Start of Content Area

Procedure documentation Setting Up Single Sign-On on the Mobile Device  Locate the document in its SAP Library structure

Use

With the parameters in the file Default.properties and Configuration.properties, you can configure the client to support Single Sign-On (SSO) if the device has an online connection. The mobile device receives the SAP logon ticket from a system that issues tickets, such as SAP Enterprise Portal. The mobile device can then be verified on the server with the SAP logon ticket without the user having to enter an additional password.

One User - SAP MI-Oriented

The device is used by a single user only. The user starts the client on the mobile device. It requests a ticket that is used for the initial logon and for synchronization from the system that issues tickets. The SAP MI uses the configured URL.

In this scenario users only need to enter a user ID and password when they log onto the system issuing the ticket. The logon data is verified in SAP MI using the SAP logon ticket. Password handling settings are consequently ignored in SAP MI and the user has no access to password management.

In the initial logon, which must be performed online, the user data from the logon ticket is used to create a user in the client.

Parameters and Values for this Scenario

·        JSP clients on Win32 systems and Microsoft Windows Mobile systems (PDA):

MobileEngine.UM.SingleUserMode=true

MobileEngine.UM.SAPLogonTicketSupport=true

MobileEngine.UM.SAPLogonTicketRequestURL=<URL of the ticket-issuing system>

MobileEngine.UM.SAPLogonTicketWaitingRefresh=<Time in seconds after which the system checks (again) if the logon ticket was received>(Default: 3)

MobileEngine.UM.SAPLogonTicketRequestTimeout=<Time in seconds between requesting logon ticket and cancellation> (Default: 90)

MobileEngine.UM.SAPLogonTicketLogoffURL=<URL for the logoff>(optional)

·        AWT Clients:

MobileEngine.UM.SingleUserMode=true

MobileEngine.UM.SAPLogonTicketSupport=true

MobileEngine.UM.SAPLogonTicketRequestURL=<URL of the ticket-issuing system>

MobileEngine.UM.SAPLogonTicketRequestTimeout=<Time in seconds between requesting logon ticket and cancellation> (Default: 90)

MobileEngine.UM.SAPLogonTicketLogoffURL=<URL for logoff> (optional)

MobileEngine.UM.ExternalAuthUserParameter

MobileEngine.UM.ExternalAuthPasswordParameter

MobileEngine.UM.ExternalAuthAdditionalParameters

One User – Access to SAP MI from a Ticket-Issuing System, for Example, SAP Enterprise Portal

Note

This scenario only applies to JSP clients.

The device is used by a single user only. The user starts SAP MI on their mobile device as a service running in the background without a user interface. There must be an empty file named startasservice.txt in the same directory as the file MobileEngine.exe.

To work with SAP MI, the user opens the SAP MI user interface from a link (for example, in SAP Enterprise Portal).

As a result of logging onto the system issuing tickets, there is already a logon ticket available if the user interface of the SAP MI was started. The logon ticket is, therefore, not explicitly requested.

Parameters for This Scenario

MobileEngine.UM.SingleUserMode=true

MobileEngine.UM.SAPLogonTicketSupport=true

MobileEngine.UI.CloseBrowserWindowSupport=true (optional)

In this scenario users only need to enter a user ID and password when they log onto the system issuing the ticket. The logon data is verified in SAP MI using the SAP logon ticket. Password handling settings are consequently ignored in SAP MI and the user has no access to password management.

In the initial logon, which must be performed online, the user data from the logon ticket is used to create a user in the client.

Multiple Users

Note

This scenario only applies to JSP clients on Win32 systems.

The device is used by multiple users. The user starts SAP MI on their mobile device as a service running in the background without a user interface. There must be an empty file named startasservice.txt in the same directory as the file MobileEngine.exe.

To work with SAP MI, the user opens the SAP MI user interface from a link (for example, in SAP Enterprise Portal).

If the ticket does not exist, the user can start the client from the browser with the address, http://localhost:4444/index.htm, and log on with user ID and password. The system uses settings already in SAP MI for handling passwords and the user can use password management in SAP MI.

Before a user can use an SAP logon ticket, a user ID and password must be created for this user in the client.

Parameters for This Scenario

MobileEngine.UM.SingleUserMode=false

MobileEngine.UM.SAPLogonTicketSupport=true

End of Content Area