Show TOC

Background documentationMaintaining Single Sign-On for SAP HANA XS Applications Locate this document in the navigation structure


You can configure SAP HANA applications to use single sign-on (SSO) authentication to confirm the logon credentials of a user calling an application service. For SAP Fiori and SAP Smart Business applications, SAP HANA supports SSO certificates based on logon tickets, or X.509. If you want your SAP HANA XS applications to use an SSO certificate as the logon authentication method, you must perform the following high-level steps:

  • Maintain the SAP HANA trust store.

    Install the encryption software, for example, the SAP cryptographic library and utility sapgenpse and maintain the trust store for SAP HANA.

  • Maintain the internal SAP Web Dispatcher for SAP HANA XS

    Edit the SAP Web Dispatcher profile sapwebdisp.pfl, for example, to enable SSL and HTTPS.

    Note Note

    The SAP Web Dispatcher referred to here is internal to SAP HANA XS and not the SAP Web Dispatcher included in the SAP Fiori / SAP Smart Business system landscape.

    End of the note.
  • Choose the SSO authentication method and configure the trust relationships:

    • SSO with X.509 certificates

      Add the root certificate authority (CA) for the trusted X.509 certificates to both the SAP HANA trust store and the trust store for the SAP Web Dispatcher.

    • SSO with logon tickets

      Maintain the trust store that contains the logon tickets and specify the server that issues the logon tickets.

  • Maintain the SSO provider for SAP HANA XS.

    Maintain a runtime configuration for the SAP HANA application, which indicates that user authentication is by means of SSO certificates based on either logon tickets or X.509.