Third-Party SAML (1.1 or 2.0) as Identity Provider

Similar Messages

• How to invoke third party webservices in oracle apps R12 when wsdl is provided and no SOA server exists

  Hello Everyone,
  I am working on Oracle apps R12 and we don't have any SOA server setup. I got a requirement to invoke a third party webservice and send some of the data from oracle apps database to the third party and they provided the wsdl file to invoke their webservice. How can I achieve this? Any help or suggestions would be greatly appreciated.
  Thanks,
  Ravi

  ca0c5e8e-8457-46de-896f-fd9dcc13299e wrote:
  Hello Everyone,
  I am working on Oracle apps R12 and we don't have any SOA server setup. I got a requirement to invoke a third party webservice and send some of the data from oracle apps database to the third party and they provided the wsdl file to invoke their webservice. How can I achieve this? Any help or suggestions would be greatly appreciated.
  Thanks,
  Ravi
  Ravi,
  I believe you need to have SOA configured with EBS to run those webservices.
  Please log a SR to confirm the same with Oracle support.
  Thanks,
  Hussein

• Third party sales interface

  We have been asked to design a third party sales interface for a set of countries. Provider also uses SAP and there are a few prereqs:
  1. Goods will be received directly by provider
  2. We will have to invoice provider based on their sales
  3. A lot of information needs to be exchanged like material/customer/pricing conditions master data
  It´s something similar to consignment sales but not exactly. Do you know some standard scenario that can be helpfull or do you have any link to best practices?
  Regads,

  Hi,
  you have to use, 0050 and  2011 IT and your purpose is solved
  Regards,
  Kapil

• Third Party - XI - SAP ECC

  Hi all!
    We want to intergrate third-party system with SAP through XI.
  Can anyone provide me step by step guidence?
  Which IDOC is useful? and entries should not go to FI tables.
  Thanks in advance.

  Hi
  You can use any IDOC according to ur requirement.
  Example,
  If u want to create Vendor use Idoc  CREMAS04 (message type CREMAS)
  If u want to create Customer use IDOC DEBMAS (message type DEBMAS)
  See the below links:
  /people/arpit.seth/blog/2005/06/27/rfc-scenario-using-bpm--starter-kit   -->File2IDOC
  U can also use RFC to connect SAP system. see  below link.
  /people/ravikumar.allampallam/blog/2005/06/24/convert-any-flat-file-to-any-idoc-java-mapping   -->File2RFC
  U can also use ABAP proxies, see below links for proxies
  /people/sap.user72/blog/2005/12/13/integration-builders-through-proxy-server-part--2
  /people/ravikumar.allampallam/blog/2005/03/14/abap-proxies-in-xiclient-proxy
  /people/arulraja.ma/blog/2006/08/18/xi-reliable-messaging-150-eoio-in-abap-proxies
  /people/stefan.grube/blog/2006/07/28/xi-debug-your-inbound-abap-proxy-implementation
  /people/michal.krawczyk2/blog/2006/04/19/xi-rfc-or-abap-proxy-abap-proxies-with-attachments
  /people/sukumar.natarajan/blog/2007/01/07/how-to-raise-alerts-from-abap-proxy
  /people/sravya.talanki2/blog/2006/07/28/smarter-approach-for-coding-abap-proxies
  regards
  sreeni

• Third Party Real Time Integration

  Hi  all,
  I am new to the SAP world.  My company just purchased FI/CO and we are in the process of implementing.  We have several feeder systems that need to be integrated.  Our partner is telling us that we have to send flat files on a timed schedule, but we really need the feeder systems to update the SAP system in real time.
  My question is, is this possible with SAP?  I know that BAPI's are available but to what capacity?
  I have a fair amount of integration experience w/ PeopleSoft (14yrs) and MS Dynamics AX (2yrs) both of which I have done this type of integration to.
  Any information and direction would be great.
  Thanks in advance,
  Scott

  So to clarify, it is possible for a third party application to make a connection to SAP and provide data to the BAPI?
  Here is an example of what I am trying to do:
  Our third party software will be the starting point for customers.  When a new customer is created we need to create that customer in SAP as well (for use with AR).  Currently we open a connection to the existing financial application, verify that the customer does not exist and insert the data into the table.
  We all agree that we do not want to write directly to the SAP table(s).
  What we would like to do is when the user saves the record in the third party app, open a connection to SAP, pass the data to the BAPI, wait for a return code then complete the transaction.
  Please advise if this is possible and if so, a link to an example would be great.
  Thanks,
  Scott

• Send Fax without Esker or other third party software

  I wanted to know if there is a way I can send PDF file faxes from SAP to physical fax machines without using third party softwares like Esker. If so can someone provide me as much details as possible

  Hello,
  You can try with SMTP, refer to SAP Note: 455127 and 455140.
  Regards,
  David

• Help!!! Entourage 08' At&t Uverse Third Party Email Setup

  I have a macbook and use Entourage 08' for my emails. I started a new job today and am trying to add my new work email address to entourage. I have tried everything, read every forum, and even my IT guy at work cannot figure it out. I can use either POP or IMAP and would prefer IMAP. How do I set up this new third party email because I have Uverse as my internet provider and do not want to pay the Techconnect fees? In the meantime, I am being forced to use webmail. Any thoughts or help at all?

  AT&T U-Verse (uverse), as of July 2014, requires that you verify your non-AT&T mail accounts before they allow you to send outgoing non-AT&T mail.
  Here's how to verify your non-AT&T mail accounts and link them to your AT&T U-verse account
  https://discussions.apple.com/message/22291865
  Log into your AT&T U-verse webmail att.net email account (e.g. Yahoo mail)  
  > click the gear at upper right of screen next to your name
  Navigate to Settings > Accounts > Add
  Add your non-AT&T mail accounts/  Enter info they require
  U-verse will send a verification email to those mail accounts.
  After you reply and verify your identity, you will be able to send outgoing email for those accounts via Mail, so long
  as you have Mail configured.

• SAML Implementation for External third party portal

  Hi Experts
  I am trying to configure external third party portal to SAP Portal using SAML. Has anyone done that before?
  I would appreciate if someone can provide details of this kind of implementation as Idendity provider and destination is on their side and external partner has custom SAML implementation.
  Thank you
  JS

  Hi
  Has anyone has configured Source Site and Responder Service on Portal J2EE ?
  I would like to know if any one has done this kind of implementation and can share some light on the same.
  Thank you
  Jinal Shah

• SSO to third party in EP 7.0 (SP-21)

  Folks,
  Could you please advise if we can do SSO to third party vendor using SAML/SAP logon Ticket in EP 7.0 (SP-21).
  Let me explain a bit: We have EP 7.0 (SP-21), after initial logon to portal we can access backend SAP ECC6/BI applications (WebDynpro/ITS..). We would like to bring few third party vendor applications into Portal (content area) as single sign on using SAML/SAP logon Ticket
  I had a chance to look into this presentation:
  2009 SIM201 Next Generation SSO for SAP Applications with SAML 2.0
  http://www.sdn.sap.com/irj/scn/shop?rid=/media/uuid/106df189-4d83-2c10-82a4-c0643a8bf57b
  It talks about EP 7.2. Can you advsie if we can do SSO to third party vendor using SAML/SAP logon Ticket in EP 7.0 (SP-21).
  Thanks in advance.
  Moin.

  Hi Oliver,
  You have the following options:
  1. The user exists in NW 7.3 but has different user id than the one in the SAML2 assertion provided by the 3rd party system
  For this check the following documentation link: [documentation about out-of-band account linking|http://help.sap.com/saphelp_nw73/helpdata/en/a9/e287475d544cdaa63e884180d6c23f/frameset.htm]
  - if the email is available on both systems - the one that issues the assertion and NW 7.3 then try to use Email NameID format
  - you may also maintain user mapping in NW 7.3 in additional user attribute
  2. Same as #1 but you want that the user links both accounts when first logged in with SAML2
  For this check the following documentation link: [documentation about interactive account linking|http://help.sap.com/saphelp_nw73/helpdata/en/97/4e80f86ccb43419a545c672a6bb2e3/frameset.htm]
  3. The user has not account on NW 7.3 and such has to be created on the fly based on the information (assertion attributes) in the assertion (automatic account creation)
  For this check the following documentation link: [documentation about automatic account creation|http://help.sap.com/saphelp_nw73/helpdata/en/97/4e80f86ccb43419a545c672a6bb2e3/frameset.htm]
  4. Use temporary in-memory users
  For this check the following documentation link: [documentation about identity federation with transient users|http://help.sap.com/saphelp_nw73/helpdata/en/fd/ecb2b33922414e8ad01763c84b3349/frameset.htm]
  Could you provide more details about your scenario and which option seems to be relevant to it? Once we can identify which one is relevant we can discuss further details.
  Regards,
  Dimitar

• Integration of SSO with Third Party Application

  Hello Colleagues,
  I have requirement where I have to integrate SSO with a third party application.
  After some R & D I found out that there is some one class "SSO2Ticket.java" which can do that or help in verify the ticket.
  Since I am new to this area, I am not sure how do I go ahead with the execution of this java file.
  Can somebody help me with this.
  Also, is there any documents which talks about SSO integration or about the above mentioned JAVA file.
  Best regards,
  Arvind

  Which type of 3rd party application is this, and which SSO authentication methods does it support?
  If you can find a common one, then that will be good for you.
  Specifically for non-SAP systems re-using the SAP LogonTickets, I know that you can extract the user name from the ticket. I think SAP even provides some verification tools here for external applications to verify the ticket?
  Currently there is much excitement about SAML 2.0 which is also worth taking a look into as well.
  Cheers,
  Julius

• How can I authenticate users against a WAS system from third-party app?

  We are looking at developing a third-party standalone web application e.g. in Rails (but it could be on any framework for that matter).
  How would we go about authenticating users against a SAP WAS backend? Are there some standard web services for this? What other means are there for authentication?
  Kind Regards,
  Martin

  From the comment in SUSR_LOGIN_CHECK_RFC you just need to pass user name and it will return if user can still log on. Only your system will know credentials for this user so an attacker won't be able to use this service for cracking passwords.
  This FM is in the same function group as:
  CREATE_RFC_REENTRANCE_TICKET
  SUSR_CHECK_LOGON_DATA
  SUSR_DELETE_OWN_PASSWORD
  SUSR_GENERATE_PASSWORD
  SUSR_GET_ADMIN_USER_LOGIN_INFO
  SUSR_GET_X509CERT_MAPPING_LIST
  SUSR_LOGIN_CHECK_RFC
  SUSR_USER_CHANGE_PASSWORD_RFC
  SUSR_USER_EXTID_DEL
  SUSR_USER_EXTID_GET
  SUSR_USER_EXTID_GET_ALL
  SUSR_USER_EXTID_LOOKUP
  SUSR_USER_EXTID_RENAME
  SUSR_USER_EXTID_SET
  SUSR_USER_EXTID_SET_ALL
  SUSR_USER_FROM_CERTIFICATE_RFC
  SUSR_USER_SETEXTID
  You would need to ensure that only the service exposing the "login check" can be called, and not the FM's in the group.
  BTW: SAP Java WAS can provide SAML 2.0 assersions (technically a component shipped with IdM, but you don't have to use the rst of the IdM if you don't want to..). If your applications are all web enabled ones (WDA?) then that is an option to consider, which is also strategically supported.
  SSO2 Logon tickets are not really a strategy anymore... and installing a double-stack system on all ECC sytems just to have SAML is not strategic either.. 
  I have heard several wishes for SAML authentication for SAPGui, but not seen anything official yet in that direction.
  Cheers,
  Julius

• Third Party Service Provider

  Does AM 6.3 acting as the Identity Provider, support any third party software that could potentially be installed on the service provider side and that can communicate with AM using SAML? Please let us know if anyone has successfully implemented using any such software.
  Thanks

  Thanks for getting back to me Bernhard.
  1. All that I knew about Liberty ID-FF and SAML 1.1 is that they are two different protocols for now and they merge into one as SAML 2.0. I didn't know that Liberty ID-FF uses SAML 1.1 as a transport vehicle ( first of all I will need to read into seeing what this means from saying using plain SAML 1.1 ).
  2. We just heard about source-id and we are looking into this. The main criteria for us for now to choose one over the other is dependent on the following factors:
  a) Which is easier and quicker to develop and deploy( AM or sourceid) on the Service Provider side assuming we have very little knowledge of SAML..
  b) If we end up choosing sourceid on the Service Provider side will it be compatible with AM on the IP side?
  Thanks

• How can I configure a third party VME board with A24 address space using a VME-MXI-2?

  Hi!
  We are trying to establish communications to a Galil Motion controller with a VME interface. Galil states that they are using a A24 address scheme with A16 data space for their board.
  I am confused how to configure that board in the VME chassis properly.
  The base address provided by Galil is 91Fxxx, I am assuming that the lower three nibbles are the registers that I can talk to?!
  How do I set the address range under the resource setting for that board?
  Also, I noticed in MAX that one board shows up with a slot number unknown, one with slot #0 and this board I have set to slot #1. I assume that the unknown part is for the PCI card that makes up for the 1/2 of the PCI to VME bridge?
  The VISA VIs (Register based access) returns either a bus error, an invalid offset specified or data. However, we are completely in the dark when it does return data, since the expected offset we are typing in causes one of the two errors.
  Our assumption of the problem is that we do not understand how to properly configure that third party board as a resource. It has also happened that the resource manager is hanging up the PC completely. Not even CTRL-ALT-DEL works and the MXI activity LED on the NI-VME-MXI-2 board stays on during the hand up.
  We would appreciate, if somebody could walk us through the configuration process, step-by-step. Specifically, please explain how to setup the base address and how the offsets relate to this on a A24 address scheme. We are completely new to the VME bus interface, so even trivial things may be unkown to us.
  We have browsed NI's page and manuals for explanations, however, we could not find any answers to our questions.
  We noticed a formula for an A16 board that takes the base address and adds the logical address to it plus 40hex. Do we have to do the same or something similar to the A24 board????
  We also came accross an option that would allow the board (NI VME controller) to share its memory with A24 or A32 space? Do we need to enable that? What is the purpose for that?
  Best,
  Markus Tarin
  www.movimed.com - Custom Imaging Solutions
  www.movitherm.com - Advanced Thermography Solutions

  When I did not get a response here, I had to open a ticket with support.  The short answer is that you cannot customize the SAML response when using Azure AD as an IdP.
  Response from support:
  I discussed the issue with senior engineers to get action plan for this issue. After doing research Senior engineers updated me that we cannot add a custom attribute to the default
  SAML response of Azure AD.
  Below is the link to get the list of available attributes
  https://msdn.microsoft.com/en-us/library/azure/dn195587.aspx
  As default SAML response from Azure AD , we have email address of the user sent out as attribute value for the Attribute " NAME ".
  They suggested me to configure the application we are trying to integrate with Azure AD in such a way that it transforms the Attribute  " NAME " into " EMAIL
  This was not particularly helpful in my case as I did not have any control over the 3rd party which specifically documented that they would not extract the email address from the name attribute.
  Cheers,
  Jeff

• Logical GR in Third Party Process

  Hi Friends
  There is logical GR involved in third party process. What if we do not want to trigger it?

  very useful thraed for your Qn-
  [stock not updating after doing MIGO (gr) for third party sales |stock not updating after doing MIGO (gr) for third party sales;
  BR
  Raj

• Free Goods in Third Party

  Hi..
  Please send me configuration steps of Free Goods in Third Party..
  Thanks in Advance
  Shriniwas

  Free goods cannot be used in make-to-order production, third-party order processing and scheduling agreements.
  This is the Limitation of setting up free goods
  Cheers