Applications that do not require tight security can use anonymous access. Anonymous
access applications can be run without a specific combination of user name and authorization
code or a combination of code and password.
When anonymous connections are enabled in Management Cockpit, the
application user can access the application without entering a user name and password or
a combination of authorization code and password. However, the back-end system still
requires log on credentials to access data, whether it is a read-only user, or a
back-end user with specific roles.
Note: If you configure the No
Authentication Challenge
authentication provider in a security profile to which you have assigned client
applications that you intend to run anonymously, this provider causes your anonymous
applications to fail. SAP Mobile Platform authenticates the user even
though the user presented no valid credentials. SAP Mobile Platform then
proceeds to connect to back-end systems assuming there is an authenticated client, and
tries to use SSO credentials for the back end. However, these credentials are absent,
and the back-end connection fails.
SAP also supports an "anonymous optional" scenario, where
an anonymous application may provide a limited set of functionality to anonymous users.
A user who chooses to authenticate may have more functionality exposed (for example,
real user credentials which are propagated via SSO to the back end and allows more
access).
Note: When an endpoint is configured with the "Allow Anonymous" attribute, and technical
user credentials are provided, then clients can use that endpoint anonymously. Even
though the business content SAP Mobile Platform accesses through the
endpoint may have been deemed non-sensitive and not require a high degree of security,
often the technical user may have access to other parts of the back-end system that are
sensitive. Because of this, the technical user's credentials need to be protected.
Always use an HTTPS connection to the back-end system in order to protect the technical
user credentials from being compromised as they are passed over the network.