You must configure the SAP Portal as a protected resource in the Access Gateway.
In the Administration Console, click > , then click the name of your Access Gateway.
(Conditional) If you have a Proxy Service defined for the SAP Portal, skip to Step 3. Otherwise, complete the following steps to create the Proxy Service for the SAP Portal:
Click in the Proxy Service List.
Fill in the following fields:
Proxy Service Name: Specify a name to identify the SAP Portal as a Proxy Service.
Multi-Homing Type: Select .
Published DNS Name: Specify the DNS name for the SAP Portal server.
Path: Specify the SAP Portal’s application context.
Web Server IP Address: Specify the IP address of the Web server.
Host Header: Select to publish the DNS name that the user sent in the request to be replaced by the DNS name of the Web server.
Web Server Host Name: Specify the DNS name of the Web server.
Click to create the Proxy Service for the SAP Portal.
Click the display name of the SAP Portal Proxy Service.
Click the tab, then click .
Specify the name of the protected resource, then click .
Fill in the following fields on the tab:
Description: Specify a description for the protected resource.
Contract: Select the Kerberos contract created in Creating a Kerberos Contract for the Identity Server.
URL Path: Click the /* path, then define the application context for the SAP Portal.The default application context is /irj/portal. You need to have two entries. For example:
/*
/irj/portal.
Click the tab, then click .
Select the policy created in Creating a SAML Identity Injection Policy, then click .
Click to close the policies window.
Click twice to save the changes to the protect resource.
In order for the changes for the protect resource to take effect, you must refresh the Access Gateway.
In the Administration Console, select > .
Select your Access Gateway, then select .
Click .