Configure
one or more security providers as part of a named security configuration. There are
different types of providers you can use, and these can be ordered and flagged according to
the requirements of your production environment.
Configure security providers for SAP Mobile Server by logging in to the server in SAP Control Center and clicking .
For third-party providers or providers you have created with the CSI SDK,
save related JAR files or DLLs in the SMP_HOME\Servers\UnwiredServer\lib\ext folder.
- Authentication modules – verify the identity of a user accessing a
network with the mobile application, typically via a login form or some other login
or validation mechanism. Authentication in
SAP Mobile Server
is distinct from authorization. You must have at least one authentication module
configured in a production deployment of
SAP Mobile Server.
You can stack multiple providers so users are authenticated in a particular
sequence.
- Authorization modules – check the access privileges for an
authenticated identity.
SAP
recommends that you have at least one authorization module configured in a
production deployment of
SAP Mobile Server.
- Attribution
modules – when a user is authenticated, a custom attribution provider can add more
information about the authenticated user. Attribution modules are only available if
you have created a custom provider with the CSI SDK and saved to the correct folder.
- Auditing modules – report all audit events to
allow you to evaluate the security system implementation for
SAP Mobile Server.
Auditing provides you a record of all the security decisions that have been made.
Each successful authentication creates a session key that shows up in subsequent
security checks for that user. Unsuccessful authentications are also logged. Each
authorization records what roles were checked, or what resource was accessed. Audit
filters determine what events get recorded, the audit format determines what the
audit records look like, and the audit destination specifies where audit records are
sent. Use the audit trail to identify who did what and when, with respect to objects
secured by your providers. Auditing modules are optional.
In most cases, each security module requires a unique set of configuration properties. However, there are some cases when modules require a common set of properties, and these properties are configured once for each module on a tab created for that purpose.
You can configure different security providers for administrator authenticaton
and device user authentication. For more information on configuring security providers
depending on the type of user, see either Enabling Authentication
and RBAC for User Logins or Enabling Authentication and
RBAC for Administrator Logins in the Security guide.