Show TOC

Architectural OverviewLocate this document in the navigation structure

Learn about the components that comprise the logon workflow.

MAF includes a configurable, multipurpose onboarding component. It consists of a core component and a UI component, but you can also use the core with a custom UI. The Logon Core layer contains code for executing logon operations. The component builds on SAP Mobile Platform libraries, such as OData CoreServices, Request, and Client Hub.

The Logon Component supports Afaria, the SAP-provided MDM solution for provisioning:
  • Application configuration
  • X.509 certificate for registration
The Logon UI component provides native logon screens, collecting information from Logon Core and runtime configuration options. Based on the collected information it decides whether:
  • A particular screen needs to be presented to get input from the end user
  • A third-party client certificate provider needs to be called
  • A configuration provider needs to be called to provide configuration

Logon UI exposes the CertificateProvider and CertificateProviderListener APIs to integrate a third-party certificate provider. This interface enables application developers to implement custom components to fetch the X.509 certificate from a third-party MDM infrastructure.

Use the HttpConversation library to achieve SAML2-based authentication. Use the following methods to acquire the configuration that the SAML2 protocol needs:
  • Mobile Place Discovery Service
  • Runtime configuration APIs
If no Afaria or Mobile Place Discovery Service is configured to provide authentication data, the user must enter information through the Logon UI. Based on the user input, the Logon Core determines which type of registration to execute. After registration, the Logon Core:
  1. Checks if any scenario is forced via configuration.
  2. Triggers a test HTTP(S) request to the host and port specified by the user.
  3. Analyzes the response based on:
    • HTTP(S) response code
    • Cookies
    • Response headers

The Logon Core next determines which communicator to use. If the Logon Core cannot determine which communicator to use, it falls back to HTTP Rest. If the decision flow can find a suitable communication setup, it reports a success, otherwise the logon process stops and issues a failure message.

The default Logon UI supports customization of headers and footers, and includes a fully skinnable UI. This component builds on the MAF Logon Core, and provides an Integration API, which supports these logon operations:
  • Logon – register or unlock the secure store so that the app has access to server information and credentials to initiate requests.
  • Change back-end password – update the back-end password stored in the secure store of the client.
  • Change secure store password (App Passcode) – change the password of the secure store.
  • Lock secure store – force the secure store to lock itself while the application is still in the foreground.
  • Delete user – unregister and delete all locally stored content from the secure store.
  • Registration information – present information provided by the user during logon.
  • Update application settings – get server settings from SAP Mobile Platform.
  • Registration data – used by the application to get all registration data from MAFLogon.