For SAP Fiori landscapes with SAP HANA XS, you must configure an SSO mechanism for initial authentication on the ABAP front-end server. For requests to back-end servers, additional authentication is required for requests to SAP HANA XS. Any requests to back-end ABAP systems are communicated securely by trusted RFC.
For fact sheets, you must additionally configure an SSO mechanism for authentication of InA search requests sent from the client to the ABAP back-end server.
Note
From SAP NetWeaver 7.4 Support Package 6, you can perform setup tasks for SAP Fiori by using task lists that SAP delivers. A task list groups configuration tasks logically and guides you through the necessary tasks.
For an overview of all task lists and tasks for SAP Fiori, see Configuration Using Task Lists.
The following task list applies for this step:
SAP_SAP2GATEWAY_TRUSTED_CONFIG
To set up single sign-on for a system landscape with SAP HANA XS, proceed as follows:
Configure initial authentication on the ABAP front-end server.
For transactional apps and fact sheets, configure authentication for requests to the ABAP back-end server:
Configure a trusted RFC connection between the ABAP front-end server and the ABAP back-end server.
For search in the SAP Fiori launchpad, configure authentication in the back-end server, which processes the search requests. Requests can be authenticated with Kerberos/SPNego, X.509 certificates, or logon tickets. You can configure the ABAP front-end server to issue logon tickets after initial authentication, or you can use your existing portal to do so.
For analytical apps, configure authentication for requests to SAP HANA XS. Requests can be authenticated with Kerberos/SPNego, X.509 certificates, or logon tickets. You can configure the ABAP front-end server to issue logon tickets after initial authentication, or you can use your existing portal to do so.
Maintain the SAP HANA trust store.
Maintain the internal SAP Web Dispatcher profile for SAP HANA XS.
Note
The SAP Web Dispatcher referred to here is internal to SAP HANA XS and not the SAP Web Dispatcher included in the SAP Fiori system landscape.
Configure trust relationships.
Maintain the SSO provider for SAP HANA XS.
To configure user authentication methods for SAP HANA XS, you use the XS Applications tool of the Web-based SAP HANA XS Administration Tool. We recommend configuring user authentication methods for the following packages, which contain the content necessary for the applications:
sap.hba.apps
sap.hba.r
Note
The authentication methods specified for these packages also apply to any subpackages.
For more information about specific SSO mechanisms for authentication, see Single Sign-On Mechanisms for SAP Fiori Apps.
For more information about how to set up a trusted RFC, see:
For SAP NetWeaver 7.31:
.For SAP NetWeaver 7.4:
.For more information about configuring SAP Fiori search, see SAP Fiori Search.
For more information about configuring SSO for SAP HANA XS, see the SAP HANA Security Guide and the SAP HANA Administration Guide at
.