SAPSSO2 Generator Properties
SAPSSO2 Generator enables single sign-on (SSO) access to back-end resources. Before you can establish SSO connections, an authentication provider must first authenticate the client.
- Importing a certificate using the Management Cockpit certificates management feature, and
- Specifying appropriate values for the properties below.
|Provider Description||None||Optional description of the provider.|
|Issuer SID||None||System ID of the certificate issuer; must be trusted by the back-end system. It must be three upper-case alphanumeric characters, starting with a letter.|
|Issuer Client||None||Client ID of the certificate issuer; must be trusted by the back-end system. The value must be three numeric characters.|
|Recipient SID||None||Back-end system ID. It must be three upper-case alphanumeric characters, starting with a letter.|
|Recipient Client||None||Client ID of the back-end system. The value must be three numeric characters.|
|Certificate Alias||None||The certificate alias name for the certificate that is used to sign the generated SAPSSO2 token. It should be a DSA (Digital Signature Algorithm) certificate. Only 1024 bit DSA certificates that use SHA1 as the signature algorithm are supported. The use of 2048 bit DSA keys with SHA256 or the use of RSA certificates is not supported.|
|Credential Name||None||The name of the credential that provides the SAPSSO2 token upon successful authentication.|
|SSO2 Token Validity Period||10||The number of minutes the SSO2 token is valid. After the validity period, a new token is generated. Performance declines if you set this value too low|
|Clock Skew Tolerance||10||Number of additional minutes a token remains valid. Compensates for differences in time between the machine on which SAP Mobile Platform Server is running and the back-end machine that receives the token. By default, a generated token is valid for 10 minutes. If the clock skew tolerance is 10, a token is valid for an additional 10 minutes in both directions. For example, if the time on the server clock is 12:00, the token is valid between 11:50 and 12:20. If the time on the receiving server is within 10 minutes of the time on the sending server, it receives a valid token.|
To validate your settings, click Test Settings. A message reports either success or failure; if validation fails, invalid settings are highlighted.