Known Issues for Security

SAP Mobile Server restart is needed after changing truststore or keystore.

Workaround: If you change anything relating to keys or certificates in the truststore or keystore, you must always restart the server. Changes only take effect after a server restart.

A user with the "SUP Helpdesk" role can execute all DOE-C package operations using the command line utility, including modify operations such as deploying DOE-C packages or setting DOE-C endpoint properties.

Help desk operators should not be able to perform modify operations.

Workaround: Prevent direct or remote access to SAP Mobile Server for users with the "SUP Helpdesk" role.

External authentication token is not properly handled by iOS Hybrid Web Container (HWC).

Workaround: For an external token to be passed to and used by iOS Hybrid Web Container for performing single sign-on (SSO), make the call to setHttpHeaders before starting the client engine by placing [self setHttpHeaders] in the first line in the startEngine function. See Setting HTTP Headers in Developer Guide: Hybrid App Packages.