Administrator

HTTP/HTTPS Authentication Provider

Use the HTTP/HTTPS Authentication provider to authenticate users; call a separate Web server to validate the users' credentials. This provider can validate both user name and password basic credentials, and single sign-on (SSO) client tokens (in lieu of passwords).

The HTTP/HTTPS Authentication authentication provider validates standard user name and password credentials by passing them to a Web server. Configure the URL property to point to a Web server that challenges for basic authentication.

This provider authenticates users by validating client-specified tokens and sending the values to the HTTP back end in the specified format (header/cookie). You can specify any parameter value, for example an HTTP header or cookie, in the ClientHttpValuesToSend property. The provider can retrieve the value of the parameter and pass it to the Web server in the format required by the SendClientHttpValuesAs property.

For example, to extract the cookie "MyCookie" from an SAP Mobile Platform Server client session, and pass it to a Web server as "testSSOCookie," set:
  • ClientHttpValuesToSend to MyCookie
  • SendClientHttpValuesAs to cookie:testSSOCookie
Best practice guidelines include:
  • To avoid exposing credentials, use an HTTPS URL.
  • If the Web server's certificate is not signed by a well known CA, import the CA certificate that was used to sign the Web server's certificate into the SAP Mobile Platform Server keystore. The keystore contains CA certificates from reputable CAs.
  • If a Web server returns a cookie with successful authentication, set the SSO Cookie Name property to the name of this cookie. After successful authentication, SSO cookie values are available to SSO back-end connections.