System Login (Admin Only) Configuration Properties

The System Login (Admin Only) provider is configured by the installer with the initial administrator credentials only to give platform administrator access to Management Cockpit so that SAP Mobile Platform Server can be configured for production use. Administrators are expected to replace this provider immediately upon logging in for the first time. SAP encourages you to avoid using this provider in production environments.

Description

This provider is recommended only to give the platform administrator access to Management Cockpit so it can be configured for production use. Administrators are expected to replace this provider immediately upon logging in for the first time.

The System Login (Admin Only) provider:

Provides role-based authorization by configuring the provider com.sap.security.core.RoleCheckAuthorizer with this authentication provider.
Authenticates the user by comparing the specified user name and password against the configured user. Upon successful authentication, the configured roles are added as principals to the subject.

Properties

Table 1: System Login (Admin Only) Properties
Property	Default Value	Description
Control Flag	Optional	Indicates how the security provider is used in the login sequence. Optional – the authentication provider is not required, and authentication proceeds down the authentication provider list, regardless of success or failure. Sufficient – the authentication provider is not required, and subsequent behavior depends on whether authentication succeeds or fails. Required – the authentication provider is required, and authentication proceeds down the authentication provider list. Requisite – the authentication provider is required, and subsequent behavior depends on whether authentication succeeds or fails.
Description	None	(Optional) Describe the provider. Use a description to differentiate between multiple instances of the same provider type; for example, when you have multiple authentication providers of the same type stacked in a security profile, and each targets a different repository.
Username	None	A valid user name used to authenticate. Do not use any of these restricted special characters: `, = : ' " * ? &`.
Password	None	The password for the configured user.
Roles	None	Comma-separated list of roles that are granted to the authenticated user for role-based authorization. Administrator – role required for using Management Cockpit with administrator privileges. If you assign Administrator to this property, the login ID in the created provider has administrator privileges. Helpdesk – role required for using Management Cockpit with read-only privileges. Notification– notification users interact with SAP Mobile Platform to enable and configure push notifications. Impersonator – used when configuring a reverse proxy, in the case of client (or mutual) certificate authentication. The reverse proxy needs to be granted the Impersonator role to be able to impersonate the end user (for example, to propagate the end-user certificate via SSL_CLIENT_HEADER). If multiple roles are defined for this property, the role with more privileges (Administrator) is used to authorize users. Note If you use other values, ensure you map SAP Mobile Platform roles to the one you define here.