Hello Richard,
The note, mentioned by you, describes an SSO implementation based on SAP SSO ticket.
Please, find a document regarding SAML for Fiori Apps: Using SAML 2.0 Authentication to Access Fiori Apps from the Public Internet. I hope this will help and will also answer some of your questions if you want to use SAML for FIori. Again, as mentioned by Wolfgang above, you do not need AS Java because SAML Service Provider functionality is part of the core services of an ABAP Application Server as of SAP_BASIS version 7.02.
You will need the Java server for this scenario only if you want to implement a SAML Identity Provider from SAP in order to benefit from capabilities like:
- Two-factor authentication based on OTP
- Risk-based authentication and authorizations (for examle limiting the access from outside corporate network or/and requesting 2FA, etc, see some ideas here: Stronger security for your business data at risk )
- etc.
Regards,
Donka Dimitrova