Configuring Business Application with Client Hub
The following tasks describe the steps to configure the business application using Client Hub.
Registering a New Application Using Client Hub
To get connection settings for Client Hub, add a configuration
descriptor file to your Eclipse project.
- Create a file named clienthub.properties and place it into the/res/raw folder of your Android project.
Add this content:
#Properties file to provide the application settings. Do not change the key names. #Mandatory Settings #Hostname of the server, example:xyz.sap.corp Host=<FULLY_QUALIFIED_HOSTNAME> #Port of the server, example: 8080 Port=<PORT> #Farm ID of the relay server in case it is used. Example: xyz.farm. If relay server is not used, set the value to 0. FarmID=<FARM_ID> #Security configuration of the application, example: SSO SecurityConfiguration=<SECURITY_CONFIGURATION> #Property to set the user creation policy. The user creation policy defines the authentication method for the user: automatic, manual or certificate. The manual and automatic is for the password based authentication. The certificate is for the X.509 based authentication. If no value is set, default is certificate. UserCreationPolicy=<automatic/manual/certificate> #Optional Settings #URL suffix of the relay server or reverse proxy. URLSuffix=<URL_SUFFIX> #Domain of the application. Used in SAP Mobile Platform older versions. Domain=<DOMAIN> #Connection type, HTTP or HTTPS. If no value is set, default is true (HTTPS). HTTPS=<true/false> #Property to set whether the credentials can be shared or not. If no value is set, default is true. ShareCredentials=<true/false>Replace the values (for example, SECURITY_CONFIGURATION) with values that are specific to your enterprise.
Ensure that the following permission is present in the MAF Logon-based
application's androidManifest.xml file within the
<manifest> tag. If not, add the permission:
- Deploy the MAF Logon-based application to your device.
- Open your MAF Logon-based application. MAF Logon checks whether Client Hub is installed on your device and if the SSO password is specified by the user.
MAF Logon displays the Client Hub Logon UI screen,
where you can either enter your Client Hub SSO password
or choose skip:
- To use the app with Client Hub, enter your SSO passcode and tap Next. Once all the prerequisites are fulfilled, the Set Passcode screen appears, which indicates that the registration is successful. The registration is performed based on the credentials stored in the Client Hub application shared Data Vault, and the connection data is read using the Client Hub libraries built into the application.
- If you do not want to use your application with Client Hub, click Skip. You are opted out from using Client Hub to share credentials and connection data with this application. MAF Logon does not present the SSO Passcode UI on subsequent application starts, unless the application is reinstalled.
- If you enter the SSO Passcode, MAF Logon checks whether it can open Client Hub with the specified password, then stores the password in its own Secure Store.
- MAF Logon opens Client Hub and requests credentials and connection data from the Client Hub libraries. If the UserCreationPolicy, HTTPS, and ShareCredentials values are not provided, the Client Hub libraries use the default values for the application, from the clienthub.properties file.
Enabling an Application Registered Using Client Hub
To reenable an application that is registered with Client Hub, relaunch the application.
MAF Logon checks whether the Client Hub is still present on the
- If it is not, MAF Logon decouples your application from the Client Hub. If you intentionally skip the Client Hub screen, your application never again checks for Client Hub and cannot share credentials or connection information, even via a new Client Hub installation. To recouple your application with Client Hub, you must delete and then reinstall the application on the device. When the Client Hub is detected after re-launch, the application shares its credentials with Client Hub.
- If the Client Hub is still available, MAF Logon
checks whether the SSO passcode is still valid.
If the SSO Passcode is invalid, the MAF Logon UI prompts the device user for a new SSO passcode. MAF Logon then opens Client Hub and fetches the credentials stored there.
MAF Logon compares the back-end user name and password with the user name and
password stored in the secure store of the application.
- MAF Logon writes the credentials into Client Hub
- Client Hub does not contain any credentials, or
- credentials stored in the secure store of the application are newer than those in Client Hub.
- MAF Logon writes the credentials into the secure store of the application if the credentials stored in the secure store of the application are older than those in Client Hub version.
- MAF Logon writes the credentials into Client Hub application if:
Changing the Back-end Password
If there is an authentication error or when the backend password is changed, follow these steps to update the back-end password.
- MAF Logon presents the Backend Password screen to get the new password.
- Provide the new password.
- MAF Logon verifies the password, then shares the new password with other applications through the Client Hub.