SAP Mobile Platform uses standard HTTPS protocol to integrate into your existing security landscape.
SAP Mobile Platform provides seamless end-to-end authentication and security policy integration across the platform without proxies or intermediary configurations. SAP Mobile Platform Server allows you to configure end-to-end authentication from the client to the back end without a VPN. The server uses the standard HTTPS protocol to integrate into your existing security landscape without disruption.
Secure Network Communications
SAP Mobile Platform secures all network communications across the enterprise by using HTTPS for all communications.
On the server side, SAP Mobile Platform Server uses <SMP_HOME>\Server\configuration\smp_keystore.jks as its Java keystore for the server certificate and as the truststore for CA certificates. The X.509 User Certificate authentication provider verifies that the certificate from the client is within its validity date and is signed by a trusted CA from this keystore. You may optionally configure OCSP or CRL checking for certificate revocations.
On the client side, the server certificate is validated (within its validity dates). The CN of the server’s subject must match to the host.domain from the HTTPS request, and must be signed by a CA that is in the truststore for the device. SAP Mobile Platform does not support certificate revocation checking on the clients, SAP client applications overriding these certificate checks, or users optionally trusting a certificate that has failed these checks.
The SAP Mobile Platform keystore may also contain user certificates used to authenticate to back-end systems. HTTPS connections to back-end systems go through the same standard validations on their server certificates.
Common Security Infrastructure
Authentication Mechanisms
In SAP Mobile Platform, supported authentication mechanisms include basic authentication, SSO (including SiteMinder), and X.509 certificates. The following figure illustrates how data flows from the device to the back end using common SAP Mobile Platform security constructs, for example SiteMinder, SAP SSO2 tokens, and the HTTP/HTTPS authentication provider.
SAP Mobile Platform Security Authentication Mechanisms and Data Flow
Communication Process
SAP Mobile Platform Security Communication Process