In principal propagation, temporary X.509 user certificates are generated at runtime to enable user principals and credentials to be forwarded from SAP Mobile Platform Server to the back end. In this activity, you generate a signing certificate for these temporary certificates.
Use keytool to generate a signing certificate, for example, with the command
keytool -genkey -dname cn=PP_CA,o=SAP,c=US -alias pp_ca -keyalg RSA -keystore smp_keystore.jks
When configuring the SAP Fiori Client application in Management Cockpit, specify the pp_ca
certificate alias when configuring the Principal Propagation
authentication provider on the Authentication
tab.
For an example application configuration where this certificate alias is used to configure principal propagation, see Example Configuration: SAML 2.0 Authentication.