Administrator

SAPSSO2 Generator Properties

SAPSSO2 Generator enables single sign-on (SSO) access to back-end resources. Before you can establish SSO connections, an authentication provider must first authenticate the client.

Description

Configure SAPSSO2 Generator by:
  • Importing a certificate using the Management Cockpit certificates management feature, and
  • Specifying appropriate values for the properties below.

Properties

Table 70: SAPSSO2 General Configuration Properties
Property Default Value Description
Provider Description None Optional description of the provider.
Issuer SID None System ID of the certificate issuer; must be trusted by the back-end system. It must be three upper-case alphanumeric characters, starting with a letter.
Issuer Client None Client ID of the certificate issuer; must be trusted by the back-end system. The value must be three numeric characters.
Recipient SID None Back-end system ID. It must be three upper-case alphanumeric characters, starting with a letter.
Recipient Client None Client ID of the back-end system. The value must be three numeric characters.
Certificate Alias None The certificate alias name for the certificate that is used to sign the generated SAPSSO2 token. It should be a DSA (Digital Signature Algorithm) certificate. Only 1024 bit DSA certificates that use SHA1 as the signature algorithm are supported. The use of 2048 bit DSA keys with SHA256 or the use of RSA certificates is not supported.
Table 71: SAPSSO2 Advanced Properties
Property Default Value Description
Credential Name None The name of the credential that provides the SAPSSO2 token upon successful authentication.
SSO2 Token Validity Period 10 The number of minutes the SSO2 token is valid. After the validity period, a new token is generated. Performance declines if you set this value too low
Clock Skew Tolerance 10 Number of additional minutes a token remains valid. Compensates for differences in time between the machine on which SAP Mobile Platform Server is running and the back-end machine that receives the token. By default, a generated token is valid for 10 minutes. If the clock skew tolerance is 10, a token is valid for an additional 10 minutes in both directions. For example, if the time on the server clock is 12:00, the token is valid between 11:50 and 12:20. If the time on the receiving server is within 10 minutes of the time on the sending server, it receives a valid token.

To validate your settings, click Test Settings. A message reports either success or failure; if validation fails, invalid settings are highlighted.