SAP Fiori Client Guide

Using the AuthProxy Plugin to Register With SAP Mobile Platform Server

This example procedure demonstrates how to use the AuthProxy plugin to register with the SAP Mobile Platform Server using a client certificate.


This example does not use the Logon plugin to perform the registration. You can test certificates on an Android device or emulator, or an iOS device. The server certificate must be installed on the device's system store, so for iOS, the actual device is required.


  1. Use the keytool utility to create the server and client certificates.
    The SAP Mobile Platform Server stores its certificates in a file named smp_keystore.jks.
  2. Download the certificate and generate a certificate signing request (CSR).
  3. Import the signed certificate into the keystore.
  4. Copy the client's public key to smp_keystore.jks so that the server can authenticate the client.
  5. Create a security profile in the cockpit
  6. Import the public and private key of the client certificate to the mobile device using the PKCS12 format.
    Both the client certificate (stored in the keystore client.p12 containing the public and private keys) and the certificate authority's certificate, must be added to the mobile device. You should add the certificate authority's certificate to the device's trust store. The client certificate in this example for Android is placed in a location the application can access it from.
    adb push SAPServerCA.cer /mnt/sdcard/
    adb push client.p12 /mnt/sdcard/
    adb shell
    cd /mnt/sdcard
    For an iOS device, both certificates can be installed into the device's trusted store by sending them through an e-mail, or opening the device browser to a Web page that contains the links to the certificates.
    On the iOS device, the certificates can be viewed and uninstalled under Start of the navigation path Settings Next navigation step General Next navigation step Profiles End of the navigation path.
    In addition to accessing the certificate from the file system and the device's secure store, the client certificate can be provisioned to the device using Afaria and then accessed from Afaria using the Logon plugin using the method sap.AuthProxy.CertificateFromLogonManager("clientKey").

    On the Windows device, add p12 certificate to the client application and configure it with a certificate provider.

  7. Create a new Cordova project to perform mutual authentication to the SAP Mobile Platform Server.
  8. Add the AuthProxy plugin.
  9. Create a new security provider and add an x.509 User Certificate authentication provider.
  10. Copy the files to the platform directory by running the prepare command.
  11. Use the Android IDE, Xcode, or Visual Studio to deploy and run the project.