Show TOC

Anonymous Access ApplicationsLocate this document in the navigation structure

Applications that do not require tight security can use anonymous access. You can run anonymous access applications without entering credentials.

When anonymous connections are enabled in Management Cockpit, the application user can run the application without entering a user name and password or a combination of authorization code and password. However, back-end systems require log-on credentials to access data, from both read-only users and back-end users with specific roles.

Note If you configure the No Authentication Challenge authentication provider in a security profile to which you have assigned client applications that you intend to run anonymously, your anonymous applications fail. SAP Mobile Platform Server authenticates the user even though the user presented no valid credentials. The server then attempts to connect to a back-end system assuming there is an authenticated client, and tries to use SSO credentials for the back end. However, these credentials are absent, and the back-end connection fails.

SAP also supports an "anonymous optional" scenario, in which an anonymous application may provide a limited set of functionality to anonymous users. A user who chooses to authenticate may have access to more functionality (for example, real user credentials which are propagated via SSO to the back end and allows more access).

Note When an endpoint is configured with the "Allow Anonymous" attribute, and technical user credentials are provided, clients can use the endpoint anonymously. Even though the business content SAP Mobile Platform accesses through the endpoint may be deemed nonsensitive and not require a high degree of security, the technical user may have access to other parts of the back-end system that are sensitive. Because of this, the technical user's credentials must be protected. Always use an HTTPS connection to the back-end system to protect the technical user's credentials from being compromised as they are passed over the network.