Initializing an Application

You must initialize each application the first time you start it, as well as each restart thereafter.

Create and Initialize the Client Connection

Create and initialize the SMPClientConnection class, which is part of the Core Services library. The SMPClientConnection class declares the programmatic interface for an object that manages the connection settings that are required to register the user, and fetch application settings from the server. You must initialize the SMPClientConnection object and set its connection properties on this object before you can perform any type of user registration or fetch any application settings from the server. Initialize the application using the following example code, which returns an instance of SMPClientConnection class.

SMPClientConnection* clientConn = [SMPClientConnection initializeWithAppID:@"NewFlight" domain:@"default"
secConfiguration:@"SSO"];
[clientConn setApplicationConnectionID:appConnID];
//The variable appConnID is nil the first time, but after the user is registered, the application connection ID needs to be set at every restart of the application.

Registering the User

Registers the user to the SAP Mobile Platform by sending username and password as part of request manager during ClientConnection initialization. The isSync specifies whether the registration is synchronous or asynchronous. If registration is asynchronous, implement and register SMPUserManagerDelegate to receive a callback.

Note: It is mandatory to register the user before requesting data from the server.

This setConnectionProfileWithHost is used for native applications that consist of host, port, farm ID, and relay server. The URL is constructed automatically by the OData framework in the format required by SAP Mobile Platform. This method is recommended method for initializing an application. To register the user using setConnectionProfileWithHost, use the following example code:

{   
SMPClientConnection* clientConn = [SMPClientConnection initializeWithAppID:<Application_ID> domain:<Domain_name>
secConfiguration:<security_configuration>];
[clientConn setConnectionProfileWithHost:@<IP> port:@<port> farm:nil relayServerUrlTemplate:nil enableHTTP:YES];
NSError* error = nil;
[SMPUserManager setDelegate:self];
SMPUserManager* userManager = [SMPUserManager initializeWithConnection:clientConn];
[userManager registerUser:@<username> password:@<password> error:&error isSyncFlag:NO];
//…
//…
}
-(void)userRegistrationSuccessful:(SMPUserManager*)userManager
{

}
-(void)userRegistrationFailed:(SMPUserManager*)userManager
{
// Error handling using the error object
NSLog(“%@”,error);
}

For all RESTful applications built on SAP Mobile Platform 2.2 and later, use setConnectionProfileWithUrl to register the user. The setConnectionProfileWithUrl is used for applications which specify a URL as its connection end point instead of host and port. To register the user using setConnectionProfileWithUrl, use the following example code:

{   
SMPClientConnection* clientConn = [SMPClientConnection initializeWithAppID:@"NewFlight" domain:@"default"
secConfiguration:@"SSO"];
[clientConn setConnectionProfileWithUrl:@<url>]; 
NSError* error = nil;
[SMPUserManager setDelegate:self];
[SMPUserManager setCaptchaChallengeDelegate:self];
SMPUserManager* userManager = [SMPUserManager initializeWithConnection:clientConn];
[userManager registerUser:@<username> password:@<password> error:&error isSyncFlag:NO];
//…
//…
}
-(void)userRegistrationSuccessful
{

}
-(void)userRegistrationFailed:(NSError*)error
{
// Error handling using the error object
NSLog(“%@”,error);
}   
-(NSString*)didReceiveCaptchaChallenge:(NSString*)base64ImageString
{  
   NSError* error = nil;
   [userManager registerUser:@<username> password:@<password> captchaText:@<captchatext> error:&error isSyncFlag:NO])
   return nil;
}

Enabling Network Edge for HTTP

In a network edge scenario, all requests through a reverse proxy (for example, Microsoft ARR) should be protected by the SiteMinder Policy Server. Network edge works only in asynchronous registration. In a SiteMinder scenario, the application should set the selector to receive an authentication challenge. To enable network edge for asynchronous registration, use the following example SiteMinder callback code:

[SMPUserManagersetDelegate:self];
 NSError *error = nil;
    
    l_clientconn = [SMPClientConnection initializeWithAppID:@"NewFlight" domain:@"default" secConfiguration:@"NetworkEdge"];
    
    [l_clientconn setConnectionProfileWithUrl:@<SiteminderURL>];
    
    [SMPUserManagersetAuthChallengeSelector:@selector(authenticationNeededForRequest:)];

    userManager = [SMPUserManager initializeWithConnection:l_clientconn];
    
    
    [userManager registerUser:<username> password:<password> error:&error isSyncFlag:NO];

Enabling Mutual SSL Authentication

Mutual SSL authentication, or certificate-based mutual authentication, refers to two parties authenticating each other by verifying a shared digital certificate, so that both parties are assured of the others' identity.

After initializing the SMPClientConnection class, use the setClientIdentityCertificate method to set the client certificate, using the following mutual SSL authentication example code:

[SMPUserManagersetDelegate:self];
l_clientconn = [SMPClientConnectioninitializeWithAppID:applicationIddomain:@"default"secConfiguration:<securityconfig>];
        
    userManager = [SMPUserManager initializeWithConnection:l_clientconn];
    
    NSError *error = nil;
          
     //During onboarding with Single and Mutual SSL, add fully qualified domain name of the SAP Mobile Platform server instead of just providing
     //IP address. For example vwxxx.dhcp.wdf.sap.corp. The default ports for single and mutual SSL are 8081 and 8082 respectively.  
     [l_clientconnsetConnectionProfileWithHost:@<fully_qualified_domain_name_of_server> port:@<port> farm:nilrelayServerUrlTemplate:nil enableHTTP:NO];
    
/////Set the client certificate before calling onboard
    /// Assuming that CERTIFICATE.p12 is added to the "Supporting Files" folder  
     NSString *path = [[NSBundle mainBundle] pathForResource:@"CERTIFICATE" ofType:@"p12"];    /// This is your client certificate

    NSData *PKCS12Data = [[NSData alloc]initWithContentsOfFile:path];
    CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
   
    CFStringRef password = CFSTR("password");/// password of p12 certificate
    
    const void *key[] = { kSecImportExportPassphrase };
    const void *values[] = { password };
    CFDictionaryRef options = CFDictionaryCreate(NULL, key, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
   
    CFRelease(options);
    CFRelease(password);
    if (securityError == errSecSuccess)
    {
        
        NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
        CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
        identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
        SecCertificateRef myReturnedCertificate = NULL;
        
        OSStatus status = SecIdentityCopyCertificate (identityApp, &myReturnedCertificate);
    } else
    {
        NSLog(@"Error opening Certificate.");
    }
    [l_clientconnsetClientIdentityCertificate:identityApp];
    /////Call onBoard user
     BOOL RegistrationSucessful = [userManager registerUser:nil password:nil error:&error isSyncFlag:YES];

Setting a Password Policy Using DataVault

(Optional) Use the DVPasswordPolicy which holds the information of the password policy.

(Applicable to On-Premise only) To enable the password policy in the SAP Mobile Platform Server, launch the Management Cockpit. In the Client Password Policy tab, select the Enable password policy checkbox. In the client, the password policy settings derived from the server can be set to the DataVault password using the following code:

 NSError *error;
        DataVault *vault = [DataVault getVault:VaultName];
        [vault unlock:UserVaultPassword salt:VaultSalt];
        DVPasswordPolicy *setpasscodePolicy = [[DVPasswordPolicy alloc] init];
        SMPAppSettings  *l_appsettingsObj = [SMPAppSettings initializeWithConnection:l_clientconn userName:UserName password:Password];
        DataVaultPasswordPolicy *getpasscodePolicy = [l_appsettingsObj getPasswordPolicy:&error];
        
        setpasscodePolicy.defaultPasswordAllowed = getpasscodePolicy.defaultPasswordAllowed;
        setpasscodePolicy.minLength = getpasscodePolicy.minLength;
        setpasscodePolicy.hasDigits = getpasscodePolicy.hasDigits;
        setpasscodePolicy.hasUpper = getpasscodePolicy.hasUpper;
        setpasscodePolicy.hasLower = getpasscodePolicy.hasLower;
        setpasscodePolicy.hasSpecial = getpasscodePolicy.hasSpecial;
        setpasscodePolicy.expirationDays = getpasscodePolicy.expirationDays;
        setpasscodePolicy.minUniqueChars = getpasscodePolicy.minUniqueChars;
        setpasscodePolicy.lockTimeout = getpasscodePolicy.lockTimeout;
        setpasscodePolicy.retryLimit =  getpasscodePolicy.retryLimit;

        [vault setPasswordPolicy:setpasscodePolicy];
     
        if (!error) {
            
            NSLog(@"Set Password policy to vault successful");
            
        }
        else{
            NSLog(@"Error setting password policy to vault %@",error);
        }

Encryption Key Handling

If MAF Logon Manager is not used during application development, you should use the encryption key to encrypt the database, in case of offline applications. If MAF is used, this is processed by MAF Logon Manager internally. This is a mandatory step, without which persistence of data or requests for offline usage does not work. Call these three static methods at various stages of application cycle:

//Get encryption key
  NSError *error= nil;
  NSString *key = [EncryptionKeyManager getEncryptionKey:&error];
  if(error!=nil){
     NSLog(@"Error %@",[error description]);
  }
 // -- Persist the key into the Datavault or Other persistence place

//Set encryption Key
//Obtain the key from the Datavault or Other persistence place and pass it to the function below
  NSError *error= nil;
  [EncryptionKeyManager setEncryptionKey: key withError: &error];
  if(error!=nil){
     NSLog(@"Error %@",[error description]);
  }
//Reset encryption Key
  [EncryptionKeyManager resetEncryptionKey];

(Optional) Initializing an Application Using Logon Manager

To initialize an application using Logon manager, follow the task flow at MAF Logon Example.