Show TOC

Web Application Authentication SamplesLocate this document in the navigation structure

Several authentication scenario samples demonstrate how to configure Web applications using the same security configuration and supportability measures that are available for mobile applications.

Create a Web Application
Use the following steps to define and configure a Web application. Once defined, three tabs appear: Overview, Backend, and Authentication.
  1. Define the Web application, saving when prompted.
    1. In Management Cockpit, select Applications, and click New.

    2. Configure the Web application using the following required items (you can configure additional items):
      • ID ‒ the Web application ID, such as web.basic_basic.

      • Name ‒ the Web application name, such as Web basic application.

      • Type ‒ select Web.

  2. In Backend, complete the following:
    • Endpoint ‒ enter the back-end address URL, using either the application ID, or the X-SMP-APPID, in the format:
      • https://<host>:<port>/<applicationId>

      • https://<host>:<port>/<applicationId>?X-SMP-APPID=<applicationId>

    • SSO Mechanism ‒ select an single sign-on option, such as Basic.

  3. In Authentication, add the security profile.
    • Name ‒ the Web application name, such as Web basic application.

    • Authentication Providers ‒ select HTTP/HTTPS Authentication.

    • URL ‒ enter the authentication URL, such as http://<host>:<port>/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/?spnego=disabled.

Web App Guidelines
Keep in mind the following guidelines for the back-end access URL:
  • The following format does not work for all Web application types (such as hybrid or native) that use the Backend Rewrite URL method for a root path ("/") back end:https://<host>:<port>/<applicationId>

    For example: https://cnpvglwssc856.test.corp.sap:8081/web.basic_basic

  • The following format works for all Web application methods: https://<host>:<port>/<applicationId>?X-SMP-APPID=<applicationId>

    For example: https://cnpvglwssc856.test.corp.sap:8081/web.basic_basic?X-SMP-APPID=web.basic_basic

Web App with x.509 Sample
Use the following information to configure a Web application using x.509 authentication.
  1. Define a Web application; for example, using the name: web_x509.

  2. Configure the Backend tab.
    • Endpoint ‒ enter <Your mutual HTTPS back-end URL>.

    • Certificate alias ‒ enter <Your certificate private key alias>.

    • SSO Mechanism ‒ select X.509.

  3. Configure the Authentication tab. Create a security profile using the Authentication Provider: x.509 User Certificate.

  4. To test, access the Web type application using a browser, for example: https://<host>:<port>/web_x509.

Web App with SAML (Basic) Sample
Use the following information to configure a Web application using SAML security. Technical User (Basic) is used in the sample, but you can use other SAML security types.
  1. Define a Web application; for example, using the name: saml2.app.basic.

  2. Configure the Backend tab.
    • Endpoint ‒ enter the back-end address URL, using the application ID.

    • SSO Mechanism ‒ select Technical User (Basic).

  3. Configure the Authentication tab. Create a security profile using the Authentication Provider: SAML2, and enter your Identify Provider Name in the General tab. Contact your administrator to obtain the Identity Provider Name.

  4. To test, access the Web type application using a browser, for example: https://<host>:<port>/saml2.app.basic.

Web App with Back-end Rewrite URL Sample
If you elect to rewrite the URL to the back-end system, follow the steps in Create a Web Application above, with these differences in Backend:
  • Rewrite Mode ‒ select "Rewrite URL in Backend System".

  • URL ‒ modify the URL as follows: https://<host>:<port>/<backend_rewrite_path>?X-SMP-APPID=<applicationId>.

Web App with Relay Server Samples
When configuring Web applications for a landscape that implements Relay Servers, you must modify the back-end URL:
  • Linux Relay Server ‒ https://<RelayServerHost>:<RelayServerPort>/<URL_Suffix>/<farmid>/<applicationId>

    For example: https://cnpvgllssc1093.test.corp.sap:18081/cli/iarelayserver/SMP3RHFarmHTTPS/web.basic_basic

  • Windows Relay Server ‒ https://<RelayServerHost>:<RelayServerPort>/<URL_Suffix>/<farmid>/<applicationId>

    For example: https://cnpvglwssc1060.test.corp.sap:1081/rs16.5/client/rs.dll/SMP3WINFarmHTTPS/web.basic_basic