Learn about the components that comprise the logon workflow.
MAF includes a configurable, multipurpose onboarding component. It consists of a core
component and a UI component, but you can also use the core with a custom UI. The
Logon Core layer contains code for executing logon operations. The component builds
on SAP Mobile Platform libraries, such as OData CoreServices, Request,
and Client Hub.
The Logon Component supports Afaria, the
SAP-provided MDM solution for provisioning:
- Application configuration
- X.509 certificate for registration
The Logon UI component provides native logon screens, collecting
information from Logon Core and runtime configuration options. Based on the
collected information it decides whether:
- A particular screen needs to be presented to get input from the end
- A third-party client certificate provider needs to be called
- A configuration provider needs to be called to provide configuration
Logon UI exposes the CertificateProvider and
CertificateProviderListener APIs to integrate a third-party
certificate provider. This interface enables application developers to implement
custom components to fetch the X.509 certificate from a third-party MDM
Use the HttpConversation library
to achieve SAML2-based authentication. Use the following methods to acquire the
configuration that the SAML2 protocol needs:
- Mobile Place Discovery Service
- Runtime configuration APIs
If no Afaria or Mobile Place Discovery Service is configured to provide
authentication data, the user must enter information through the Logon UI. Based on
the user input, the Logon Core determines which type of registration to execute.
After registration, the Logon Core:
- Checks if any scenario is forced via configuration.
- Triggers a test HTTP(S) request to the host and port specified by the
- Analyzes the response based on:
- HTTP(S) response code
- Response headers
The Logon Core next determines which communicator to use. If the Logon
Core cannot determine which communicator to use, it falls back to HTTP Rest. If the
decision flow can find a suitable communication setup, it reports a success,
otherwise the logon process stops and issues a failure message.
Logon UI supports customization of headers and footers, and includes a fully
skinnable UI. This component builds on the MAF Logon Core, and provides an
Integration API, which supports these logon operations:
- Logon – register or unlock the secure store so that the app has
access to server information and credentials to initiate requests.
- Change back-end password – update the back-end password stored in the
secure store of the client.
- Change secure store password (App Passcode) – change the password of
the secure store.
- Lock secure store – force the secure store to lock itself while the
application is still in the foreground.
- Delete user – unregister and delete all locally stored content from
the secure store.
- Registration information – present information provided by the user
- Update application settings – get server settings from
SAP Mobile Platform.
- Registration data – used by the application to get all registration
data from MAFLogon.