As of today, in our ECC+ExternalGateway and S/4 SAP Systems we have a POC that:
Uses a SAML2 trust relationship by way of metadata exchange and configuration between our SAP and Microsoft AD. Our services then can use SSO in order to authenticate a user before they access any particular service in SAP. What this means? I can deploy an sapui5 app and when i go to access it via its url, it naturally tries to authenticate via Microsoft AD SSO Mechanism, once I do that Im redirected to the app.
What we need to accomplish:
Setting up a custom app, eg. Cordova bundled sap ui5 app, any custom app that cannot be deployed through BSP, react native app... Have that custom app hit an SSO mechanism that will give the user access to SAP services and resources via a session or secure cookie. What tools we tried to accomplish this:
MSAL browser based and Cordova based plugin that is supplied client and tenant ID's from an enterprise app (that has the SAML trust relationship), and authenticate. This creates a desired effect of prompting SSO but never gives a valid SAP session back. Currently researching and testing possible oAuth endpoint solutions.
I've been absolutely lost in this as I've gone down so many routes trying to authenticate and I never gat that golden SAP_SESSION_ID, never...
Does SAP even support this? There is no documentation!