Propagating a Client's Credentials to the Back-end Data Source

Use client credentials (including certificates and SSO tokens on EIS types that support them) to establish enterprise information system (EIS) connections on the client's behalf for all data source types.

To use client credentials, map an EIS connection's user name and password properties to system-defined "user name" and "password" personalization keys respectively. This creates a new connection for each client and the connection is established for each request (no connection pooling.)
  1. During development of the mobile business object MBO/operation, from the data source definition page (available either in the Creation wizard or from the Properties view), in the Runtime Data Source Credential section (or HTTP Basic Authentication section for a Web Service, RESTful Web Service, or SOAP MBO), enter the client credentials in the User name and Password fields. The runtime data source credential values (user name and password) that SAP Mobile WorkSpace uses for refresh or preview operations is taken in this order:
    1. Any literal value entered in the User name and Password fields.
    2. User-defined personalization keys that have non-empty default values.
    3. System personalization keys 'user name' and 'password'.
    4. User name and password property values contained in the connection profile.
  2. During deployment of the package that contains such MBOs, map the design-time connection profiles to the existing or new server connections, but be aware that the user name and password portions for the selected server connection is replaced by the user name and password propagated from the device application.
    Note:
    • Do not set client credentials using the Runtime Data Source Credential option for MBO's that belong to a cache group that uses a Scheduled policy, since this is unsupported.
    • In general, a MBO operation that uses data source credential settings as connection properties cannot have these settings mapped to an enterprise information system (EIS) during deployment. Instead, they maintain their original settings, which you can map after deployment using SAP Control Center.
    • When you create a new security configuration that includes the SAPSSOTokenLoginModule, and deploy it to a new domain, if the Hybrid App uses the MBOs associated with the new security configuration, you must specify an SAP Mobile Server domain that corresponds to the domain using the security configuration. See Security for more information about security configurations