LiquidUI - SAP NetWeaver AS ABAP SSO
Workflow for iOS and Android Clients
SAP Communication Channels
See Diagram in attached file, which shows the connection from Liquid UI iOS-Android Clients to LUI Server secured using TLS 1.3
From LUI Server to SAP ECC, connection is established as SAP's trusted server SSO, using SAP's digitally signed Logon Ticket.
On both ends of the Server the connections are secured. One via TLS 1.3 and the other via Trusted Server Logon Ticket
Trusted Server Connection to SAP ECC is compressed, and the SAP ECC Kernel does not support further encryption. This SAP Native protocol is not https traffic.
Synactive recommends the LUI server be placed close to the SAP ERP Server to the maximize the optimizing feature as well as to ensure security.
Furthermore, the trust relationship established between LUI Server and SAP ECC ensures that no 3rd party can access this Trusted Server Channel.
Trusted Server Connection is needed not only in the Desktop mode, but it is a necessity in the Mobile environment, where there is no Kerberos SSO. Connection to LUI Server from the Mobile device is protected by TLS 1.3.