Sap fiori security

WWW.AMARMN.COM
SAP UI5 AND FIORI ONLINE TRAINING
www.amarmn.com

SAP UI5 and Fiori Online training

1. HTTP connections can be protected using Transport Layer Security (TLS) or

Secure Sockets Layer (SSL).
2. Remote function call (RFC) connections can be protected by using Secure
Network Communications (SNC).

www.amarmn.com

SAP UI5 and Fiori Training

Use HTTPS for web dispatcher

Make sure the SAP Web Dispatcher is installed. Next, you'll configure it as an
SSL client in the system landscape by following these steps:
1.

Log in to the operating system (OS) of the SAP Web Dispatcher, and edit
the instance profile WDP_W<INSTANCE NuMBER>_<HOSTNAME>
2. Enable tt:he HTTPS for the SAP Web Dispatcher. Enter the following
details in
3. the instance profile WDP_W<INSTANCE NUMBER>_<HOSTNAME>:
4. .,. 01 R_INSTANCE = <SECUDI R_Di rectory>
5. .,. ssl /ssl_l ib =<Location of SAP Cryptographic Library>
6. .,. ss 1 /server _pse =<Location of SSL server PSE>
www.amarmn.com
SAP UI5 and Fiori Training
7. .,. ssl /cl ient_pse- <Location of SSL client PSE >

For Internet Communication Manager (ICM) ports, enter the following profile
parameters:i cm/server _port_O PROTHTTPS. PORT<Web Di spatclher
Port>, TIMEOUT <Mins>
1.

Define the routing rules for the SAP Web Dispatcher by entering the
following profile parameters:

1> wdi sp/system_O ~ SID~<Frontend SI D>. MSHOST~<FrontEnd Hostname>,

MSPORT~ <Frontend Messaging Port>. SRCSRV=*: <~leb Dispat cher Port>.
SRCURL=/sap/opu/;/sap/public/;/sap/bc/:/sap/saml2/:/ui
2/nwbc/,
www.amarmn.com
SAP UI5 and
Fiori Training

Enable SSL between the SAP Web Dispatcher and the ABAP Frontend Server
Secure Sockets Layer (SSL) is one of the standard security technologies for
establishing an encrypted link between a server and client. SSL allows
sensitive information to be transmitted securely.
ABAP Frontend Server to ABAP Bacl<end Server
there is a software layer in the SAP NetWeaver system called Secure Network
Communications (SNC), which enables stronger authentication, encryption,
and SSO mechanism server to server.
www.amarmn.com

SAP UI5 and Fiori Training

Single Sign-On and User Authentication

Kerberos/SPNego is a network authentication protocol developed by MIT, and
is a robust protocol that protects from any form of attacks.
http://help.sap.com/sapsso.
It simplifies the logon process to the ABAP frontend server by using the user's
Windows logon data. A separate logon to the ABAP frontend server isn't
required

www.amarmn.com

SAP UI5 and Fiori Training

Security Assertion Markup Language 2.0

SAML is an XML-based standard for communicating identity information
between organizations and service providers.
SAP Logon Tickets
SAP logon tickets are the cookies of a session that are stored in the client's
browser. For SAP logon tickets, you have two options: you can either use the
existing system, such as a portal that already issues logon tickets, or you can
configure the ABAP frontend server to issue logon tickets.
www.amarmn.com

SAP UI5 and Fiori Training

X.509 Certificate
If your customer has implemented a public key infrastructure (PKI) for user
authentication, you can then use X.509 certificates by configuring the required
backend systems (ABAP or SAP HANA) to accept X.509 certificates.

www.amarmn.com

SAP UI5 and Fiori Training