For certificate based SSO authentication, due to the restriction from handling certificates in pure JavaScript, a native counterpart on the device must be interfaced, such as the Hybrid Web Container, using its existing Certificate.js.
In this sample script, a Datajs custom HTTP client is used to encapsulate the client certificate component of certificate based SSO. You can provision signed certificate from a local file, a server, or from Afaria, based on the device platform, using the existing Certificate API. You can choose to set the results of the API call as the password.
/**
* SAP Hybrid App version 2.2
*
* Datajs.Certificate.js
* This file will not be regenerated, and it is expected that the user may want to
* include customized code herein.
*
* The template used to create this file was compiled on Mon Aug 23 16:43:02 CST 2012
*
* Copyright (c) 2012 SAP Inc. All rights reserved.
*/
// Capture datajs' current http client object.
var oldClient = OData.defaultHttpClient;
var cert_username = "";
var cert_password = "";
// Creates new client object that will attempt to handle Certificate authentication.
var certClient = {
request: function (request, success, error) {
if (request.requestUri.substr(0, 8) === "https://")
{
if (request.password != undefined)
{
// The following script gets the signed certificate data for the first
// p12 file found on the sdcard
var certStore = CertificateStore.getDefault();
var certPaths = certStore.listAvailableCertificatesFromFileSystem("/sdcard/", "p12");
var cert = certStore.getSignedCertificateFromFile(certPaths[0], request.password);
var cert_username = cert.subjectCN;
var cert_password = cert.signedCertificate;
// Redo the OData request for the protected resource
var newRequest = {
headers : request.headers,
requestUri : request.requestUri,
method : request.method,
user : cert_username,
password : cert_password
};
// Call back into the original http client.
return oldClient.request(newRequest, success, error);
}
}
return oldClient.request(request, success, error);
}
};
// Can either pass certClient explicitly, or set it globally for the page as the default:
OData.defaultHttpClient = certClient;
When sending a forwarded client certificate through an intermediary, set the value to “SSL_CLIENT_CERT” in the XHR’s HTTP request header, as shown in this example:
/**
* SAP Hybrid App version 2.2
*
* Datajs.Certificate.js
* This file will not be regenerated, and it is expected that the user may want to
* include customized code herein.
*
* The template used to create this file was compiled on Mon Aug 23 16:43:02 CST 2012
*
* Copyright (c) 2012 SAP Inc. All rights reserved.
*/
// Capture datajs' current http client object.
var oldClient = OData.defaultHttpClient;
// Creates new client object that will attempt to handle Certificate authentication.
var certClient = {
request: function (request, success, error) {
if (request.requestUri.substr(0, 8) === "https://")
{
if (request.user != undefined && request.password != undefined)
{
// The following script gets the signed certificate data for the first
// p12 file found on the sdcard
var certStore = CertificateStore.getDefault();
var certPaths = certStore.listAvailableCertificatesFromFileSystem("/sdcard/","p12");
var cert = certStore.getSignedCertificateFromFile(certPaths [0] , request.password);
// Append existing headers.
var newHeaders = [];
if (request.headers) {
for (name in request.headers) {
newHeaders[name] = request.headers[name];
}
}
//
newHeaders["SSL_CLIENT_CERT"] = cert.signedCertificate;
// Redo the OData request for the protected resource
var newRequest = {
headers : newHeaders,
requestUri : request.requestUri,
method : request.method,
user : request.user,
password : request.password
};
// Call back into the original http client.
return oldClient.request(newRequest, success, error);
}
}
return oldClient.request(request, success, error);
}
};
// Can either pass certClient explicitly, or set it globally for the page as the default:
OData.defaultHttpClient = certClient;