Architectural Overview

Learn about the components that comprise the logon workflow.

MAF includes a configurable, multipurpose onboarding component. The LogonCore is separate from the Logon UI and supports the creation of custom Logon UIs. The LogonCore layer contains code that executes logon operations. The MAF Logon component builds on SAP Mobile Platform libraries, such as OData CoreServices libraries, Afaria client libraries, and Client Hub libraries.

The Logon component can get application configuration from different sources:
  • Afaria, the SAP-provided MDM solution – if the Afaria application is installed on the device and the app-specific configuration on the Afaria server is set up appropriately
  • Client Hub – if the Client Hub library is linked to the app and the Client Hub application is initialized on the device
If you use the Logon UI further configuration options are available:
  • The Mobile Place service – if it is not explicitly disabled by setting the shared preference key PREFERENCE_ID_MOBILEPLACE to false
  • Setting default values on the logonUIFacade class, for example:
    logonUIFacade.setDefaultValue(SharedPreferenceKeys.PREFERENCE_ID_SUPSERVERPORT.toString(), "8000");
  • Configuration provided by the user via the Logon UI screens

The Logon component can also use Afaria to provision X.509 certificates for registration. In addition to Afaria, the Logon Plugin exposes CertificateProvider and CertificateProviderListener intefaces to integrate a third-party certificate provider. These interfaces enable application developers to implement custom components that fetch X.509 certificates from a third-party MDM infrastructure.

Based on the configuration, the Logon Core determines which type of registration to execute, then:
  1. Checks if any scenario is configured to be forced.
  2. Triggers a test HTTPS request to the host, using the port specified by the user.
  3. Analyzes the response to this request based on:
    1. HTTPS response code
    2. Cookies
    3. Response headers

The Logon Core next determines which communicator to use. If the Logon Core cannot determine which communicator to use, it uses the HTTP REST protocol. If the decision flow can find a suitable communication setup, it reports a success, otherwise the logon process stops and issues failure message.

The default Logon UI supports customization of headers and footers, and includes a fully skinnable UI. This component builds on the MAF Logon Core, and provides a higher-level integration APIs, which supports these logon operations.
  • Logon – register or unlock the secure store so that the app has access to server information and credentials to initiate requests.
  • Change back-end password – update the back-end password stored in the secure store of the client.
  • Change secure store password (App Passcode) – change the password of the secure store.
  • Lock secure store – force the secure store to lock itself while the application continues to run in the foreground.
  • Delete user – unregister and delete all locally stored content from the secure store.
  • Registration information – present information provided by the user during logon.
  • Update application settings – get server settings from SAP Mobile Platform.
  • Registration data – used by the application to get all registration data from MAFLogon.