OData Security Matrix

Use one of the supported security configurations to secure your applications.

The below table provides a brief configuration procedure for the supported security configuration in Native OData applications. For more information, refer Administration in SAP Mobile Platform Server.

Security Configuration	Implemented Using	Security Provider	Configuration Steps (in brief)
Basic authentication with HTTP	OData SDK, Client Hub	HTTP/HTTPS Authentication	Set the back end credentials. Note: For anonymous user, set the back end to allow anonymous connections.
Basic authentication with HTTPS	OData SDK, Client Hub	HTTP/HTTPS Authentication	Set the back end credentials. Note: For anonymous user, set the back end to allow anonymous connections. Connect with HTTPS port. For example, 8081. Make sure the server certificate is installed in the device trust store. For iOS, use the iPhone Configuration Utility. For Android, install the certificate from the SD card.
Mutual authentication with HTTPS using a certificate	OData SDK, Afaria	X.509 User Certificate	Connect with HTTPS port. For example, 8082. Make sure the server certificate is installed in the device trust store. For iOS, use the iPhone Configuration Utility. For Android, install the certificate from the SD card. Ensure the client certificate is available on the device.
SiteMinder (non-network edge)	OData SDK	HTTP/HTTPS Authentication	Connect with SiteMinder backend using HTTPS.
SiteMinder network edge (reverse proxy)	OData SDK	Populate JAAS Subject From Client, HTTP/HTTPS Authentication	Create a security profile using Populate JAAS Subject From Client authentication provider. Create a security profile using HTTP/HTTPS Authentication authentication provider.
SSO2 token (HTTP and HTTPS)	OData SDK	HTTP/HTTPS Authentication	Create a new security profile and indicate the SSO cookie name in the security profile. Make sure the server certificate is installed in the device trust store. For iOS, use the iPhone Configuration Utility. For Android, install the certificate from the SD card.
Basic authentication with LDAP back end	OData SDK	Directory Service (LDAP/AD)	Create security profile.

Security Configuration

Implemented Using

Security Provider

Configuration Steps (in brief)

Basic authentication with HTTP

OData SDK, Client Hub

HTTP/HTTPS Authentication

Set the back end credentials.

Note: For anonymous user, set the back end to allow anonymous connections.

Basic authentication with HTTPS

OData SDK, Client Hub

HTTP/HTTPS Authentication

Set the back end credentials.
Note: For anonymous user, set the back end to allow anonymous connections.
Connect with HTTPS port. For example, 8081.
Make sure the server certificate is installed in the device trust store.
- For iOS, use the iPhone Configuration Utility.
- For Android, install the certificate from the SD card.

Mutual authentication with HTTPS using a certificate

OData SDK, Afaria

X.509 User Certificate

Connect with HTTPS port. For example, 8082.
Make sure the server certificate is installed in the device trust store.
- For iOS, use the iPhone Configuration Utility.
- For Android, install the certificate from the SD card.
Ensure the client certificate is available on the device.

SiteMinder (non-network edge)

OData SDK

HTTP/HTTPS Authentication

Connect with SiteMinder backend using HTTPS.

SiteMinder network edge (reverse proxy)

OData SDK

Populate JAAS Subject From Client, HTTP/HTTPS Authentication

Create a security profile using Populate JAAS Subject From Client authentication provider.
Create a security profile using HTTP/HTTPS Authentication authentication provider.

SSO2 token (HTTP and HTTPS)

OData SDK

HTTP/HTTPS Authentication

Create a new security profile and indicate the SSO cookie name in the security profile.
Make sure the server certificate is installed in the device trust store.
- For iOS, use the iPhone Configuration Utility.
- For Android, install the certificate from the SD card.

Basic authentication with LDAP back end

OData SDK

Directory Service (LDAP/AD)

Create security profile.