Security Profile for a SiteMinder-Protected Back End

With SAP Mobile Platform, SiteMinder authentication is used in protected and unprotected network-edge configurations.

Network-edge and Token-based Authentication

With network-edge and token-based authentication, a security profile that integrates with applications that use a SiteMinder-protected back end must use the Populate JAAS Subject From Client provider, which assigns sm_user as a principal; the SiteMinder agent adds an sm_user header to client requests. Use that header in the Populate JAAS Subject From Client provider to set a user Principal.

You should also configure an HTTP/HTTPS Authentication provider for a SiteMinder-protected URL, so SAP Mobile Platform can validate users' SMSESSION cookies.

SAP Mobile Platform sends an SMSESSION cookie to the URL. If the URL is a SiteMinder Agent for an SAP-protected back end, the SSOCookie value should be MYSAPSSO2, the SSO token used against other back-end SAP systems.

When integrating with a back-end system that is not SAP protected, SAP Mobile Platform simply requires a 200 status in the response to indicate the SMSESSION is valid.

Basic Authentication

With basic authentication, an SSOCookie is set to SMSESSION, which is returned upon successful authentication. SAP Mobile Platform has no further use of the SSOCookie; therefore, this is not a commonly used scenario.