According to your system landscape, the type of app, and the authentication method that you want to use, different steps are required to set up Single Sign-On (SSO).
To set up SSO in your system landscape, proceed as follows:
SSO for System Landscapes with an ABAP Environment
Configure the ABAP front-end server for initial authentication.
Configure authentication for requests to the ABAP back-end server:
Configure a trusted RFC connection between the ABAP front-end server and the ABAP back-end server.
SSO for System Landscapes with an SAP HANA Database
Configure the ABAP front-end server for initial authentication.
Configure authentication for requests to the ABAP back-end server:
Configure a trusted RFC connection between the ABAP front-end server and the ABAP back-end server.
For search in the SAP Fiori launchpad, configure authentication in the back-end server, which processes the search requests.
SSO for System Landscapes with SAP HANA XS
Configure the ABAP front-end server for initial authentication.
For transactional apps and fact sheets, configure authentication for requests to the ABAP back-end server:
Configure a trusted RFC connection between the ABAP front-end server and the ABAP back-end server.
For search in the SAP Fiori launchpad, configure authentication in the back-end server, which processes the search requests.
For analytical apps, configure authentication for requests to SAP HANA XS:
Maintain the SAP HANA trust store.
Maintain the internal SAP Web Dispatcher profile for SAP HANA XS.
Note
The SAP Web Dispatcher referred to here is internal to SAP HANA XS and not the SAP Web Dispatcher included in the SAP Fiori system landscape.
Configure trust relationships.
Maintain the SSO provider for SAP HANA XS.
To configure user authentication methods for SAP HANA XS, you use the XS Applications tool of the Web-based SAP HANA XS Administration Tool. We recommend configuring user authentication methods for the following packages, which contain the content necessary for the applications:
sap.hba.apps
sap.hba.r
Note
The authentication methods specified for these packages also apply to any subpackages.
The detailed steps that are required for each type of system landscape vary according to the authentication method that you want to use. For more information, see the following documentation:
Kerberos/SPNego
For more information about the configuration that is required for Kerberos/SPNego, see the Secure Login Implementation Guide for SAP NetWeaver Single Sign-On on SAP Help Portal at http://help.sap.com/nwsso.
X.509 certificates
For more information about the configuration that is required for X.509 certificates, see:
For SAP NetWeaver 7.31:
.For SAP NetWeaver 7.4:
.SAML 2.0
For more information about the configuration that is required for using SAML 2.0, see:
For SAP NetWeaver 7.31:
.For SAP NetWeaver 7.4:
.Logon tickets
For more information about the configuration that is required for using SAML 2.0, see:
For SAP NetWeaver 7.31:
.For SAP NetWeaver 7.4:
.For more information about how to set up a trusted RFC, see:
For SAP NetWeaver 7.31:
.For SAP NetWeaver 7.4:
.For more information about configuring SAP Fiori search, see SAP Fiori Search.
For more information about configuring SSO for SAP HANA XS, see the SAP HANA Security Guide and the SAP HANA Administration Guide at
.