You must establish mutual SSL authentication between SAP Mobile Platform Server and the Fiori front-end server in the following cases:
You use X.509 user certificates for user authentication and single sign-on
You use SAML2 or other login module together with principal propagation for user authentication and single sign-on
To enable mutual SSL, you must generate a technical user certificate in the SAP Mobile Platform Server keystore, and the Fiori front-end server must trust this certificate.
Go to the <SMP_HOME>\sapjvm_7\bin
folder.
To create the certificate, execute the command
keytool -genkey -dname cn=TECH_USER,o=SAP,c=DE -alias tech_user -keyalg RSA -keystore smp_keystore.jks
.
To export the certificate to a file, execute the command
keytool -export -alias tech_user -keystore smp_keystore.jks -file tech_user.crt
.
This file has to be imported into the front-end server's trust store. See Enabling Principal Propagation on ABAP Front-End Server.
When configuring the SAP Fiori Client application in Management Cockpit, you specify the tech_user
certificate alias on the Back End
tab.