Administrator

Integrating with Single Sign-On Solutions

SAP Mobile Platform integrates with several single sign-on solutions.

The SSO mechanisms that SAP Mobile Platform supports to access back-end systems are:
  • Technical User (Basic) – replaces the "Allow Anonymous" option to enter a user name and password.
  • Technical User (X.509) – replaces the "Allow Anonymous" option to enter a certificate alias.
  • Principal Propagation (X.509) – provides single sign-on after another provider authenticates.
  • Custom cookies and headers – admins can configure one or more HTTP headers or cookies to add to requests. Each entry contains a regular expression value that is replaced with a named credential.
  • Kerberos – provides single sign-on after another provider authenticates.
  • MYSAPSSO2 cookie – an SAP proprietary mechanism.
  • Basic (user name/password) – requires that both SAP Mobile Platform and the back end are linked to the same identity management (IDM) system for validating credentials.
  • X.509 certificates – propagated to the back end via an SSL_CLIENT_CERT header.

For SSO services that use cookies, SAP Mobile Platform supports three authentication scenarios: network-edge authentication, token-based authentication, and basic authentication. In each of these scenarios, the result is an authenticated user with SSO credentials who can interact with back-end systems.