The SAP Mobile Platform Server OData Proxy service supports the use of one or more single sign-on (SSO) mechanisms.
In single sign-on implementations, clients log in to SAP Mobile Platform Server; the server then uses the authentication providers that you configure in the security profile to authenticate the clients to back-end systems.
|Basic||Connects to the back end with the end user's user name and password. The provider that is configured in the security profile must authenticate the end user with a user name and password, for example, HTTP/HTTPS Authentication, Directory Service (LDAP/AD), or System Login (Admin Only)|
|Kerberos||Enter the Kerberos realm and the service name. Connects to the back end
by setting the Kerberos token value in the Authorization: Negotiate
<Kerberos token value> header. Configure
the back end to authenticate users with Kerberos.
You can use this mechanism only if the Kerberos provider is configured in the security profile. The server obtains a Kerberos access token for the specified realm and service name. The realm contains the back-end resources to which you want to provide SSO access.
Note The service user who is configured in the security profile must also be configured in Active Directory with permission to delegate to the application-endpoint service.
|SSO2||Authenticates the user to the back end using a MYSAPSSO2 token.
You can use this mechanism only if an HTTP/HTTPS Authentication provider is configured in the security profile, and it authenticates the end user to SAP Mobile Platform Server against a Web server that returns a MYSAPSSO2 token.
|Technical User Basic (TechUserBasic)||Enter the user name and password for the technical user. Connects to
the back end using these credentials.
You can use this SSO mechanism with any authentication-provider configuration in the security profile.
|Technical User X.509 (TechUserX509)||Connects to the back end using the configured technical-user X.509
You can use this mechanism with any authentication-provider configuration in the security profile.
|X.509||Connects to the back end using the configured technical user's X.509
certificate. The end-user certificate is passed in the SSL_CLIENT_CERT HTTP
header. Configure the back end:
Refer to your back-end system documentation for more information.
|Custom||Sends configured headers/cookies with values derived from a regular
expression. This is a generic mechanism to pass SSO details that are not
covered by other explicit mechanisms. Select Custom,