Show TOC

Defining Back-End ConnectionsLocate this document in the navigation structure

For the selected application, define its back-end connections. Mobile platform supports one primary endpoint per application ID. However, an administrator can create multiple secondary endpoints for services used by the application; Mobile platform treats secondary endpoints as proxy connections. For applications that access a Web service containing relative URLs, add the relative paths to enable the server to handle requests correctly.


  1. In Management Cockpit, select Applications.
  2. Select an application, then select Back End.
  3. Enter values for the selected application:
    Field Value
    The URL the application uses to access business data on the back-end system or service. This can be a back-end connection, or a service document. Typical format:
    For a service, the service document URL is the document destination you assigned to the service in gateway. Include a trailing forward slash to avoid triggering a redirection of the URL, and losing important HTTP header details. This is especially important when configuring the application with security, such as SSOToken and Certificates, and when Rewrite URL in SMP or Rewrite URL in Backend System is selected for Rewrite Mode.
    Note If you select to rewrite the URL, it must not include a reserved pattern. See Endpoint Reserved Patterns.

    See URL Rewrite Modes.

    Internal Whitelist a service that you create in the mobile platform. If you define an endpoint as internal, the host name and port of the back-end URL are ignored, and incoming requests are forwarded to internal services in-process, without another HTTP call to localhost. An example of an internal service is Integration Gateway.
    Use System Proxy (Optional) Whether to use proxy settings as configured in the system properties to access the back-end system. This setting is typically disabled, because most back-end systems can be accessed within an intranet without a proxy. Enable this setting only when proxy settings are needed to access a remote back-end system outside of the network. When enabled, this particular connection is routed via the settings in the system properties.
    Allow Anonymous Access

    (Optional) Whether to enable anonymous access, which means the user can access the application without entering a user name and password. However, the back-end system still requires login credentials for data access, whether it is a read-only user, or a back-end user who is assigned specific roles.

    • If enabled and the back end requires it, enter the login credentials to access the back-end system:
      • User name – the user name for the back-end system.
      • Password – (required if you enter a user name) the password for the back-end system.
    • If disabled (the default) or the back end does not require it, you need not provide these credentials.

    Note If you use Allow Anonymous Access for a native OData application, do not also assign the No Authentication Challenge security profile to the application; anonymous OData requests are not sent, and Status code: 401 is reported.
    Maximum Connections The number of back-end connections that are available for connection pooling for this application. The larger the pool, the larger the number of possible parallel connections to this specific connection. For primary endpoints, the default and minimum is 500 connections. Factors to consider when resetting this property:
    • The expected number of concurrent users of the application.
    • The load that is acceptable to the back-end system.
    • The load that the underlying hardware and network can handle.
    Increase the maximum number of connections only if SAP Mobile Platform Server hardware can support the additional parallel connections, and if the underlying hardware and network infrastructure can handle it.

    To disable connection pooling, set this value to 0. Disable connection pooling only if the back-end system does not support pooled connections as disabling connection pooling may have a negative impact on processing times.

    Note For secondary endpoints, there is no required minimum.
    Certificate Alias Optional if the Endpoint URL begins with HTTPS.

    If the back-end system has a mutual SSL authentication requirement, enter the certificate alias name of the private key and technical user certificate that is used to access the back-end system. The alias is located in smp_keystore; otherwise, leave the entry blank.

    Rewrite Mode Select one of:
    • Rewrite URL in SMP – in request and response messages, server replaces all back-end URLs with the server URL.
    • Rewrite URL in Backend System – the back end rewrites the URLs. The server forwards its host name and port to the back end as an HTTP header, and the back end creates the URL to retrieve back-end entities.

      Select Via HCP App to use the x-forwarded-for header value; or leave it unselected to use the default host header.

    • No Rewriting – request and response messages are not modified; server passes messages directly between clients and the back end.

    See URL Rewrite Modes.

    Relative Path

    If an application requires data from a back end that uses relative URLs, you must configure those relative URL patterns in Management Cockpit. Server rewrites the relative URLs to include the Connection ID (connection name), enabling access to the back-end data. For example, a Web service application requests an HTML page named abc.html, which contains the relative URLs /sap/bc and /sap/public/bc in its src or href tags.

    When a request is made, server rewrites the relative URLs contained in the response, so that subsequent requests (to these relative URLs in the response) can be processed correctly. For example, if "webApp" is the connection name and the response contains the relative URLs /sap/bc,/sap/public/bc; mobile platform rewrites these relative URLS to /webApp/sap/bc,/webApp/sap/public/bc. Without the relative URLs, the request cannot be processed.

    To add relative paths, you can either enter one relative URL per table row (for example, /sap/bc in one row, and /sap/public/bc in another); or you can enter a comma-delimited list of relative URLs in one table row (for example, /sap/bc,/sap/public/bc), and the URLs are redistributed to separate rows after you Save.
    Note To use the Relative Path option, you must select Rewrite URL in SMP option in Rewrite Mode.
    SSO Mechanisms You can add one or more SSO mechanisms, and prioritize them. The runtime calls the first SSO mechanism for which corresponding user credentials are available. Only one SSO mechanism is used per connection attempt. If the connection fails, the server invalidates the client session and requires reauthentication.
    • If Allow Anonymous Access is disabled, user name and password are required to access the application, and you must select an SSO Mechanism.
    • If Allow Anonymous Access is enabled, user name and password are not required to access the application, and selecting an SSO Mechanism is optional.

    Click Add, select an SSO mechanism, and enter property values if required.

    To set the order in which multiple SSO mechanisms are used, click the up or down arrow adjacent to the name.

    See Single Sign-On Mechanisms.

    Back-End Connections
    To add a secondary back-end connection for the application, click New, and enter:
    • Connection Name – name for the endpoint.
    • Endpoint – URL of the back-end system or service.

    For each back-end connection, select or unselect Enabled for Application.

  4. Click Save. The new back-end connection is added to the list.
    Note To delete a saved connection, select Start of the navigation path Settings Next navigation step Connections End of the navigation path.

    You can maintain the list of server-level back-end connections (including all the connections in SAP Mobile Platform Server), and of application-specific back-end connections. Application-specific back-end connections are the secondary connections that are enabled for an application; by default, no secondary connections are enabled. You must explicitly enable additional back-end connections for an application. Users who are registered to an application can access only these back-end connections. Users cannot access back-end connections (request-response) that are not enabled for an application.

  5. Select Application-Specific Connections to show the back-end connections that are enabled for the application.

    Select Server-Level Connections to show all available connections for the server. Use the checkbox to enable additional connections for the application.

    • You can authenticate multiple back ends using various authentication provider options in the back-end security profile.
    • If the back-end system issues a 302 Redirect or 307 Redirect response, which means it is redirecting the request to a different URL, then you must also add the target URL to the list of application-specific connections.