Principal Propagation Configuration Properties

Provider Description

None

Differentiate between multiple instances of the same provider type; for example, when you have multiple authentication providers of the same type stacked in a security profile, and each targets a different repository.

CA Signing Certificate Alias

None

An alias in the system keystore that corresponds to the CA signing certificate and private key to sign the dynamically generated certificate for the authenticated user.

Subject Pattern

CN=${name}

Pattern for the generated subject distinguished name. If you specify the variable ${name}, the authenticated principal name is substituted for it.

Certificate Validity Period

10

The number of minutes the generated certificate is valid. After the validity period, a new certificate is generated for SSO to the back end. Performance declines if you set this value too low.

Clock Skew Tolerance

10

Number of additional minutes a certificate remains valid. Compensates for differences in time between the machine on which SAP Mobile Platform Server is running and the back-end machine that receives the certificate generated by the Principal Propagation credential.

By default, a generated certificate is valid for 10 minutes. If the clock skew tolerance is 10, a generated certificate is valid for an additional 10 minutes in both directions. For example, if the time on the server clock is 12:00, the certificate is valid between 11:50 and 12:20. If the time on the receiving server is within 10 minutes of the time on the sending server, it receives a valid certificate; if the time on the receiving server is more than 10 minutes behind, or more than 20 minutes ahead of, the time on the sending server, it receives an invalid certificate.