For logon tickets, you must configure the ABAP front-end server to issue logon tickets. Alternatively, you can use an existing system, such as a portal, in your landscape that already issues logon tickets. In addition, you must configure the required back-end systems (ABAP or SAP HANA) to accept logon tickets. You must also ensure that users in the ABAP system have the same user names as the database users in SAP HANA; user mapping is not supported.
As logon tickets are transferred as browser cookies, you can only use this authentication mechanism if all systems in your system landscape are located within the same DNS domain.
Recommendation
The new standardized authentication methods Kerberos/SPNego, X.509 certificates, and SAML 2.0 provide additional security and flexibility features compared to proprietary logon tickets. For example, you can define user mappings and shorten token validity periods or session lifetimes on the server. Therefore, we recommend using Kerberos/SPNego, X.509 certificates, or SAML 2.0 where technically possible.
Note
From SAP NetWeaver 7.4 Support Package 6, you can perform setup tasks for SAP Fiori by using task lists that SAP delivers. A task list groups configuration tasks logically and guides you through the necessary tasks.
For an overview of all task lists and tasks for SAP Fiori, see Configuration Using Task Lists.
You can use the following task list to perform this step:
SAP_SAP2GATEWAY_TRUSTED_CONFIG
For information about the configuration that is required for using logon tickets, see:
For SAP NetWeaver 7.31:
.For SAP NetWeaver 7.4:
.