SAP Fiori Client Guide


Task overview: AuthProxy Plugin

Using the AuthProxy Plugin to Register With SAP Mobile Platform Server

This example procedure demonstrates how to use the AuthProxy plugin to register with the SAP Mobile Platform Server using a client certificate.

Context

This example does not use the Logon plugin to perform the registration. You can test certificates on an Android device or emulator, or an iOS device. The server certificate must be installed on the device's system store, so for iOS, the actual device is required.

Procedure

  1. Use the keytool utility to create the server and client certificates.
    The SAP Mobile Platform Server stores its certificates in a file named smp_keystore.jks.
  2. Download the certificate and generate a certificate signing request (CSR).
  3. Import the signed certificate into the keystore.
  4. Copy the client's public key to smp_keystore.jks so that the server can authenticate the client.
  5. Create a security profile in the cockpit
  6. Import the public and private key of the client certificate to the mobile device using the PKCS12 format.
    Both the client certificate (stored in the keystore client.p12 containing the public and private keys) and the certificate authority's certificate, must be added to the mobile device. You should add the certificate authority's certificate to the device's trust store. The client certificate in this example for Android is placed in a location the application can access it from. 
    adb push SAPServerCA.cer /mnt/sdcard/
adb push client.p12 /mnt/sdcard/
adb shell
cd /mnt/sdcard
ls
exit
    For an iOS device, both certificates can be installed into the device's trusted store by sending them through an e-mail, or opening the device browser to a Web page that contains the links to the certificates.
    On the iOS device, the certificates can be viewed and uninstalled under Start of the navigation path Settings Next navigation step General Next navigation step Profiles End of the navigation path.
    In addition to accessing the certificate from the file system and the device's secure store, the client certificate can be provisioned to the device using Afaria and then accessed from Afaria using the Logon plugin using the method sap.AuthProxy.CertificateFromLogonManager("clientKey").

    On the Windows device, add p12 certificate to the client application and configure it with a certificate provider.

  7. Create a new Cordova project to perform mutual authentication to the SAP Mobile Platform Server.
  8. Add the AuthProxy plugin.
  9. Create a new security provider and add an x.509 User Certificate authentication provider.
  10. Copy the files to the platform directory by running the prepare command.
  11. Use the Android IDE, Xcode, or Visual Studio to deploy and run the project.

In this section:
    Generating Certificates and Keys
    Use a PKI system and a trusted CA to generate production-ready certificates and keys that encrypt communication between different SAP Mobile Platform components. Use Management Cockpit to import certificates to, and export certificates from, the keystore.

Task overview: AuthProxy Plugin
Related Information