SAP云平台Application Identity Provi

The application identity provider supplies the user base for your applications. For example, you can use your corporate identity provider for your applications. This is called identity federation. SAP Cloud Platform supports Security Assertion Markup Language (SAML) 2.0 for identity federation.

帮助文档：https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Cloud/en-US/dc618538d97610148155d97dcd123c24.html#loiodcdfe339f94947bc96508daa686cc56d

In the SAML 2.0 communication, each SAP Cloud Platform account acts as a service provider.

You need to configure how the local service provider communicates with the identity provider. This includes, for example, setting a signing key and certificate to verify the service provider’s identity and encrypt data.

Custom，Default和None的区别：

这三个选项的区别：

custom：For identity federation with a corporate identity provider or Identity Authentication tenant

principal propagation字段的含义：

you enable applications to propagate principal information to each other. Choose this value if you want to enable application-to-application single sign-on. Otherwise, set this option to Disabled. - 用于Application之间的single sign on用途。

Force Authentication：If you set it to Enabled, you enable force authentication for your application (despite SSO, users will have to re-authenticate each time they access it). Otherwise, set this option to Disabled.

点击Get Metadata下载的xml文件，需要导入到IDP里去，使其信任SAP Cloud Platform：
Choose Get Metadata to download the SAML 2.0 metadata describing SAP Cloud Platform as a service provider. You will have to import this metadata into the IdP to configure trust to SAP Cloud Platform.

Add Trusted Identity Provider：

此处要导入从IDP导出的元数据：

每个字段具体的含义在这个链接里有:https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Cloud/en-US/dc618538d97610148155d97dcd123c24.html#loiodcdfe339f94947bc96508daa686cc56d

SAP ID service是默认情况下的IDP.

要获取更多Jerry的原创文章，请关注公众号"汪子熙":