Show TOC

SAP Gateway Authentication and Single Sign-OnLocate this document in the navigation structure


Your SAP NetWeaver AS ABAP provides the user authentication and single sign-on (SSO) functions for SAP Gateway.

SAP Gateway supports the use of the following authentication mechanisms:

  • X.509 client certificates

    SAP Gateway recommends the use of client certificates for user authentication. Users need to receive their client certificates from a Certification Authority (CA) as part of a public-key infrastructure (PKI).

  • Security Assertion Markup Language

    SAP Gateway also supports the use of SAML assertions for user authentication. The assertions can be issued by an Identity Provider (IdP) system, or by the SAP NetWeaver host with single sign-on capabilities.

Scenarios for Supported and Recommended Authentication Methods

The following is a list of the supported and recommended authentication methods and providers for use in SAP Gateway scenarios:

Consumer and Authentication Option


X.509 Certificate

SAML 2.0

SAP NetWeaver Portal

Web application (HTML5, Silverlight, Flex)


Desktop application (Microsoft .NET, Java)


Mobile application



Cloud application




Social network integration




Web server side (PHP/ASP.NET)




A check mark (√) indicates the supported authentication method for the consumer scenario. Empty spaces do not have any comments.

SAP Gateway can use the SAP NetWeaver Portal as an authentication provider, trusting the portal to handle authentication.