Hello Team
It is very nice and simply explain blog. Kudos !!!
Apparently, I have SAML configured with FIORI using Siteminder IdP. I would say, the configuration part is very easy and quick.
But we have been struggling to get the best setup for Timeout across the environment such like
1. Timeout for SM Sessions between Siteminder and FIORI Gateway
2. Timeout for MYSAPSSO2
3. How to redirect users to IdP SSO login page after either of it timeout?
4. SAML2 has an option to create "Legacy Logon Ticket" which we have turn in ON. Do we need it?
5. FIORI Launchpad services like PERS, keep asking user id and password after successful login in Launchpad. We had to setup all services to "Alternatives logon procedure" to use SAML Assertion. How to create SSO cookies for all services once logon to Launcpad.
5. Conflict of MYSAPSSO2 cookies with other SAP Website. I noticed same MYSAPSSO2 cookies being used if we have 2 different website connecting to ECC (Trusted relationship)
Example -
a. FIORI connect to ECC with Trusted relationship
b. PPM NWBC connect to ECC with Trusted Relatiopship.
But if I log out from one website, other website errors "sessions does not exist"
. How to deal with it?
I understand these are many questions but please advice as per your expertise.
Thank you
Santosh Lad