FederationProvider Plugin
(Android and iOS) The FederationProvider plugin is a CertificateProvider implementation that enables sharing of X509 client certificates for authentication across multiple applications.
Requirements
- Be signed by the same developer identity
- Share the same entitlements/metadata
- Be used by the same consumer
- Be configured to use the same FederatedProvider implementation
- Use the same federated identity (the same consumer with the same login credentials as the identity provider used to provision the certificate.)
- Preferably have every application target the same back-end system (or have back-end systems that are mapped to the same identity, with all users mapped consistently)
Supported Usage Scenarios
- Third-party certificates in Fiori Client apps
- SAP certificates in Fiori Client apps
The certificate provider provides a certificate when called, and provides all the information required to either provision the certificate or to read a stored certificate from internal secure storage. The developer can think of the federation provider as a native component that calls the certificate provider implementation. The certificate provider implementation, when used by federation provider, works the same way as if the Logon plugin called the component.
The other role of the FederationProvider is to implement platform-specific logic that shares the certificate acquired from the certificate provider implementation. This logic is implemented by the federation native library. To plug the FederationProvider into the Logon plugin, it implements the certificate provider interface. In this role, FederationProvider acts as a proxy component that decides when to call the configured certificate provider implementation and when to fetch the certificate from the Federation Library.
Supported Certificate Providers
There are no special requirements for a certificate provider implementation that is used by the FederationProvider. Every correctly configured certificate provider should work through the FederationProvider.
- Afaria provider
- Certificate Delivery Services (CDS) provider
Any third party certificate providers can be supported; consult with the third party who created the specific certificate provider.
Supported Scenarios
-
Federation with any Third-Party Certificate Provider in Custom Fiori
Client Applications
- AppConfig.js file configures the certificate provider to be the SAP federation provider (“certificate” : “com.sap.federationprovider”)
- AppConfig.js file passes the new configuration value to select the certificate provider used by the SAP federation provider (“federated_certificate” : “com.ex.anyprovider”)
- The consumer follows the onboarding procedure and the fiori client triggers the registration through the Logon plugin API which results in the federation provider acquiring the certificate either from the federation library or from the configured third party certificate provider implementation
- Add every configuration that the third party certificate provider needs to the AppConfig.js file. The provider receives the content of this file, and parses the configuration it needs.
-
Federation with any SAP Certificate Provider in Custom Fiori Client
Applications
- AppConfig.js file configures the certificate provider to be the SAP federation provider (“certificate” : “com.sap.federationprovider”)
- AppConfig.js file passes the new configuration value to select the certificate provider used by the SAP federation provider (“federated_certificate” : “com.ex.anyprovider”)
- The consumer follows the onboarding procedure and the Fiori client triggers the registration through the Logon plugin API, which results in the use of the federation provider acquiring the certificate either from the federation library or from the configured third Party certificate provider implementation.
- Add every configuration that the third party certificate provider needs to the AppConfig.js file. The provider receives the content of this file and parses the configuration it needs.
