Forum Discussion
4 Replies
- kunjanNimbostratus
I guess there isn't doc specific to SAP Fiori. But since artifact based SAML refer to
Since it's SP initiated you can refer to
- pdclercq_215382Nimbostratus
Thanks. If I understand the documentation correctly, we don't have to expose the SP provider (SAP Gateway) publicly to the internet, but APM (BIG IP) can do the SAML redirect, through the FIORI client, for unauthenticated calls to the IDP (BIG IP). Once there is a SAML artifact APM will let the request through to SAP Gateway.
- pdclercq_215382Nimbostratus
Thanks. If I understand the documentation correctly, we don't have to expose the SP provider (SAP Gateway) publicly to the internet, but APM (BIG IP) can do the SAML redirect, through the FIORI client, for unauthenticated calls to the IDP (BIG IP). Once there is a SAML artifact APM will let the request through to SAP Gateway.
- kunjanNimbostratus
If the clients are coming from internet, SAP gateway need to be accessible over internet, but it can sit behind some kind of reverse proxy. The artifact SOAP traffic between SAP SP and BigIP IdP can be on the back channel depending on the connectivity between two.