SAP internal security teams asking if Introscope EM would support SAML and / or certificate-based authentication.

Looking at the documentation I see some instructions how to enable SAML

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/application-performance-management/10-7/administrating/apm-security/securing-introscope/securing-introscope-using-saml-2-0.html

and also this Knowledge Base Article:

https://knowledge.broadcom.com/external/article/121392/introscope-saml-configuration.html

So I enabled SAML and the internal IDP by setting these two properties in config/IntroscopeEnterpriseManager.properties:

introscope.saml.enable=true
introscope.saml.internalIdp.enable=true

After restarting the EM I cannot log in to Webview any more:

Requests to /webview return HTTP 500, I only find logs like these in IntroscopeEMWEbview.log:

 [INFO] [WebView] Creating SAML consumer manager with IdP URL 'null' when requesting 'https://gcpclm948199.wdf.sap.corp:8888/webview/' by 10.98.203.113 / 10.98.203.113 with session node01nn5t6cyug29qklun2ql52tnq2 created at Mon Jan 24 12:55:52 CET 2022

Can you tell me if additional configuration for the first test would be needed, or if SAML is simply broken for the SAP OEM installer?

Release : 10.7.0

Component : Introscope

Per Engineering, SAML in SAP EM has never been tested nor certified. This feature has an existing enhancement request to support SAML in SAP EM. 

As this is not a bug, its in the backlog, and will be supported soon.