Verify that the SAP back end is configured correctly to accept SSO
connections from SAP Mobile Platform Server.
- Set all parameters for the type of credentials accepted by the server:
- Technical User
- Basic (user name and password)
- X.509 certificate – set up, import, and verify
certificates using the Trust Manager (transaction STRUST).
- SSO2 token
- Custom cookies/headers
- Principal Propagation
- Use the ICM configuration utility to enable the ICM HTTPS
- Set the type of authentication to enable
- Server authentication only – the server expects the
client to authenticate itself using basic authentication, not SSL
- Client authentication only – the server requires the
client to send authentication information using SSL certificates. The
ABAP stack supports both options. Configure the server to use SSL with
client authentication by setting the ICM/HTTPS/verify_client parameter:
- 0 – do not use certificates.
- 1 – allow certificates (default).
- 2 – require certificates.
- Use the Trust Manager (transaction STRUST) for each PSE (SSL
server PSE and SSL client PSE) to make the server's digitally signed public-key
certificates available. Use a public key-infrastructure (PKI) to get the
certificates signed and into the SAP system.
see SAP Trust Manager at http://help.sap.com/saphelp_aii710/helpdata/en/0e/fb993af7700577e10000000a11402f/frameset.htm
- To enable secure communication, SAP Mobile Platform Server and the SAP server that it communicates with must
exchange valid CA X.509 certificates. Deploy these certificates, which are used
during the SSL handshake with the SAP server, into the SAP Mobile Platform Server keystore.
- The user identification (distinguished name), specified in the
certificate must map to a valid user ID in the AS ABAP, which is maintained by
the transaction SM30 using table view (VUSREXTID).
See Configuring the
AS ABAP for Supporting SSL at http://help.sap.com/saphelp_aii710/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm