Configuring Application-to-Application SSO Authentication¶
The application-to-application single sign-on (SSO) authentication type allows SAP Cloud Platform Mobile Services to propagate the identity of the logged-in user to another application, which is consumed (deployed or subscribed) in the same SAP Cloud Platform account.
The application that is receiving the SSO operation (the receiving application) must be consumable from the same SAP Cloud Platform account – either by being deployed or through a subscription.
The receiving application can be either a Java or an HTML5 application.
When developing your own Java application, see Securing Java Applications for information about enabling the application to accept application-to-application SSO.
Be sure to configure your account to allow principal propagation. For more information, see Application Identity Provider, the "Local Service Provider Configuration" section.
This setting is account specific, which means that if set to Enabled, all applications within the account accept principal propagation.
The user identity is propagated to the application specified in the URL, which you can configure in Mobile Services cockpit:
Define a new application.
Select the application, and add Connectivity under Assigned Features as described in Managing Application Features.
Create or assign a destination that includes the Application-to-Application SSO mechanism to the connectivity.