Enabling Single Sign-on for OData Applications

Enable single sign-on (SSO) over secure paths for OData applications.

  1. Preparing the SAP Gateway
    Configure the SAP Gateway to push OData application data to Unwired Server, including configuring the RFC destination for HTTPS on the Gateway.
  2. Preparing Your SAP Environment for Single Sign-on
    Verify that the SAPĀ® enterprise information system (EIS) is configured correctly to accept SSO connections from Unwired Server.
  3. Using Keytool to Generate Self-Signed Certificates and Keys
    Whenever possible, use a PKI system and a trusted CA to generate production-ready certificates and keys that encrypt communication among different Unwired Platform components. You can then use keytool to import and export certificate to the platform's keystores and truststores. Otherwise, you can also use keytool to generate self-signed certificates and keys.
  4. Configuring X.509 Certificates for SAP Single Sign-on
    Import, export, and generate the X.509 certificates that secure communication paths between Unwired Server and the SAP enterprise information system (EIS), and for client authentication, including single sign-on (SSO) with X.509 or SSO2 tokens.
  5. Creating Security Profiles to Enable Mutual Authentication for SAP
    Create security profiles and associate them with X.509 server certificates that can be used to establish secure connections between a client, Unwired Server, and the SAP EIS.
  6. Enabling the HTTPS Port and Assigning the SUPServer Security profile
    Enable an HTTPS port for secure communication between Unwired Server and the SAP EIS.
  7. Security Configurations That Implement Single Sign-on Authentication
    Use the CertificateAuthenticationLoginModule authentication module to implement X.509 authentication or HttpAuthenticationLoginModule to implement SSO2.
  8. Provisioning Security Artifacts
    Typically, you must preprovision Unwired Platform security artifacts before applications can be used. The manner by which an artifact is provisioned depends on the artifact.
Parent topic: Security Task Flows
Related concepts
SAP Single Sign-on and Online Data Proxy Overview
Single Sign-on Authentication