Administrator

Web Application Authentication Samples

Several authentication scenario samples demonstrate how to configure Web applications using the same security configuration and supportability measures that are available for mobile applications.

Create a Web Application

Use the following steps to define and configure a Web application. Once defined, four tabs appear: Overview, Back End, Authentication, and Access Control.
  1. Define the Web application, saving when prompted.
    1. In Management Cockpit, select Applications, and click New.

    2. Configure the Web application using the following required items (you can configure additional items):
      • ID ‒ the Web application ID, such as web.basic_basic.

      • Name ‒ the Web application name, such as Web basic application.

      • Type ‒ select Web.

  2. In Back End, complete the following:
    • Endpoint ‒ enter the back-end address URL, using either the application ID, or the X-SMP-APPID, in the format:
      • https://<host>:<port>/<applicationId>

      • https://<host>:<port>/<applicationId>?X-SMP-APPID=<applicationId>

    • SSO Mechanism ‒ select an single sign-on option, such as Basic.

  3. In Authentication, add the security profile.
    • Name ‒ the Web application name, such as Web basic application.

    • Authentication Providers ‒ select HTTP/HTTPS Authentication.

    • URL ‒ enter the authentication URL, such as http://<host>:<port>/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/?spnego=disabled.

Web App Guidelines

Keep in mind the following guidelines for the back-end access URL:
  • The following format does not work for all Web application types (such as hybrid or native) that use the Backend Rewrite URL method for a root path ("/") back end:https://<host>:<port>/<applicationId>

    For example: https://cnpvglwssc856.test.corp.sap:8081/web.basic_basic

  • The following format works for all Web application methods: https://<host>:<port>/<applicationId>?X-SMP-APPID=<applicationId>

    For example: https://cnpvglwssc856.test.corp.sap:8081/web.basic_basic?X-SMP-APPID=web.basic_basic

Web App with x.509 Sample

Use the following information to configure a Web application using x.509 authentication.
  1. Define a Web application; for example, using the name: web_x509.

  2. Configure the Back End tab.
    • Endpoint ‒ enter <Your mutual HTTPS back-end URL>.

    • Certificate alias ‒ enter <Your certificate private key alias>.

    • SSO Mechanism ‒ select X.509.

  3. Configure the Authentication tab. Create a security profile using the Authentication Provider: x.509 User Certificate.

  4. To test, access the Web type application using a browser, for example: https://<host>:<port>/web_x509.

Web App with SAML (Basic) Sample

Use the following information to configure a Web application using SAML security. Technical User (Basic) is used in the sample, but you can use other SAML security types.
  1. Define a Web application; for example, using the name: saml2.app.basic.

  2. Configure the Back End tab.
    • Endpoint ‒ enter the back-end address URL, using the application ID.

    • SSO Mechanism ‒ select Technical User (Basic).

  3. Configure the Authentication tab. Create a security profile using the Authentication Provider: SAML2, and enter your Identify Provider Name in the General tab. Contact your administrator to obtain the Identity Provider Name.

  4. To test, access the Web type application using a browser, for example: https://<host>:<port>/saml2.app.basic.

Web App with Back-end Rewrite URL Sample

If you elect to rewrite the URL to the back-end system, follow the steps in Create a Web Application above, with these differences in Back End:
  • Rewrite Mode ‒ select "Rewrite URL in Backend System".

  • URL ‒ modify the URL as follows: https://<host>:<port>/<backend_rewrite_path>?X-SMP-APPID=<applicationId>.

Web App with Relay Server Samples

When configuring Web applications for a landscape that implements Relay Servers, you must modify the back-end URL:
  • Linux Relay Server ‒ https://<RelayServerHost>:<RelayServerPort>/<URL_Suffix>/<farmid>/<applicationId>

    For example: https://cnpvgllssc1093.test.corp.sap:18081/cli/iarelayserver/SMP3RHFarmHTTPS/web.basic_basic

  • Windows Relay Server ‒ https://<RelayServerHost>:<RelayServerPort>/<URL_Suffix>/<farmid>/<applicationId>

    For example: https://cnpvglwssc1060.test.corp.sap:1081/rs16.5/client/rs.dll/SMP3WINFarmHTTPS/web.basic_basic