For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Navya_V_364746's avatar
Navya_V_364746
Icon for Nimbostratus rankNimbostratus
Jun 19, 2018

SSO to SAP fiori apps accessed via internet using F5 instead of SAP Webdispatcher

Hi, We are currently using F5 instead of SAP webdispatcher. We are looking to configure SSO to access SAP Fiori apps through internet using F5 and Azure AD Cloud for user authentication. Is this some...
application delivery
Azure
BIG-IP
security
I_R_101_110's avatar
I_R_101_110
Icon for Cirrus rankCirrus
Jun 20, 2018

I believe this can be achieved being that the SAP Fiori application supports both Kerberos and SAML authentication.

 

F5's APM can serve up a login page tied to your Azure AD for its auth for the client side. APM can then obtain a Kerberos ticket on the users behalf if Azure AD is properly set up to handle ticket distribution. You can then pass the ticket along to SAP Fiori for transparent server side SSO.

 

It sounds like you could alternatively setup APM to replace the ABAP front-end server component in a SAML configuration even though SAP's documentation says it only supports the ABAP server in the SAML scenario. APM is a flexible beast.

 

All the better if LTM is already load balancing the traffic. A lab license on a VE and a proof of concept config would tell you everything you want to know. These gentlemen had a brief discussion about what you want to do:

 

https://devcentral.f5.com/questions/sap-fiori-apps

 

Kind regards,