Administrator

System Login (Admin Only) Configuration Properties

The System Login (Admin Only) provider is configured by the installer. The initial administrator credentials enable platform administrators to access Management Cockpit and configure SAP Mobile Platform Server for production. SAP recommends using a different provider in production environments.

Description

The System Login (Admin Only) provider authenticates a user by comparing the specified user name and password with the configured user. Upon successful authentication, the configured roles are added as principals to the subject:

Properties

Table 55: System Login (Admin Only) Properties
Property Default Value Description
Control Flag Optional
Indicates how the security provider is used in the login sequence.
  • Optional – the authentication provider is not required, and authentication proceeds down the authentication provider list, regardless of success or failure.
  • Sufficient – the authentication provider is not required, and subsequent behavior depends on whether authentication succeeds or fails.
  • Required – the authentication provider is required, and authentication proceeds down the authentication provider list.
  • Requisite – the authentication provider is required, and subsequent behavior depends on whether authentication succeeds or fails.
Description None Differentiate between multiple instances of the same provider type; for example, when you have multiple authentication providers of the same type stacked in a security profile, and each targets a different repository.
Username None A valid user name used for authentication. Do not use any of these restricted special characters:
 , = : ' " * ? &
.
Password None The password for the configured user.
Roles None Comma-separated list of roles that are granted to an authenticated user for role-based authorization.
  • Administrator – required for using Management Cockpit with administrator privileges. With an Administrator role, the login ID has administrator privileges.
  • Helpdesk – required for using Management Cockpit with read-only privileges.
  • Notification – required to enable and configure push notifications for SAP Mobile Platform Server.
  • Impersonator – required to configure a reverse proxy for client (or mutual) certificate authentication. The reverse proxy must be granted the Impersonator role so it can impersonate the end user, for example, to propagate the end-user certificate via SSL_CLIENT_HEADER.

If a user has multiple roles, the role with more privileges (Administrator) is used to authorize the user.

To validate your settings, click Test Settings. A message reports either success or failure; if validation fails, invalid settings are highlighted.