具体办法在这篇SAP博客上可能找到:
https://blogs.sap.com/2019/01…
(1) 筹备好custom SAML IDP
(2) Enable your Custom SAML IdP for your SAP Analytics Cloud (SAC) Tenant
具体4个步骤:
a. In IDPTENANT App: Download IDP metadata and create users
b. In SACDEMO App: Download SAC metadata and upload IDP metadata
c. In IDPTENANT App: Upload SAC metadata and set user mappings
d. In SACDEMO App: Test authentication against IDP into SAC
a. In IDPTENANT App: Edit profiles with C4C login names
b. In C4CDEMO App: Download C4C metadata and upload IDP metadata
c. In IDPTENANT App: Upload C4C metadata and set user mappings
d. In C4CDEMO App: Test authentication against IDP into C4C
登录IDPTENANT,菜单Applications & Resources->Tenant Settings, 点击SAML 2.0 Configuration,
下载metadata:
在IDPTENANT上创立用户,这个用户的email address必须和SAP Analytics Cloud上的email地址完全一致。
这样,Custom IDP和SAP Analytics Cloud设置成相互trust之后,上面再反复一遍步骤,实现Custom IDP和C4C的相互信赖设置。
增加一个新的user:
保留之后,下面E-Mail字段里保护的邮箱,会收到一封邮件,提醒用户激活在IDPTENANT上的用户:
回到SAC零碎上,将零碎的Authentication形式从某人的SAP Cloud Identity(即SAP ID Service)更改成SAML Single Sign-on:SSO
将SAC的SAML Service Provider metadata下载到本地:
而后将IDPTENANT下载的SAML metadata上传到SAC上:
抉择将SAP Analytics Cloud tenant上user模型的哪一个字段映射到IDP Tenant上user模型的哪一个字段。咱们当然是抉择Email字段。
Choose a user attribute to map to your identity provider IDPTENANT. Select Email to map your SACDEMO and IDPTENANT users via their Email attribute. Verify your account with the identity provider and Save your settings
再回到IDP Tenant, 新建一个利用:
筹备将SAC导出的metadata上传到IDP tenant:
Make sure you set the Name ID Attribute and Default Name ID format to E-Mail as displayed above. This will ensure the SACDEMO users and the IDPTENANT users are mapped via their assigned E-Mail attribute.
将Name ID Attribute和Default Name ID Format设置成Email:
以SAP Analytics Cloud Administrator的身份登录SAC,新建一个User:
这个user记录里保护的email地址会收到一封邮件,要求激活在SAP Analytics Cloud上的用户:
一旦点击log in按钮后,会主动重定向到IDP tenant的登录页面:
输出用户名和明码之后,登录上了SAP Analytics Cloud零碎:
回到IDP tenant,找到方才新建的user记录,保护Login Name:USSALESOPS
登录Cloud,在Administrator-Common tasks上面找到Configure singl sign-on:
点击My System->SP Metadata, 下载C4C service provider Metadata:
点击New Identity Provider:
将IDP tenant Metadata上传到C4C并激活。
找到C4C用户USSALESOPS, 将其邮件地址保护成和SAP Analytics Cloud新建用户统一的邮箱地址:
回到IDP tenant,新建一个利用,取名C4CDEMO:
进入IDP tenant SAML 2.0配置,将C4C SAML Metadata上传到C4CDEMO利用里:
这里比拟重要:
Make sure you set the Name ID Attribute to Login Name and the Default Name ID format to Unspecified. This will ensure the C4CDEMO users and the IDPTENANT users are mapped via their assigned Login Name attribute.
在Name ID attribute字段里,设置为Login Name,这样能够让IDP tenant和C4C应用Login Name实现用户映射:
配置实现后,登录C4C,抉择应用IDP tenant进行Authentication,输出USSALESOPS这个用户保护的邮件地址:
登录胜利。
要获取更多Jerry的原创文章,请关注公众号”汪子熙”:
发表回复