With SAP Mobile Platform, SiteMinder authentication is used in protected and unprotected network-edge configurations.
Network-edge and Token-based Authentication
You should also have an HTTP/HTTPS Authentication provider configured for a SiteMinder-protected URL where SAP Mobile Platform can verify the validity of the user's SMSESSION cookie.
SAP Mobile Platform must send the SMSESSION cookie to the URL. If the URL is a SiteMinder Agent for an SAP-protected back end, then the SSOCookie value should be MYSAPSSO2, the SSO token used against other back-end SAP systems.
When integrating with a back-end system that is not SAP protected, SAP Mobile Platform simply requires a 200 status in the response to indicate the SMSESSION was valid.
Basic Authentication
With basic authentication, the SSOCookie is set to SMSESSION, which is returned upon successful authentication. SAP Mobile Platform has no further use of the SSOCookie; therefore, this is not a commonly used scenario.