Show TOC

Procedure documentationEnabling Mutual SSL with the Fiori Front-End Server

 

You must establish mutual SSL authentication between SAP Mobile Platform Server and the Fiori front-end server in the following cases:

  • You use X.509 user certificates for user authentication and single sign-on

  • You use SAML2 or other login module together with principal propagation for user authentication and single sign-on

To enable mutual SSL, you must generate a technical user certificate in the SAP Mobile Platform Server keystore, and the Fiori front-end server must trust this certificate.

Procedure

  1. Go to the <SMP_HOME>\sapjvm_7\bin folder.

  2. To create the certificate, execute the command

    keytool -genkey -dname cn=TECH_USER,o=SAP,c=DE -alias tech_user -keyalg RSA -keystore smp_keystore.jks.

  3. To export the certificate to a file, execute the command

    keytool -export -alias tech_user -keystore smp_keystore.jks -file tech_user.crt.

    This file has to be imported into the front-end server's trust store. See Enabling Principal Propagation on ABAP Front-End Server.

    When configuring the SAP Fiori Client application in Management Cockpit, you specify the tech_user certificate alias on the Back End tab.

More Information

Setting Up Communication Channels

SAP Mobile Platform Server: Setup of Communication