Single Sign-on for SAP

Unwired Platform supports single sign-on (SSO) authentication for mobile clients that access data from an SAP enterprise information system (EIS) using either X.509 certificates or SSO logon tickets (SSO2).

Single sign-on credential support for SAP includes:

X.509 certificates – use the CertificateAuthenticationLoginModule provider to implement X.509 authentication. At runtime, the mobile client selects the certificate signed by a trusted CA, which is authenticated by the SAP EIS.
SAP single sign-on (SSO2) tokens – use the HttpAuthenticationLoginModule provider for both basic HTTP authentication and to implement SSO2. At runtime, the client enters a user name/password combination that maps to a user name/password in the SAP EIS. For SSO2, a token is obtained from the configured SAP server using the client-supplied user name/password and is forwarded to other SAP servers configured in the endpoints to authenticate the client, instead of using client-supplied user name/password credentials.

Single Sign-on Authentication
Understand the role of user credentials and X.509 certificates in single sign-on authentication.
Configuring X.509 Certificates for SAP Single Sign-on
Import, export, and generate the X.509 certificates that secure communication paths between Unwired Server and the SAP enterprise information system (EIS), and for client authentication, including single sign-on (SSO) with X.509 or SSO2 tokens.
SAP Single Sign-on and DOE-C Package Overview
Understand how DOE-C packages fit in the Unwired Platform landscape, including how to secure communication paths and enable single sign-on (SSO) for these packages.
SAP Single Sign-on and Mobile Business Object Package Overview
Understand how to secure communication ports and enable single sign-on (SSO) for packages that contain mobile business objects (MBOs) bound to an SAP enterprise information system (EIS).
Creating Connections and Connection Templates
Create a new connection or connection template that defines the properties needed to connect to a new data source.
SAP Single Sign-on and Online Data Proxy Overview
Understand how OData applications fit in the Unwired Platform landscape and learn how to secure communication paths and enable single sign-on (SSO) for these applications.
Preparing Your SAP Environment for Single Sign-on
Verify that the SAP® enterprise information system (EIS) is configured correctly to accept SSO connections from Unwired Server.
Security Configurations That Implement Single Sign-on Authentication
Use the CertificateAuthenticationLoginModule authentication module to implement X.509 authentication or HttpAuthenticationLoginModule to implement SSO2.
Creating Security Profiles to Enable Mutual Authentication for SAP
Create security profiles and associate them with X.509 server certificates that can be used to establish secure connections between a client, Unwired Server, and the SAP EIS.
Enabling the HTTPS Port and Assigning the SUPServer Security profile
Enable an HTTPS port for secure communication between Unwired Server and the SAP EIS.
Distributing Single Sign-on Related Files in an Unwired Server Cluster
(Not applicable to Online Data Proxy) Place required files in the appropriate primary Unwired Server subdirectory so they are distributed to all Unwired Servers within the cluster during cluster synchronization.

Parent topic: Authentication in Unwired Platform