName, &UserPassword, &AdditionalParameter, &Errors )

This will connect to the Identity Provider to obtain a valid session for the user if it exists. On the other hand, it will show a login window for the user to enter his credentials.

image_20196593912_1_png

You are ready to try out the Single Sign On.

 

Was this page helpful?
What Is This?
Your feedback about this content is important. Let us know what you think.