Show TOC

SAML AuthenticationLocate this document in the navigation structure

Develop SAML-enabled registration for iOS.

To implement SAML-enabled registration, you:
  • Set the runtime settings
  • Integrate with SAP Mobile Place

You can use these approaches with MAF Logon or the Apple iOS NUserDefaults API.

MAF Logon

Using MAF Logon is the simplest and recommended way to use SAML-protected resources. By default, MAF Logon uses Mobile Place and gets the configuration based on the end user's e-mail address. Once you integrate MAF Logon into your application, you have completed SAML enablement on the client side. To use a different setup, use the MAF Logon runtime configuration to enable the SAML flow. SAML support is integrated with the HttpConversation library via the IManagerConfigurator that is object exposed by the LogonUIFacade class. Refer to the documentation of these classes and to that of the HttpConversationManager class.

In the app, add the method below in the MAFLogonHandler.m file:
- (void)prepareDefaults{
    NSMutableDictionary* currentConfig = [logonUIViewManager.logonManagerdefaultValues];
    NSMutableDictionary* defaultValuesDict = [currentConfig objectForKey:keyMAFLogonOperationContextDefaultValues];
    NSMutableDictionary* registrationFields = [defaultValuesDict objectForKey:idMAFLogonOperationContextTypeRegister];
    [registrationFields setObject:@“<“”your server name>forKey:keyMAFLogonOperationContextServerHost];
    [registrationFields setObject:[NSNumbernumberWithBool:YES] forKey:keyMAFLogonOperationContextIsHttps];
    NSNumberFormatter* nf = [[NSNumberFormatteralloc] init];
    [registrationFields setObject:[nf numberFromString:@“<“ your server port > ] forKey:keyMAFLogonOperationContextServerPortSecure];
    NSMutableDictionary* regConfig = [NSMutableDictionarydictionary];
    NSMutableArray* contextAuth = [NSMutableArrayarray];
    NSMutableDictionary* authConfig = [NSMutableDictionarydictionary];
    NSMutableDictionary* config = [NSMutableDictionarydictionary];
    [authConfig setObject:config forKey:@"config"];
    [authConfig setObject:@""forKey:@"type"];
    [config setObject:@""forKey:@""];
    [config setObject:@"/SAMLAuthLauncher"forKey:@""];
    [config setObject:@"finishEndpointParam"forKey:@""];
    [contextAuth addObject:authConfig];
    [regConfig setObject:contextAuth forKey:@"keyMAFLogonRegistrationContextAuth"];
    [defaultValuesDict setObject:regConfig forKey:@"keyMAFLogonRegistrationContextConfig"];
Call the above method in the init method of MAFLogonHandler.m as shown below:
-(id) init{
    self = [super init];
        self.logonUIViewManager = [[MAFLogonUIViewManager alloc] init];
        // save reference to LogonManager for code readability
        self.logonManager = self.logonUIViewManager.logonManager;
        //Set up the logon manager: add unique application id
        //You must set your own application id, which is specified in the SMP Server Application Connection Template.
         AppDelegate* appDelegate = [[UIApplication sharedApplication] delegate];
        [self.logonManager setApplicationId:appDelegate.smpAppID];
        // set up the logon delegate
        [self.logonManager setLogonDelegate:self];
        [self prepareDefaults];
    return self;

SAML authenticaiton URL (optional) - If the backend server supports SAML authentication, the server can respond using an HTTP-POST binding.

The HTTP-REDIRECT binding is also supported. For details, see the Native OData Logon APIs that are installed with the SDK.

To enable the binding on the server, set Single Sign-on Binding to HTTP-REDIRECT, when you are configuring settings for the SAML2 trusted identity provider.

Apple iOS NUserDefaults API