Configuring Unprotected Network-Edge Authentication with a SiteMinder-Protected Back End

Configure the SMSESSION cookie for unprotected network-edge authentication to a SiteMinder-protected back end.

Unprotected network-edge authentication requires you to change the Web service endpoint in Management Cockpit to use the SMSESSION cookie for single sign-on. By default, SAP Mobile Platform is configured with the server name set to SAP Mobile Platform Server or a reverse proxy, depending on your configuration.

  1. Create a security profile for network-edge authentication in Management Cockpit:
    1. In Management Cockpit, select Settings and click New.
    2. Enter nne_auth in the Security Profile Properties field.
    3. Under Authentication Providers, click New.
    4. Select HTTP/HTTPS Authentication from the list, then click Create.
    5. Enter these values:
      Field Value
      URL Point to the reverse proxy set up in the network edge that authenticates the user before forwarding the request to SAP Mobile Platform Server
      SSO Cookie Name MYSAPSSO2
    6. Click Save.
    7. Click OK.
    8. Click Save.
  2. Create an application in Management Cockpit:
    1. In Management Cockpit, select Applications and click New.
    2. Enter these values:
      Field Value
      ID nne_test
      Name nne_test
      Vendor SAP
      Type Hybrid
      Description Unprotected network-edge testing of SiteMinder
    3. Click Save.
  3. Create the application end point URL:
    1. Click Back End.
    2. In the Endpoint field, enter the URL of the Web service that expects the MYSAPSSO2 token to authenticate the user.
    3. Click Authentication, select Existing Profile.
    4. Select nen_auth in the Name list.
    5. Click Save.
    6. Click Yes.
Parent topic: Security Profile for a SiteMinder-Protected Back End
Related concepts
Integrating SAP Mobile Platform with Your Single Sign-on Solution
Single Sign-on Integration with SiteMinder