Developer

MAF Onboarding Scenarios

MAF Logon Manager supports multiple onboarding scenarios, based on the most common infrastructure setups supported by enterprise mobile applications.

All these scenarios require the user to enter different parameters during the onboading process (see the tables below). However, using Afaria, Mobile Place, or the Client Hub can provide some or all of the parameters. For example, an enterprise might have SAP Mobile Platform installed and use a reverse proxy to route Internet requests to intranet-hosted Gateway systems. An alternate scenario also uses SAP Mobile Platform, but does not use a reverse proxy, and only allows intranet access to the Gateway.

Direct SAP Mobile Platform

The direct SAP Mobile Platform landscape contains an SAP NetWeaver Gateway (subsequently referred to as Gateway) server. SAP Mobile Platform Server is installed and configured to connect to the Gateway server. Connections are accepted only from the company intranet.


Direct SAP Mobile Platform

This table shows the information that users must provide, in the MAF logon UI, to use this type of connection. The parameter values depend on the configuration the administrators set.
Parameter Name Example Value
Server Host <SMP_HOST_NAME>
User Name <USERNAME>
Password <PASSWORD>
Server Port <SMP_SERVER_HTTP(S)_PORT>
Secured Connection ON - DEFAULT
Security Configuration EMPTY  - DEFAULT <SMP_SECURITY_CONFIG_NAME>
By default, the secured connection (HTTPS) is ON, so also by default, the connection type is HTTPS.

Cloud-Based SAP Mobile Platform

The cloud-based SAP Mobile Platform landscape is similar to the direct SAP Mobile Platform scenario; however, SAP Mobile Platform Server is installed in the cloud.


Cloud-Based SAP Mobile Platform

This table shows the information that users must provide, in the MAF logon UI, to use this type of connection. The parameter values depend on the configuration the administrators set.
Parameter Name Example Value
Server Host < SMP_SERVER_HOST_NAME>
User Name <USERNAME>
Password <PASSWORD>
Server Port < SMP_SERVER_HTTPS_PORT>
Secured Connection ON - DEFAULT
Security Configuration EMPTY  - DEFAULT <SMP_SERVER_SECURITY_CONFIG_NAME>
By default, the secured connection (HTTPS) is ON, so also by default, the connection type is HTTPS.

SAP Mobile Platform with Third-Party Proxy

The SAP Mobile Platform with third-party proxy landscape is similar to the direct SAP Mobile Platform scenario, but you can access SAP Mobile Platform Server from both the Internet and intranet. The reverse proxy enables the mobile device to access the landscape from the Internet.


SAP Mobile Platform with Third-Party Proxy

This table shows the information that users must provide, in the MAF logon UI, to use this type of connection. The parameter values depend on the configuration the administrators set.
Parameter Name Example Value
Server Host <PROXY_HOST_NAME>
User Name <USERNAME>
Password <PASSWORD>
Server Port <PROXY_HTTP(S)_PORT>
Secured Connection ON
Security Configuration EMPTY  - DEFAULT <SMP_SERVER_SECURITY_CONFIG_NAME>
By default, the secured connection (HTTPS) is ON, and is set to port 443. When the secured connection is OFF, the default port used is 80.

Direct Gateway

The direct Gateway landscape contains only the Gateway system, and restricts access to the intranet. The mobile device must connect to the intranet via internal Wi-Fi or through VPN.


Direct Gateway

This table shows the information that users must provide, in the MAF logon UI, to use this type of connection. The parameter values depend on the configuration the administrators set.
Parameter Name Example Value
Server Host <GATEWAY_HOST_NAME>
User Name <GATEWAY_ USERNAME>
Password <GATEWAY_ PASSWORD>
Path <PATH_TO_GATEWAY_CONTENT>
Server Port <GATEWAY_HTTP(S)_PORT_NUMBER>
Secured Connection ON - DEFAULT
The default value of the path is the ping URL of the Gateway server (https://gwhost:gwport/sap/bc/ping).

Gateway with Third-Party Proxy

The Gateway with third-party proxy landscape contains a Gateway server that resides inside the company intranet, and a third-party reverse proxy that enables the mobile device to access the Gateway from the Internet.


Gateway with Third-Party Proxy

This table shows the information that users must provide, in the MAF logon UI, to use this type of connection. The parameter values depend on the configuration the administrators set.
Parameter Name Example Value
Server Host <GATEWAY_HOST_NAME>
User Name <GATEWAY_ USERNAME>
Password <GATEWAY_ PASSWORD>
Server Port <GATEWAY_HTTPS_PORT_NUMBER>
Secured Connection ON - DEFAULT
The default value of the path is the ping URL of the Gateway server (https://gwhost:gwport/sap/bc/ping). You can customize the path by modifying the MAFLogonManagerNG.bundle/MAFLogonOperationsDefaultValues.plist default value of keyMAFLogonOperationContextResourcePath. If you modify this file in the application’s IPA file, you must re-sign the file with a valid signing key before you can distribute it.

SAP Cloud Platform mobile service for development and operations

Mobile services are deployed on the SAP Cloud Platform, which also runs a HANA instance, and the services are typically protected by SAML authentication. The parameters that this authentication method requires must be provided by Mobile Place, Afaria, or the runtime configuration; the Logon UI cannot acquire these entries interactively from the user.

Other Configuration Prerequisites for Onboarding Scenarios

You must properly configure the Gateway system so the MAF logon UI component can detect the direct Gateway setup.

All requests in all onboarding scenarios are routed through the default sap-client (client 100). To change that, adjust your ICF configuration for the server (SICF transaction in Gateway System). See http://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/cae5cc356c3254e10000000a42189b/frameset.htm.