Optionally, implement multiple login modules to provide a security solution that meets complex security requirements. SAP recommends provider stacking as a means of eliciting more precise results, especially for production environment that require different authentications schemes for administrators, Push Notification, SSO, and so on.
Stacking is implemented with a controlFlag attribute that controls overall behavior when you enable multiple providers. Set the controlFlag on a specific provider to refine how results are processed.
For example, say your administrative users (smpAdmin in a default installation) are not also users in an back end system like SAP. However, if they are authenticated with just the default security configuration, they cannot also authenticate to the HTTP/HTTPS Authentication provider used for SSO2Token retrieval. In this case, you would stack a second login module with a controlFlag=sufficient login module for your administrative users.
Or, in a custom security profile (recommended), you may also find that you are using a technical user for Push Notification who is also not an SAP user. This technical user does not need SSO because they will not need to access data. However, the technical user still needs to be authenticated by SAP Mobile Server. In this case, you can also stack another login module so this Notification user can login.
Provider | Authentication Status | |||||||
---|---|---|---|---|---|---|---|---|
LDAP | pass | pass | pass | pass | fail | fail | fail | fail |
NT Login | pass | fail | fail | fail | pass | fail | fail | fail |
SSO Token | * | pass | pass | fail | * | pass | pass | fail |
Certificate | * | pass | fail | * | * | pass | fail | * |
Overall result | pass | pass | pass | fail | fail | fail | fail | fail |