Security Profile for a SiteMinder-Protected Back End
With SAP Mobile Platform, SiteMinder authentication is used in protected and unprotected network-edge configurations.
Network-edge and Token-based Authentication
You should also configure an HTTP/HTTPS Authentication provider for a SiteMinder-protected URL, so SAP Mobile Platform can validate users' SMSESSION cookies.
SAP Mobile Platform sends an SMSESSION cookie to the URL. If the URL is a SiteMinder Agent for an SAP-protected back end, the SSOCookie value should be MYSAPSSO2, the SSO token used against other back-end SAP systems.
When integrating with a back-end system that is not SAP protected, SAP Mobile Platform simply requires a 200 status in the response to indicate the SMSESSION is valid.
With basic authentication, an SSOCookie is set to SMSESSION, which is returned upon successful authentication. SAP Mobile Platform has no further use of the SSOCookie; therefore, this is not a commonly used scenario.