To authenticate the user, the ABAP front-end server uses the authentication and Single Sign-On (SSO) mechanisms provided by SAP NetWeaver. Following mechanisms can be used for authentication
SPNEGO is used when a client application wants to authenticate to a remote server, but neither end is sure what authentication protocols the other supports. The pseudomechanism uses a protocol to determine what common Generic Security Services Application Program Interface (GSSAPI) mechanisms are available, selects one and then dispatches all further security operations to it. This can help organizations deploy new security mechanisms in a phased manner.
SAP Logon Tickets represent user credentials in SAP systems. When enabled, the users can access multiple SAP applications and services through SAP GUI and web browsers without further username and password inputs. SAP Logon Tickets can also be a vehicle for enabling SSO across SAP boundaries. In some cases, logon tickets can be used to authenticate into third party applications such as Microsoft-based web applications.
An X.509 certificate contains information about the identity to which a certificate is issued as well as the identity that issued it. Many of the certificates that people refer to as Secure Sockets Layer (SSL) certificates are in fact X.509 certificates.