Show TOC

Accessing Integration Gateway from an ApplicationLocate this document in the navigation structure

Use the Correct Security Profile

The security profile that an application must use depends on the way the application accesses Integration Gateway.

Without onboarding the application to SAP Mobile Platform:
  • The application must use a security profile that is named the same as the Integration Gateway's namespace. See Creating and Configuring Security Profiles in Administrator.
  • You must create a security profile with the name Catalog to access the catalog service. In this case, security profile at namespace level is required to access the service document of the services that are part of the Catalog Service.

    You can get the namespace of the registered OData services from the Gateway Management Cockpit.

    Note If you want to test Integration Gateway functionality before setting up anything else, the case-sensitive name of the security profile should match the namespace of the OData service. After that initial testing is completed, this is not necessary, but you must enable the internal option in Management Cockpit See Defining Back-End Connections in Administration.

    See Creating and Configuring Security Profiles in Start of the navigation path  SAP Mobile Platform 3.0 Next navigation step  SAP Mobile Platform Server Next navigation step  Administrator Next navigation step  Application Administrator Next navigation step  Managing and Monitoring Applications Next navigation step  Managing Security Profiles End of the navigation path.

For onboarded applications (SAP Mobile Platform applications that have an endpoint using the Integration Gateway service as back-end URL, with the internal option enabled), the application uses the security profile assigned to it in Management Cockpit.

Define Back-End Connections for Integration Gateway
When you use Management Cockpit to define a back-end connection for the application that will use Integration Gateway, these two settings are critical:
  • Endpoint – must be set to the document destination you assigned to the Integration Gateway service in Gateway Management Cockpit.
  • Internal – must be checked.

See Defining a Back-End Connection in Administrator.

Meet Additional Back-end Requirements for CSI Authentication
When using Common Security Infrastructure (CSI) authentication, the back-end server may have additional requirements, based on the type of CSI authentication used:
  • When using certificate-based authentication (requiring a client certificate), define the destination using CSI authentication, and specify a certificate alias that exists in the smp_keystore.jks file as the technical user. This certificate is used to connect to the back end when searching for or registering services.
  • When using basic authentication, or CSI authentication based on MYSAPSSO2 cookies:
    1. First define the destination using basic authentication, which allows the technical user provided to connect to the back-end server when searching for or registering services.
    2. After registering services, change the destination to use CSI authentication.