SAP Single Sign-on and DOE-C Package Overview

Understand how DOE-C packages fit in the SAP Mobile Platform landscape, including how to secure communication paths and enable single sign-on (SSO) for these packages.

DOE-C is the connector from SAP Mobile Server to SAP NetWeaver Mobile, which contains the DOE. SAP Mobile WorkSpace is not used to create MBOs, generate code, create applications, or for deployment. Instead, in DOE-based mobile applications that run in the SAP Mobile Platform environment:

NetWeaver Mobile handles the data modeling for DOE-C connections.
Field mappings, connection information, and other application- and package-specific information is defined in the ESDMA, for example the SAP CRM ESDMA, which is deployed to SAP Mobile Server, and automatically converted into an SAP Mobile Platform package by the ESDMA converter.
DOE-C packages are message-based – NetWeaver Mobile is message-based, and performs queue handling, data caching, and is push-enabled to push data changes out to mobile devices through SAP Mobile Server.

SAP Mobile Server works as a pass-through gateway in the DOE/DOE-C configuration.

SAP Mobile Server Gateway in the DOE/DOE-C Configuration

A DOE-C client application registers with SAP Mobile Server and subscribes to message channels. SAP Mobile Server remembers the push notification information/deviceID/applicationID from the client, but forwards the subscription to DOE through the DOE-C connection (HTTP(S)) to the DOE. When the client performs an operation, that operation flows through SAP Mobile Server via this same connection to the DOE.
In an SSO configuration, the client provides credentials to SAP Mobile Server (user name and password or X.509 user certificate) that are authenticated by the security configuration's authentication module ( CertificateAuthenticationLoginModule for X.509 or HttpAuthenticationLoginModule for SSO2). Once authenticated by SAP Mobile Server, and assuming that SAP Mobile Server and the SAP Server have a secure communication path, SSO is enabled.
When application data changes in the SAP EIS and the DOE determines that a particular client has a subscription to that change, DOE connects to the SAP Mobile Server HTTP(S) port and sends a message identifying the client, along with the message payload. SAP Mobile Server looks up the client and queues a message. If the client is connected, the message is delivered immediately. If the client is offline, then SAP Mobile Server attempts to send a push notification to the client (BES HTTP Push for Blackberry, APNS notification for iOS) to attempt to wake up the client and have it retrieve the messages.
WindowsMobile does not have a separate push notification protocol, so SAP Mobile Server waits for those clients to connect and retrieve their messages.

Enabling the DOE-C Connection
Configure the SAP® Data Orchestration Engine Connector (DOE-C) connection pool between SAP Mobile Server and the SAP EIS. This is the port on which SAP Mobile Server communicates with the DOE, including forwarding subscriptions and allowing client operations to flow through to the DOE.
Deploying and Configuring DOE-C Packages
Unlike Hybrid App or MBO packages that use SAP Control Center to deploy packages to SAP Mobile Server, you must deploy the DOE-C package to specific domain using the DOE-C command line utility (CLU). Once deployed, the DOE-C package is visible and manageable from SAP Control Center.

Parent topic: Single Sign-on for SAP

Related concepts

Enabling Single Sign-on for DOE-C Packages

Single Sign-on Authentication