Basic Authentication Against an SSO-Integrated Service

With basic authentication to an SSO-integrated back end, the user name and password of the basic credentials are sent to SAP Mobile Platform where the security profile uses the HTTP/HTTPS Authentication provider to pass the credentials to the SSO-enabled Web server for validation.

In response, the security profile receives the SSO cookie used by other SSO-enabled back ends.

Basic authentication against an SSO-integrated service is the least secure and the least common SAP Mobile Platform SSO scenario.

The Check Impersonation option in the security profile settings in Management Cockpit ensures that SAP Mobile Platform knows who the user is after successful SSO-based login. When using the basic authentication scenario, SAP Mobile Platform already has the user name, but additional principals can be returned as well.

Note: Impersonation checking can be disabled; however, logging, notifications, auditing and more will not work in SAP Mobile Platform, and administrators have less information about who their users are and what they are doing. Additionally, disabling impersonation checking makes it possible for an attacker to steal an SSO cookie and use it without the user's knowledge while masquerading as someone else.
Parent topic: Integrating SAP Mobile Platform with Your Single Sign-on Solution
Related reference
Check Impersonation Attribute