For SAP Fiori landscapes with SAP HANA databases, you must configure an SSO mechanism for initial authentication on the ABAP front-end server. After initial authentication, any requests to back-end ABAP systems are communicated securely by trusted RFC.
For fact sheets, you must additionally configure an SSO mechanism for authentication of InA search requests sent from the client to the ABAP back-end server.
To set up single sign-on for a system landscape with an SAP HANA database, proceed as follows:
Configure initial authentication on the ABAP front-end server.
Configure authentication for requests to the ABAP back-end server:
Configure a trusted RFC connection between the ABAP front-end server and the ABAP back-end server.
For search in the SAP Fiori launchpad, configure authentication in the back-end server, which processes the search requests. These requests can be authenticated with Kerberos/SPNego, X.509 certificates, or logon tickets. You can configure the ABAP front-end server to issue logon tickets after initial authentication, or you can use your existing portal to do so.
Note
From SAP NetWeaver 7.4 Support Package 6, you can perform setup tasks for SAP Fiori by using task lists that SAP delivers. A task list groups configuration tasks logically and guides you through the necessary tasks.
For an overview of all task lists and tasks for SAP Fiori, see Configuration Using Task Lists.
The following task list applies for this step:
SAP_SAP2GATEWAY_TRUSTED_CONFIG
For more information about specific SSO mechanisms for authentication, see Single Sign-On Mechanisms for SAP Fiori Apps.
For more information about how to set up a trusted RFC, see:
For SAP NetWeaver 7.31:
.For SAP NetWeaver 7.4:
.For more information about configuring SAP Fiori search, see SAP Fiori Search.