Show TOC

SAPSSO2 Generator PropertiesLocate this document in the navigation structure

SAPSSO2 Generator enables single sign-on (SSO) access to back-end resources. Before you can establish SSO connections, an authentication provider must first authenticate the client.

Configure SAPSSO2 Generator by:
  • Importing a certificate using the Management Cockpit certificates management feature, and
  • Specifying appropriate values for the properties below.
Table 1: SAPSSO2 General Configuration Properties
Property Default Value Description
Provider Description None Optional description of the provider.
Issuer SID None System ID of the certificate issuer; must be trusted by the back-end system.
Issuer Client None Client ID of the certificate issuer; must be trusted by the back-end system.
Recipient SID None Back-end system ID.
Recipient Client None Client ID of the back-end system.
Certificate Alias None The certificate alias name for the certificate that is used to access back-end systems. The certificate must be encrypted using DSA (Digital Signature Algorithm).
Table 2: SAPSSO2 Advanced Properties
Property Default Value Description
Credential Name None The name of the credential that provides the SAPSSO2 token upon successful authentication.
SSO2 Token Validity Period 10 The number of minutes the SSO2 token is valid. After the validity period, a new token is generated. Performance declines if you set this value too low
Clock Skew Tolerance 10 Number of additional minutes a token remains valid. Compensates for differences in time between the machine on which SAP Mobile Platform Server is running and the back-end machine that receives the token. By default, a generated token is valid for 10 minutes. If the clock skew tolerance is 10, a token is valid for an additional 10 minutes in both directions. For example, if the time on the server clock is 12:00, the token is valid between 11:50 and 12:20. If the time on the receiving server is within 10 minutes of the time on the sending server, it receives a valid token.

To validate your settings, click Test Settings. A message reports either success or failure; if validation fails, invalid settings are highlighted.