Single Sign-On Authentication

Understand the role of user credentials and certificates in single sign-on authentication.

Single sign-on authentication comprises three main areas:
  • SAP Mobile Platform to a back end
  • Client to SAP Mobile Platform
  • Back-end user mapping

Configuring SAP Mobile Platform to perform single sign-on to the back end requires that you configure the applications created in SAP Mobile Platform Server to use the HTTPS protocol with mutual-certificate authentication to communicate with the back end. Use Management Cockpit to navigate to the application, and set the property "Certificate Alias"—that is, enter the name of a certificate alias in <SMP_HOME>\Server\configuration\smp_keystore.jks.

During mutual-certificate authentication between a client and SAP Mobile Platform Server, the client presents a certificate to the server. For authentication to succeed, the client’s certificate, or more typically, the certificate authority (CA) that signed the client certificate must be present in the SAP Mobile Platform Server keystore.