Show TOC

Security ConfigurationsLocate this document in the navigation structure

SAP Mobile Platform does not provide proprietary security systems for storing and maintaining users and access control rules, but delegates these functions to the enterprise’s existing security solutions.

A security configuration determines the scope of user identity, performs authentication and authorization checks, and can be assigned multiple levels (domain or package). Applications inherit a security configuration when the administrator assigns the application to a domain via a connection template.

Users can be authenticated differently, depending on which security configuration is used. For example, a user identified as "John" may be authenticated different ways, depending on the named security configuration protecting the resource he is accessing: it could be an MBO package, a DCN request, use of SAP Control Center.

The anonymous security configuration provides unauthenticated user access, and is targeted to applications that do not require tight security.

The Agentry security configuration provides pass-through authentication to the Agentry Server for Agentry applications. The Agentry security configuration employs the NoSecLoginModule to allow user credentials to be sent to the Agentry server for authentication. SAP Mobile Platform does not authenticate this security configuration.

Security configurations aggregate various security mechanisms for protecting SAP Mobile Platform resources under a specific name, which administrators can then assign. Each security configuration consists of:

  • A set of configured security providers. Security provider plug-ins for many common security solutions are included with the SAP Mobile Platform.
  • Role mappings (which are set at the domain and package level) that map logical roles to back end physical roles.
A user entry must be stored in the security repository used by the configured security provider to access any resources (that is, either a SAP Control Center administration feature or an application package that accesses data sets from a back-end data source). When a user attempts to access a particular resource, SAP Mobile Server tries to authenticate and authorize the user, by checking the security repository for:
  • Security access policies on the requested resource
  • Role memberships