NimbostratusHi, We are currently using F5 instead of SAP webdispatcher. We are looking to configure SSO to access SAP Fiori apps through internet using F5 and Azure AD Cloud for user authentication. Is this something that can be achieved? Are there any helpful links or documents that can be referred?
Regards, Navya.
CirrusI believe this can be achieved being that the SAP Fiori application supports both Kerberos and SAML authentication.
F5's APM can serve up a login page tied to your Azure AD for its auth for the client side. APM can then obtain a Kerberos ticket on the users behalf if Azure AD is properly set up to handle ticket distribution. You can then pass the ticket along to SAP Fiori for transparent server side SSO.
It sounds like you could alternatively setup APM to replace the ABAP front-end server component in a SAML configuration even though SAP's documentation says it only supports the ABAP server in the SAML scenario. APM is a flexible beast.
All the better if LTM is already load balancing the traffic. A lab license on a VE and a proof of concept config would tell you everything you want to know. These gentlemen had a brief discussion about what you want to do:
https://devcentral.f5.com/questions/sap-fiori-apps
Kind regards,