Security Providers

Configure one or more security providers as part of a named security configuration. There are different types of providers you can use, and these can be ordered and flagged according to the requirements of your production environment.

Configure security providers for SAP Mobile Server by logging in to the server in SAP Control Center and clicking Security > Security Configuration.

For third-party providers or providers you have created with the CSI SDK, save related JAR files or DLLs in the SMP_HOME\Servers\UnwiredServer\lib\ext folder.

• Authentication modules – verify the identity of a user accessing a network with the mobile application, typically via a login form or some other login or validation mechanism. Authentication in SAP Mobile Server is distinct from authorization. You must have at least one authentication module configured in a production deployment of SAP Mobile Server. You can stack multiple providers so users are authenticated in a particular sequence.
• Authorization modules – check the access privileges for an authenticated identity. SAP recommends that you have at least one authorization module configured in a production deployment of SAP Mobile Server.
• Attribution modules – when a user is authenticated, a custom attribution provider can add more information about the authenticated user. Attribution modules are only available if you have created a custom provider with the CSI SDK and saved to the correct folder.
• Auditing modules – report all audit events to allow you to evaluate the security system implementation for SAP Mobile Server. Auditing provides you a record of all the security decisions that have been made. Each successful authentication creates a session key that shows up in subsequent security checks for that user. Unsuccessful authentications are also logged. Each authorization records what roles were checked, or what resource was accessed. Audit filters determine what events get recorded, the audit format determines what the audit records look like, and the audit destination specifies where audit records are sent. Use the audit trail to identify who did what and when, with respect to objects secured by your providers. Auditing modules are optional.

In most cases, each security module requires a unique set of configuration properties. However, there are some cases when modules require a common set of properties, and these properties are configured once for each module on a tab created for that purpose.

You can configure different security providers for administrator authenticaton and device user authentication. For more information on configuring security providers depending on the type of user, see either Enabling Authentication and RBAC for User Logins or Enabling Authentication and RBAC for Administrator Logins in the Security guide.

• Stacking Providers and Combining Authentication Results
  Optionally, implement multiple login modules to provide a security solution that meets complex security requirements. SAP recommends provider stacking as a means of eliciting more precise results, especially for production environment that require different authentications schemes for administrators, DCN, SSO, and so on.
• Reordering Configured Providers
  List stacked security providers for a security configuration to identify them as primary or auxiliary providers. Providers are used in the order configured.
• Security Provider Configuration Properties
  Security providers implement different properties, depending on the type of provider you are configuring.