Preconfigured User Authentication Properties

The PreConfiguredUserLoginModule authenticates the SAP Mobile Platform Administrator user whose credentials are specified during installations.

This login module is recommended only to give the Platform administrator access to SAP Control Center so it can be configured for production use. Administrators are expected to replace this login module immediately upon logging in for the first time.For details on how to setup administrator authentication in a production deployment, see Enabling Authentication and RBAC for Administrator Logins in the Security guide.

The PreConfiguredUserLoginModule:
  • Provides role based authorization by configuring the provider com.sybase.security.core.RoleCheckAuthorizer in conjunction with this authentication provider.
  • Authenticates the user by comparing the specified user name and password against the configured user. Upon successful authentication, the configured roles are added as Principals to the Subject.
PreConfiguredUserLoginModule properties
Property Description
User name A valid user name. Do not use any of these restricted special characters: , = : ' " * ? &.
Password The encoded password hash value.
Roles Comma separated list of roles granted to the authenticated user for role-based authorization. Platform roles include SUP Administrator, SUP Domain Administrator, and SUP Helpdesk.

Roles are mandatory for "admin" security configuration. For example, if you define SUP Administrator to this property, the login ID in the created login module has Platform administrator privileges.

The SUP Helpdesk role has the fewest privileges. If multiple roles are defined for this property, a role with more privileges (SUP Administrator or SUP Domain Administrator) is used for authorizing users.

Note: If you use other values, ensure you map SAP Mobile Platform roles to the one you define here.
providerDescription

(Optional). When enabled, allows the administrator to associate a description with the provider instance.

Using a provider description makes it easier to differentiate between multiple instances of the same provider type: for example, when you have multiple login modules of the same type stacked in a security configuration, each targeting a different repository.