Showing results for 
Search instead for 
Did you mean: 

Mobile SSO for Fiori

Former Member
0 Kudos

I have setup the SAML configuration - IdP and Sp on SAP SSO server, and Sp on Fiori server. I have shared my Sp certificate to my IdP. My Fiori link is the Launchpad. I have only skipped the HTTPS part on the SAP SSO server. ( I have followed the mobile SSO for Fiori guide with sap authenticator on SAP/SCN)

Now, few questions.

1) Is HTTPS a must for this configuration? I am working on a POC.

2) Would SSO work on URL's as well? I mean, would I be able to goto SAP SSO server URL and access Fiori applications without signing in to Fiori server? What URL should I use? Would it be the endpoint url I see on the SAML (/saml2/idp/sso? ) configuration page for Idp?

Appreciate your help. Thanks,

Accepted Solutions (0)

Answers (2)

Answers (2)

0 Kudos

Hello Jim,

1) HTTPS is recommended.

2) The Mobile SSO scenario via SAP Authenticator is based on the IDP-initiated  and all the details you will be able to find in the second chapter "How the Mobile Single Sign-On for SAP Fiori works" of the document:Mobile Single Sign-On for SAP Fiori - Step-by-Step Guide

All configuration steps for Mobile SSO for SAP Fiori are described in the document.

If you want to make SSO for SAP Fiori via the desktop, you have to call the SAML IDP first and based on the IDP-initiated, it will call SAP Fiori. If you configure also SP-initiated, then you will be able to start the SSO process also from the SAP Fiori via the browser.

More details about how SP-initiated and IDP-initiated works, you will be able to find in the documentation:

SSO with SAML 2.0 - Identity Provider for SAP Single Sign-On and SAP Identity Management - SAP Libra...


Donka Dimitrova

Former Member
0 Kudos

Hi Donka,Really appreciate the way you have clarified it. Thanks, and that's an awesome document.

0 Kudos

Hi Jim,

1) HTTPS is a must for the AS ABAP system where Fiori Launchpad is maintained.

2) Yes, you can setup single sign-on to the SAP Secure Login Server, therefore when you call Fiori Launchpad you will also be authenticated with single sign-on in the SAP SLS, however this scenario is SP-initiated single sign-on, where first you call the SP, in this case the Fiori Launchpad.

Another option is to configure IdP-initiated single sign-on where first you authenticate to the IdP and then gets redirected to the SP.

If you are using SAP IDM product as the IdP, here is some information regarding IdP-initiated single sign-on:

Performing Identity Provider-Initiated Single Sign-On - Identity Provider for SAP NetWeaver Single S...


Filipe Santos