SAP ABAP Data Element SEC_SAML11_TRUST (SAML 11 trust settings)
Hierarchy
SAP_BASIS (Software Component) SAP Basis Component
   BC-SEC (Application Component) Security
     SOAP_SECURITY (Package) SOAP Security
Basic Data
Data Element SEC_SAML11_TRUST
Short Description SAML 11 trust settings  
Data Type
Category of Dictionary Type D   Domain
Type of Object Referenced     No Information
Domain / Name of Reference Type SEC_SAML11_TRUST    
Data Type CHAR   Character String 
Length 6    
Decimal Places 0    
Output Length 6    
Value Table      
Further Characteristics
Search Help: Name    
Search Help: Parameters    
Parameter ID   
Default Component name    
Change document    
No Input History    
Basic direction is set to LTR    
No BIDI Filtering    
Field Label
  Length  Field Label  
Short 10 Trust 
Medium  
Long 40 Use trust settings defined in TA SAML2 
Heading 55 Use trust settings defined in transaction SAML2 
Documentation

Definition

Web services authentication using SAML 1.1 can either use the

trust maintained for Tickets (usually using the System PSE as trust anchor) and USREXTID

mappings, or use the trust as maintained by transaction SAML2.

Trust using Ticket Trust

When using the Ticket trust, the signature certificate used to sign the SAML 1.1 Assertion must be included in the Ticket PSE. For any assertion validated by the system, a user mapping must be maintained in USREXTID.

Trust using SAML 2 Trust

When using SAML 2 trust, the trust configuration is maintained using transaction SAML2. User mapping is configurable and can be done by:

  • Email address
  • SAP User ID
  • User Alias
  • Kerberos Name
  • Windows Name
  • X.509 Name using USREXTID mapping for type DN.
  • Mapped by USREXTID table using mapping for type SA.

Recommendation

As SAML 2 trust offers more configuration possibilities, it is recommended to use SAML2 trust.

History
Last changed by/on SAP  20110908 
SAP Release Created in 730