Security

This release includes enhancements that increase security for OData clients in specific landscapes, enable you to integrate your existing security landscape with Unwired Platform, implement role-based automatic on-boarding, and control data change notification (DCN) authentication and authorization. Anonymous login capability provides underlying support.

Security Administration Enhancements

  • SiteMinder client authentication – has been added for OData clients. This enables client-side SSO (token) based authentication for specific landscape scenarios.

    Documented in: Security, see SiteMinder Authentication with Sybase Unwired Platform

  • Security API – provides an extensible model for integrating Sybase Unwired Platform with your existing security landscape. Common Security Infrastructure (CSI) login modules conform with Java Authentication and Authorization Service, and enable Sybase Unwired Platform to integrate with a custom provider (for example, user mapping).

    Documented in: Developer Guide: Unwired Server Runtime, see Security API

  • Read-only administrative access – a new default SUP role has been added—SUP Helpdesk— which provides read-only access from the administration interfaces (SCC UI and Public Admin APIs).

    Documented in:Sybase Control Center for Sybase Unwired Platform, see SUP Help Desk

  • Data change notification (DCN) authentication and authorization change – the HttpAuthDCNServlet method now either uses the security configuration name provided with the user name to authenticate, or uses the following:
    • For Hybrid App DCN, the value of the requested "security" parameter authenticates and authorizes the user.
    • For regular DCN, the security configuration assigned to package authenticates and authorizes the user.

    Previously, the "admin" security profile was used when the user name did not include the security configuration name.

    For example, if the user name includes the "admin" security configuration, and the administrator wants to push all packages and users through HttpAuthDCNServlet, the administrator can reuse the existing code without any changes by ensuring the user names include the @admin suffix. If no security configuration is specified for the user name, the package security configuration (or the "security" parameter in Hybrid App DCN) authenticates and authorizes the user.

    Documented in: Security, see Adding a PreconfiguredUserLoginModule for HTTP Basic Authentication

Anonymous User Support

This release supports anonymous access, that is, one without an authentication or authorization requirement. The system administrator selects a predefined "Allow Anyone" role, which, once assigned to an application, enables access to the application without requiring or validating credentials. Application clients indicate when they are requesting anonymous login, which is specified via a flag in the connection API. Internally, the client runtime and server facilitate the rest of the interaction using SAP Passport.

Documented in:
  • Sybase Control Center for Sybase Unwired Platform, see:
    • Security Configurations
    • Anonymous Access Security Configuration
    • Setting Anonymous Access for Applications
  • Security, see Role Mapping (roles-map.xml) Configuration File
Parent topic: New Platform Features