The Logon plugin manages the application registration and authentication processes either through SAP Mobile Platform Server, or through SAP Gateway server.
Most of the Kapsel plugins rely upon the services provided by the Logon plugin. This plugin manages the process of onboarding applications with SAP Mobile Platform Server, authenticating users, and so on. The Logon plugin, where available, interfaces with Client Hub and pulls certificates from Afaria.
The Logon plugin provides a login screen where the user can enter the values needed to connect to SAP Mobile Platform server, and which stores those values in its own secure data vault. This data vault is separate from the one that is provided with the EncryptedStorage plugin. To keep your keys safe from unauthorized use, you should store all keys in the data vault.
The data vault is deleted if the user forgets their password while unlocking the application, violates a password policy set on the server, or explictly deletes the registration. Data stored by the EncryptedStorage plugin is also deleted, because once the data vault is deleted this data would no longer be accessible. For security reasons, when the data vault is deleted, the Login plugin sends a notification to the other Kapsel plugins so they can clean up their data if required.
The Logon plugin also lets the user lock and unlock the application, to protect sensitive data.
Kapsel supports the following security configurations:
From the client perspective, the client authenticates either through basic authentication, or through mutual certificate authentication. In the basic authentication scenario, the client must provide credentials (username and password), and in mutual certificate authentication the client must provide a root server certificate.
Kapsel plugins support Apache Cordova's domain whitelisting model. Whitelisting allows you to control access to external network resources. Apache Cordova whitelisting allows you to whitelist individual network resources (URLs), for example, http://www.google.com.
For information about the whitelist rules, see http://docs.phonegap.com/en/3.3.0/guide_appdev_whitelist_index.md.html.