Heya
I'm currently trying to protect a fiori app/launchpad via SAML2. The IdP is available in the public internet where the Gateway is an internal system.
When I call the Launchpad, I get redirected to the IdP and after successful logon I get directed back to Fiori. However I won't be logged in, because the backend channel verificaton for the SAML token fails. I surprised me to see, that the GW is trying to validate the token at the IdP directly, I was under the impression that with SAML2 this is not necessary anymore.
And it causes a problem, because the GW does not have internet connectivity. I'd have to provide proxy settings somehow. But I have no idea how and where to do this.
Then I found sth. about Enhanced client proxy, but this also doesn't sound like what I need. Isn't there a way to deactivate the backend channel validation of the token? Simply disabling the Artifact resolution Service won't do the trick.