Show TOC

AS ABAP Authentication InfrastructureLocate this document in the navigation structure


SAP NetWeaver Application Server (AS) ABAP authentication infrastructure provides authentication and SSO functions for the communication channels supported for the AS ABAP. This including access from the SAP GUI, Web-based access and non-dialog access for communication between systems.

The access management configuration options and the configuration properties of the AS ABAP enable you to configure basic user authentication or a number of Single Sign-On (SSO) mechanisms. For advanced authentication scenarios that require cryptography, use Secure Network Communications (SNC). To enhance standard authentication functions with custom development, SNC enables the use of GSS API V2, for example, to use smart cards for authentication.

For AS ABAP components that are enabled for Web-based access, use the configuration options for the Internet Communication Framework (ICF). You can configure options such as the order of logon checks and HTTP request handlers. The SOAP runtime functions of the ICF enable you to configure authentication for Web service access.


For more information about the AS ABAP authentication infrastructure and relevant configuration information, see the following sections:

  • Profile Parameters for Logon and Password

    Information about configuring relevant profile parameters for user authentication to the AS ABAP.

  • Secure Network Communications (SNC)

    Information about using SNC for the AS ABAP.

  • System Logon

    Information about the security aspects of using Business Server Pages (BSP) and Web Dynpro as AS ABAP user front ends and enabling technologies for Web-based access.

  • Defining the Logon Procedure

    Information about configuring authentication options for the Internet Communication Framework (ICF).

  • Activating HTTP Security Session Management on AS ABAP

    You can use optional HTTP security sessions and activate or deactivate these for each client of AS ABAP. With an existing security session, users can then start applications that require a user logon without logging on again. When a security session is ended, the system also ends all applications that are linked to this security session.

  • OAuth 2.0 Implementation with AS ABAP

    Information about the implementation of OAuth 2.0 on SAP NetWeaver Application Server ABAP.