SAP Fiori Security - SAP Fiori

What is SAP Fiori Security?

Securing SAP Fiori device ensures that the statistics and procedures and your business needs, are secured without any unauthorized access to important data.

You should make sure that the user mistakes, negligence, or attempted manipulation of your device must not bring about the loss of information or processing time.

All these protection guidelines ought to apply to all components in a Fiori system.

Dealing with users in SAP Fiori −

  • To control SAP Fiori transactional apps, you should have below customers −
  • Users in SAP NetWeaver Gateway and ABAP front-end server
  • Consumer inside the ABAP backend server

Authentication methods

while launching SAP Fiori app, the request is sent from the client to the ABAP front-end server by means of the SAP Fiori Launchpad through internet Dispatcher. ABAP front-end server authenticates the person whilst this request is sent. To authenticate the user, the ABAP front-end server uses the authentication and single sign-on (SSO) mechanisms provided by SAP NetWeaver. The mechanism referred to under can be used for authentication −


SPNEGO is used when a client application desires to authenticate to a faraway server, however, neither end is sure what authentication protocols the opposite helps. The pseudo-mechanism uses a protocol to determine what common GSSAPI mechanisms are available, selects one and then dispatches all similarly security operations to it. this may help organizations set up new security mechanisms in a phased way.

SAP Logon Tickets

SAP Logon Tickets represent consumer credentials in SAP systems. when enabled, customers can access more than one SAP applications and services through SAPgui and net browsers without further username and password inputs from the person. SAP Logon Tickets also can be a vehicle for allowing single sign-on across SAP limitations; in some cases, login tickets can be used to authenticate into third party applications such as Microsoft-based web applications.

X.509 certificates

An X.509 certificate contains records approximately the identity to which a certificate is issued and the identity that issued it. a number of the certificates that human beings refer to as Secure Sockets Layer (SSL) certificate is in truth X.509 certificate.

Authentication within the back-end systems

as soon as initial authentication is achieved on the ABAP front-end server, a security session is established between the customer and the ABAP front-end server.

This allows SAP Fiori apps and Launchpad to ship OData requests to the ABAP backend server. these requests are communicated securely via using trusted RFC.

Secure network communication SNC

secure network Communications (SNC) integrates SAPNetWeaver single Sign-On or an external security product with SAP structures. With SNC, you strengthen security by using additional safety capabilities provided via a protection product that is not at once to be had with SAP systems.

SNC protects the information communiqué paths among the various client and server additives of the SAP system that use the SAP protocols RFC or DIAG. There are well-known cryptographic algorithms that have been implemented by using the diverse protection products, and with SNC, you may follow these algorithms for your information for multiplied safety.

Imporatant Features −

  • SNC secures the data communication paths among the various SAP system client and server components. There are well-known cryptographic algorithms that have been applied by safety products supported and with SNC, you can apply these algorithms to your data for increased protection.
  • With SNC, you receive application-level, end-to-end security. All communication that takes place between two SNC-protected components is secured.
  • Additional security features like Smart cards can be used that SAP does not directly provide.
  • You can change the security product at any time without affecting the SAP business applications.

Levels of Protection

You can apply three levels of security protection. They are −

  • Authentication only
  • Integrity protection
  • Privacy protection

Authentication only

When using authentication only, the system verifies the identity of the communication partners. This is the minimum protection level offered by SNC.

Integrity Protection

When using integrity protection, the system detects any changes or manipulation of the data, which may have occurred between the two ends of a communication.

Privacy Protection

While using privacy protection, the system encrypts the mails being transferred to make snooping useless. Privacy protection also comprises integrity protection of the data. This is the supreme level of protection provided by SNC.

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status

SAP Fiori Topics