Setting Up Single Sign-On for SAP Fiori Apps 
According to your system landscape, the type of app, and the authentication method that you want to use, different steps are required to set up Single Sign-On (SSO).
Activities
To set up SSO in your system landscape, proceed as follows:
SSO for System Landscapes with an ABAP Environment
Configure the ABAP front-end server for initial authentication.
Configure authentication for requests to the ABAP back-end server:
Configure a trusted RFC connection between the ABAP front-end server and the ABAP back-end server.
SSO for System Landscapes with an SAP HANA Database
Configure the ABAP front-end server for initial authentication.
Configure authentication for requests to the ABAP back-end server:
Configure a trusted RFC connection between the ABAP front-end server and the ABAP back-end server.
For search in the SAP Fiori launchpad, configure authentication in the back-end server, which processes the search requests.
SSO for System Landscapes with SAP HANA XS
Configure the ABAP front-end server for initial authentication.
For transactional apps and fact sheets, configure authentication for requests to the ABAP back-end server:
Configure a trusted RFC connection between the ABAP front-end server and the ABAP back-end server.
For search in the SAP Fiori launchpad, configure authentication in the back-end server, which processes the search requests.
For analytical apps, configure authentication for requests to SAP HANA XS:
Maintain the SAP HANA trust store.
Maintain the internal SAP Web Dispatcher profile for SAP HANA XS.
NoteThe SAP Web Dispatcher referred to here is internal to SAP HANA XS and not the SAP Web Dispatcher included in the SAP Fiori system landscape.
End of the note.Configure trust relationships.
Maintain the SSO provider for SAP HANA XS.
To configure user authentication methods for SAP HANA XS, you use the XS Applications tool of the Web-based SAP HANA XS Administration Tool. We recommend configuring user authentication methods for the following packages, which contain the content necessary for the applications:
sap.hba.apps
sap.hba.r
NoteThe authentication methods specified for these packages also apply to any subpackages.
End of the note.
The detailed steps that are required for each type of system landscape vary according to the authentication method that you want to use. For more information, see the following documentation:
Kerberos/SPNego
For more information about the configuration that is required for Kerberos/SPNego, see the Secure Login Implementation Guide for SAP NetWeaver Single Sign-On on SAP Help Portal at http://help.sap.com/nwsso.
X.509 certificates
For more information about the configuration that is required for X.509 certificates, see:
For SAP NetWeaver 7.31:
http://help.sap.com/nw731 
Application Help Function-Oriented View Security User Authentication and Single Sign-On Integration in Single Sign-On (SSO) Environments Single Sign-On for Web-Based Access Using X.509 certificates Using X.509 Client Certificates on the AS ABAP Configuring the AS ABAP to use X.509 Client Certificates 
.For SAP NetWeaver 7.4:
http://help.sap.com/nw74 Application Help Function-Oriented View Security User Authentication and Single Sign-On Integration in Single Sign-On (SSO) Environments Single Sign-On for Web-Based Access Using X.509 certificates Using X.509 Client Certificates on the AS ABAP Configuring the AS ABAP to use X.509 Client Certificates .
SAML 2.0
For more information about the configuration that is required for using SAML 2.0, see:
For SAP NetWeaver 7.31:
http://help.sap.com/nw731 Application Help Function-Oriented View Security User Authentication and Single Sign-On Integration in Single Sign-On (SSO) Environments Single Sign-On for Web-Based Access Using SAML 2.0 Configuring AS ABAP as a Service Provider .For SAP NetWeaver 7.4:
http://help.sap.com/nw74 Application Help Function-Oriented View Security User Authentication and Single Sign-On Integration in Single Sign-On (SSO) Environments Single Sign-On for Web-Based Access Using SAML 2.0 Configuring AS ABAP as a Service Provider .
Logon tickets
For more information about the configuration that is required for using SAML 2.0, see:
For SAP NetWeaver 7.31:
http://help.sap.com/nw731 Application Help Function-Oriented View Security User Authentication and Single Sign-On Integration in Single Sign-On (SSO) Environments Single Sign-On for Web-Based Access Using Logon Tickets Using Logon Tickets with AS ABAP Configuring AS ABAP to Accept Logon Tickets .For SAP NetWeaver 7.4:
http://help.sap.com/nw74 Application Help Function-Oriented View Security User Authentication and Single Sign-On Integration in Single Sign-On (SSO) Environments Single Sign-On for Web-Based Access Using Logon Tickets Using Logon Tickets with AS ABAP Configuring AS ABAP to Accept Logon Tickets .
More Information
For more information about how to set up a trusted RFC, see:
For SAP NetWeaver 7.31:
http://help.sap.com/nw731 Security Guide Security Guides for Connectivity and Interoperability Technologies RFC/ICF Security Guide RFC Scenarios .
For SAP NetWeaver 7.4:
http://help.sap.com/nw74 Security Guide Security Guides for Connectivity and Interoperability Technologies RFC/ICF Security Guide RFC Scenarios .
For more information about configuring SAP Fiori search, see SAP Fiori Search.
For more information about configuring SSO for SAP HANA XS, see the SAP HANA Security Guide and the SAP HANA Administration Guide at
http://help.sap.com/hana_platform System Administration and Maintenance Information SAP HANA Administration Guide SAP HANA XS Administration Tools Maintaining Single Sign-On for SAP HANA XS Applications .