Verify that the SAP back end is configured correctly to accept SSO
connections from SAP Mobile Server.
- Set all parameters for the type of credentials accepted by the server:
- SSO2 token – verify that everything is set properly with
the SSO2 transaction.
- X.509 certificate – set up, import, and verify
certificates using the Trust Manager (transaction STRUST).
- Use the ICM configuration utility to enable the ICM HTTPS
port.
- Set the type of authentication to enable
communication
over HTTPS.
- Server authentication only – the server expects the
client to authenticate itself using basic authentication, not SSL.
- Client authentication only – the server requires the
client to send authentication information using SSL certificates. The
ABAP stack supports both options. Configure the server to use SSL with
client authentication by setting the ICM/HTTPS/verify_client parameter:
- 0 – do not use certificates.
- 1 – allow certificates (default).
- 2 – require certificates.
- Use the Trust Manager (transaction STRUST) for both SSL server
and SSL client personal security environments (PSEs) to make the server's
digitally signed public-key certificates available. Use a public
key-infrastructure (PKI) to get the certificates signed and into the SAP system.
There are no SSO access restrictions for MBO data that
spans multiple SAP servers.
See SAP product
documentation at http://help.sap.com/saphelp_aii710/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm
for information about the SAP Trust Manager.
- To enable secure communication, SAP Mobile Server and the SAP server that it communicates with must
exchange valid CA X.509 certificates. Deploy these certificates, which are used
during the SSL handshake with the SAP server, into the SAP Mobile Server keystore.
- The user identification (distinguished name), specified in the
certificate must map to a valid user ID in the AS ABAP, which is maintained by
the
transaction
SM30
using table
view (VUSREXTID).
See Configuring the AS ABAP for Supporting SSL at http://help.sap.com/saphelp_aii710/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm