Setting Up Authorization with Certificate Validation

(Recommended) Before any event is submitted to the SAP Mobile Platform runtime, the subject of the certificate's CN that is mapped to the logical role must be authorized, and with Certificate Validation, authenticated. SAP recommends using a CertificateValidationLoginModule for mutual authentication. The following steps describe how to implement the recommendation and offers maximum DCN or Push security.

  1. Updating an Existing Security Configuration for EIS Event Authorization
    Platform administrators create different security configurations to authenticate packages that are deployed to various domains. You can revise these existing security configurations to also authenticate EIS events.
  2. Adding a certificateValidationLoginModule for DCN Mutual Authentication
    For DCN events, you can add a certificateValidationLoginModule to perform mutual authentication, and stack it with other modules that perform the authentication of device users.
  3. Mapping Logical Role to the Subject for the Certificate CN
    The certificate used for mutual authentication includes a common name (CN) that is extracted and compared to the physical role mapping you create using this CN.
Parent topic: Enabling Authorization of EIS Operations
Related concepts
SUP Roles to Support EIS Operations: SUP DCN User and SUP Push User
Related tasks
Setting Up Authorization with a Technical User Role Stored in a Repository
Setting Up Authorization with PreConfiguredUserLogin Values
Stacking Providers for DCN SSO Authentication