Administrator

Impersonator Role Missing Error

Problem

This error can be caused due to any of the following problems:
  • When SAP Mobile Platform Server fails to trust the certificate it receives from the reverse proxy. Reverse proxy redirects the client certificate which is received from SSL_Client header. In this case, reverse proxy does not hold the private key of the client certificate. So, for security reasons you must mention the certificate subject under the impersonator role in the role mapping XML file of the security configuration.
  • When SAP Mobile Platform Server is unable to trust the push generator.

Workaround

During certificate onboarding in HTTPS channel via reverse proxy, you need to:
  1. Create a security configuration (SC) with the certificate authentication login module. It creates a role-mapping XML file for that SC under CSI folder.
  2. Map the reverse proxy certificate's subject under the impersonator role in the XML file.
During certificate push in HTTPS channel, you need to:
  1. Map the push generator's subject in the Notification role-mapping.xml.
  2. Add push generator's certificate subject to the Notification role-mapping.xml under the CSI folder.