A robust security model is paramount in any enterprise system, and SAP Fiori is built with this principle in mind. Fiori’s security framework leverages established SAP NetWeaver capabilities to ensure that information and processes are protected from unauthorized access at every layer of the architecture.

For initial user authentication, the ABAP front-end server supports several industry-standard mechanisms:

• SPENGO/KERBEROS: A mechanism that allows a client and server to negotiate and select a common authentication protocol.
• SAP Logon Tickets: Enables single sign-on (SSO), allowing authenticated users to access multiple SAP applications and services without re-entering credentials.
• X.509 Certificates: A standard format for public key certificates, which provide strong, certificate-based authentication.

Once a user is authenticated on the front-end server, communication to the back-end system is handled via trusted RFC connections. This allows the user’s identity to be securely passed from the front-end to the back-end without requiring a separate login, provided the user has the necessary authorizations.

To protect data in transit between system components, Fiori can leverage Secure Network Communication (SNC). SNC integrates external security products to provide application-level, end-to-end security for data communication paths. It provides three levels of protection:

1. Authentication only: Verifies the identity of the communication partners.
2. Integrity protection: Detects any manipulation or changes to the data during transmission.
3. Privacy protection: Encrypts the messages to prevent eavesdropping, providing the maximum level of security.