Authentication in Unwired Platform

A security provider verifies the identities of application users and administrators who request access via one or more configured login modules.

Device user authentication and administrator authentication are configured differently:

device users are authenticated with custom Unwired Server security configurations created by the platform administrator in Sybase Control Center. For SAP EIS backends, SSO authentication can be configured.
Administrators are authenticated with the "admin" security configuration on the "default" domain. For first-time logins, administrators are authenticated with the PreconfiguredLoginModule. Once logged in, administrators for production systems should immediately reconfigure security to use the enterprise security backend and delete this login module from Sybase Control Center.

Caching Authenticated Sessions

An authentication request with username/password or certificate credentials for a specific domain always results in looking up an existing authenticated session in the cache that used the same credentials. If one is found, the session is reused instead of delegating the authentication request to the configured security backend. This is the case even if any of the information from the client session is used to authenticate the user instead of the presented username/password or certificate credentials.

If an existing authenticated session is found in the cache with the same credentials, then the user is not authenticated again against the configured security backend even if the cached session was authenticated based on an http header/cookie/personalization value and the new authentication request contains a different value for that parameter.

Creating a Security Configuration for Device Users
Create and name a set of security providers and physical security roles to protect Unwired Platform resources. For device user authentication, create at least one security configuration that is not the "admin" security configuration on the "default" domain, which is used exclusively for administrator authentication in Sybase Control Center.
Assigning Providers to a Security Configuration
Assign providers after you have created a security configuration.
Assigning Security Configurations to Domains, Packages, or Applications
A security configuration can be assigned to a domain. Domain administrators can then select the security configuration when deploying synchronization packages.
Mapping Roles at the Global or Package Level
Unwired Platform uses a role mapper to map logical and physical roles during an access control check.

Parent topic: Enabling Authentication and RBAC for User Logins

Enabling Authentication and RBAC for Administrator Logins