SAP Single Sign-on and Mobile Business Object Package Overview

Understand how to secure communication ports and enable single sign-on (SSO) for packages that contain mobile business objects (MBOs) bound to an SAP enterprise information system (EIS).

SAP MBOs bound directly to SAP BAPIs and RFCs, as well as SAP BAPIs exposed as Web services. Once deployed, Unwired Platform supports Java connector (JCo) connections and Secure Network Communications (SNC) for SAP MBOs, and HTTP(S) connections to Web services.

Once deployed, connection information, and other application- and package-specific information is maintained by Unwired Server. Unwired Server packages that contain SAP MBOs support message-based and replication-based applications and perform queue handling, data caching, and synchronization services.

Typical data flow for SAP MBO packages that use data change notification (DCN) as a refresh mechanism:



  1. Data flows from Unwired Server to the EIS through a configured connection pool. For secure connections:
    • Jco – communicates with the SAP EIS using the SAP JCo proprietary communication protocol. Optionally use SNC if required for your installation.
    • Web service – communicates to the Web service host using HTTPS, whether the Web service is on the same server that hosts the SAP BAPIS/RFCs to which the Web service is bound, or a different server.

      In an SSO configuration, the client provides credentials to Unwired Server (username and password or X.509 user certificate) that are authenticated by the security configuration's authentication module ( CertificateAuthenticationLoginModule for X.509 or HttpAuthenticationLoginModule for SSO2). Once authenticated by Unwired Server, and assuming that Unwired Server and the EIS have a secure communication path, SSO is enabled.

  2. (Optional) Configure a data change notification (DCN) port if this is the data refresh policy for any of the MBOs within the package.
Related concepts
Enabling Single Sign-on for Mobile Business Object Packages
Single Sign-on Authentication