SES 5: SAP Fiori Security

During configuration of SAP Fiori Apps, it is important to keep in mind the security measures that ensure that the right users are given access to assigned apps. Plus, you must ensure that your data and processes support your business needs without allowing unauthorized access to critical information.

When a user launches an app, the launch request is sent from the client to the SAP Gateway Server via SAP Fiori Launchpad. During the launch, SAP Gateway Server (ABAP Frontend Server) authenticates the user by using one of the authentication and SSO mechanisms. Let’s say, if you’re implementing a transactional app in an Internet-facing scenario, a common security measure is to put a reverse proxy (either SAP Webs Dispatcher or a third-party reverse proxy), in the demilitarized zone. Plus, SAP recommends deploying the SAP Web Dispatcher in your deployment scenario, since security measures are not too strong in SAP Web Dispatcher.

Communication PathProtocol Application Type
Web Browser to SAP Web
Fact Sheet and
Analytical Apps
SAP Web Dispatcher to
ABAP Frontend Server
SAP Web Dispatcher to
OData HTTP/HTTPSAnalytical Apps
SAP Web Dispatcher to
ABAP Backend Server
ABAP Frontend Server to
ABAP Backend Server
RFCTransactional Apps
and Fact Sheet
ABAP Backend Server to
ABAP Frontend Server
SQLAnalytical Apps

To avoid third-party intercepting communications between two layers, a system needs to be in place which is not susceptible to eavesdropping. Securing communication means regulating which users have access their company’s data on SAP Fiori Launchpad. Encryption makes data hard to read by unauthorized parties. To ensure your data is safe, you can take these two steps:

  • HTTP connections can be protected using Transport Layer Security (TLS) or Secure Sockets Layer (SSL).
  • Remote Function Call (RFC) connections can be protected using Secure Network Communications (SNC).

How to secure communication channels of your SAP Fiori system?

  • Client to SAP Web Dispatcher: To simplify communication between the browser and SAP Fiori System Landscape, we use a reverse proxy to ensure queries from browsers are routed correctly. Depending on the type of app users on the SAP Fiori Launchpad, a client issues the request to SAP Web Dispatcher. So to secure this communication channel, you need to enable SAP Web Dispatcher to use HTTPS communication. Client sends HTTPS-encrypted data to the SAP Web Dispatcher and then SAP Web Dispatcher decrypts the data and sends the encrypted data to the ABAP servers.
  • SAP Web Dispatcher to ABAP servers: One of the important steps in securing SAP Fiori Landscape is configuring the connection between SAP Web Dispatcher and ABAP servers. SAP Fiori Transactional Apps route calls from SAP Web Dispatcher to ABAP frontend servers and SAP Fiori search and Fact Sheet apps route calls from the SAP Web Dispatcher to ABAP backend server.

Follow our Blog for more updates and current offers!

[hubspot type=form portal=5934508 id=b37ebdfc-5650-4300-9817-b74e08369d72]

Business Consultation and Business Model

At SAP Expert Solutions, apart from SAP services, we actively indulge ourselves in Business Consultation and improve ourselves for the good too, helping small-scale business to scale-up their business growth and individuals to make extra income!

Thus, we have started an initiative to help some of you, on a regular interval basis. Get our Business Guide on Top Successful Business Models & Ideas, specially designed and curated by our Business Support Team. 

The Event Sale Timeline: 1st June 2019 – 1st October 2019

Follow and Stay tuned at SAP Expert Solutions for upcoming events and offers. So, gear up, brace yourselves and get ready for the Business Revolution!


Leave a Reply

%d bloggers like this: