Applications that do not require tight security can use anonymous access. You can run
anonymous access applications without entering credentials.
When anonymous connections are enabled in Management Cockpit, the
application user can run the application without entering a user name and password or a
combination of authorization code and password. However, back-end systems require log-on
credentials to access data, from both read-only users and back-end users with specific
Note If you configure the No
Authentication Challenge authentication provider in a security profile to which you have assigned client
applications that you intend to run anonymously, your anonymous applications fail.
SAP Mobile Platform Server authenticates the user even though the user
presented no valid credentials. The server then attempts to connect to a back-end system
assuming there is an authenticated client, and tries to use SSO credentials for the back
end. However, these credentials are absent, and the back-end connection fails.
SAP also supports an "anonymous optional" scenario, in which an
anonymous application may provide a limited set of functionality to anonymous users. A
user who chooses to authenticate may have access to more functionality (for example,
real user credentials which are propagated via SSO to the back end and allows more
Note When an endpoint is configured with the "Allow Anonymous" attribute, and technical user
credentials are provided, clients can use the endpoint anonymously. Even though the
business content SAP Mobile Platform accesses through the endpoint may be
deemed nonsensitive and not require a high degree of security, the technical user may
have access to other parts of the back-end system that are sensitive. Because of this,
the technical user's credentials must be protected. Always use an HTTPS connection to
the back-end system to protect the technical user's credentials from being compromised
as they are passed over the network.