Configure SAP Mobile Platform to allow certificate-based authentication when there is a reverse proxy handling client requests at the network edge, and the SSL is terminated before reaching SAP Mobile Platform Server.
The user's certificate arrives at SAP Mobile Platform Server in a SSL_CLIENT_CERT HTTP header, and you must configure SAP Mobile Platform to trust the header during authentication. Trust is established by requiring a mutual certificate authentication between the reverse proxy and SAP Mobile Platform, where the reverse proxy has a technical user certificate signed by a CA in the SAP Mobile Platform truststore.
You must then ensure that the technical user is in the Impersonator role. Once these requirements are met, SAP Mobile Platform processes the SSL_CLIENT_CERT header and trust that certificate.
<DefaultMapping> <LogicalName>Impersonator</LogicalName> <MappedName>Impersonator</MappedName> <MappedName>user:EMAILADDRESSemail@example.com, CN=reverse_proxy_user,OU=SMP, O=SAPAG, ST=CA, C=US</MappedName> </DefaultMapping>