Creating and Assigning a Security Configuration That Uses SSO2 Tokens

Create a new security configuration, assign the HttpAuthenticationLoginModule authentication provider to it, and assign the security configuration to an Unwired Server domain or package.

1. Create the new security configuration:
   1. From Sybase Control Center, select Security.
   2. Select the General tab, click New, and enter a name for the new security configuration, for example, SAPSSOSECADMIN. Click OK.
2. Configure the new security configuration:
   1. Select the SAPSSOSECADMIN security configuration.
   2. Select the Authentication tab.
   3. Click New and select HttpAuthenticationLoginModule as the authentication provider. Set the SAP server URL, the SSO cookie name (typically set to MYSAPSSO2), and other properties as appropriate for the connection.
3. Select the General tab, and click Validate to confirm that Unwired Server accepts the new security configuration.
   A message indicating the success of the validation appears above the menu bar.
4. Click Apply to save changes to the security configuration, and apply them across Unwired Server.
5. Assign the SAPSSOSECADMIN security configuration to the domain to which SSO packages are being deployed.
   1. Click Domains > DomainName > Security .
   2. Click Assign.
   3. Select SAPSSOSECADMIN and click OK.
6. If any other security configurations have been assigned to this SSO domain, Sybase suggests that you unassign them.
   However, many deployments of Unwired Platform do mix SSO and non-SSO MBOs or operations in the same package. There are certain operations that are not sensitive and do not require the overhead of setting up the SSO connection to the backend. Some packages may even perform DCNs, and the DCN user would not be part of the SSO-enabled login module. If you do authenticate a user against a non-SSO login module and then attempt to perform an SSO-enabled operation, then the credentials are sent to the backend, which may not be desired.