Kerberos Single Sign-On Provider

After a client is authenticated by an authentication provider, Kerberos enables single sign-on (SSO) access to back-end resources.

Once a client has been authenticated, Kerberos establishes a connection to the Kerberos Distribution Center (KDC) using the SAP Mobile Platform service user, realm, and key. It then creates a Kerberos credential with a reference to this connection, and adds the credential to the subject.

SAP Mobile Platform Server uses the Kerberos credential to obtain a Kerberos access token, on behalf of the authenticated user, for the realm and service name that are specified in the back-end endpoint properties. The server maintains the token in the server session.