Skip to Content
Author's profile photo Frank Schuler

Enabling on premise Fiori SSO with OpenSSL certificates – Part 2

In part one of this blog series I explained how to establish a secure connection to your Fiori Launchpad with OpenSSL certificates, which is the precondition for certificate based single-sign-on, which I will be describing in this blog.

To start with, I create a client certificate and key starting with a certificate request in TinyCA:

Create Request.png

The creation of the RSA key can take some time:

Creating RSA key.png

When finished, I sign the request as before with my previously created CA:

Sign Request.png

And export the resulting certificate both as a PEM (Certificate):


As well as a PKCS#12 (Certificate & Key):


To import the certificate into my Fiori Frontend server, I create an entry in table VUSREXTID in transaction SM30:


With External ID type DN of Certificate (X.509):

Determine Work Area.png

Into which I import my personal certificate:

New Entries.png

From the previous PEM export:


And assign it to my user and activate it:


The only remaining task is to import my certificate key into the browser with which I access my Fiori Launchpad:

PKCS #12.png

And next time I launch my Fiori Launchpad, I get presented with my certificate(s):

Select a certificate.png

I could now cancel this and login as usual, but if I confirm it, I got securely single-singed-on into my Fiori Launchpad:


Of course there is much more to consider in terms of private key infrastructure (KPI) governance and there are many more enterprise ready CA tools, but the underlying concepts are always the same.

In my next blog series I explain how to secure the HANA Cloud Connector leveraging the same concepts.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      great job, Frank, many thanks.

      Author's profile photo Smriti Gupta
      Smriti Gupta

      Hello Frank,

      When i am looging in fiori launchpad, I am again asked to tner username and Password. So is it a single sign on issue, could you pls tell.






      Author's profile photo Frank Schuler
      Frank Schuler
      Blog Post Author

      Hello Smriti,

      If you are being asked for username and password than your single-sign-on is not working correctly.

      Best regards