Show TOC

Using a Third-Party Certificate ProviderLocate this document in the navigation structure

SAP Mobile Platform SDK includes a Provider API, which enables apps to download certificates from third-party infrastructures.


  • Install a Client Hub application on the client device, and enable <SSO pincode>.
  • Create a new Java project in Eclipse IDE by clicking File > New > Java Project. Enter the project name and click Finish.
  • Add maflogonui.jar to your project by right-clicking <project_name> > Build Path > Add External Achieves.
    Note The version number for maflogonui.jar must be at least 1.203.0.


  1. Set <UserCreationPolicy>=certificate in the file.
    See Registering a New Application Using Client Hub in the Client Hub documentation.
  2. Set the CertificateProvider interface for the MAF Logon component. Each certificate provider must implement this interface.
  3. Implement the getCertificate method. During registration, the Logon component invokes the getCertificate method, described in CertificateProvider interface, and sends a callback to retrieve the user certificate. Save the callback reference and logoncomponentactivity context. Then start a new UI to request parameters from the user.
    public void getCertificate(CertificateProviderListener callback) {
       this.listener = callback;
       this.ctx = (Activity) LogonUIFacade.getInstance().getActivityContext();
       ctx.startActivity(new Intent(ctx, ProviderActivity.class));
  4. Implement a custom method to pass parameters from the Activity XML file to the code written for developing certificate provider functionality. For example, you can implement a setParameters method to retrieve the UI parameters and create X509KeyManager interface to send the certificate back to the MAF Logon component.
    Note X509KeyManager is a standard Java interface. The X509KeyManager that is returned by the certificate provider must contain only one certificate; so the Logon component cannot select between multiple certificates. The Logon component uses the first certificate found by the alias.
    public void setParameters(Map<String, String> parameters) {
       // download certificate from your PKI/CA server or load it from the  System Keychain
       getCertificate(ctx, parameters);
       X509KeyManager keyMan = new MyX509KeyManager();
       // calling callback onGetCertificateSuccess
  5. Make your test .P12 files available to the provider. Depending on your implementation, these files might be:
    • Installed in the System Keychain of your device.
    • Placed in a resource folder of your Android project.
    • Uploaded to your MDM server and accessed via HTTPS request.
  6. Test your implementation by installing the Root CA certificate into the SAP Mobile Platform server keystore. See Managing Keystore and Truststore Certificates in Administrator.