Create a new security configuration, assign the
CertificateValidationLoginModule authentication provider to it, and assign the security
configuration to an SAP Mobile Server domain or
package.
The CertificateValidationLoginModule authentication provider supports X.509
certificate logins to SAP systems through JCo, DOE-C, Online Data Proxy, and Web service connections. You can
assign security configurations to domains, packages, or applications.
- Create the new security configuration:
- From SAP Control Center, select
Security.
- Select the General tab, click New, and enter a name for the new security configuration, for example, X509SECADMINCERT. Click OK.
- Configure the new security configuration:
- Expand the Security folder.
- Select the X509SECADMINCERT security configuration.
- Select Authentication.
- Select New.
- Select com.sybase.security.core.CertificateValidationLoginModule as
the Authentication provider.
- Click OK to accept the default settings, or modify any of these settings as required:
- Click <Add New Property>, select Validate Certificate Path and set the value to true.
- Click OK.
- Select the General tab, select Validate, then Apply.
- Assign the X509SECADMINCERT security configuration to an
SAP Mobile Server domain. This example uses the default domain, but
you can specify any domain to which the package is deployed:
- Click .
- Click Assign.
- Select X509SECADMINCERT and click OK.
- If any other security configurations have been assigned to this SSO domain,
SAP suggests that you unassign them.
However, many deployments of SAP Mobile Platform do mix
SSO and non-SSO MBOs or operations in the same package. There are certain
operations that are not sensitive and do not require the overhead of setting up
the SSO connection to the backend. Some packages may even perform DCNs, and the
DCN user would not be part of the SSO-enabled login module. If you do
authenticate a user against a non-SSO login module and then attempt to perform
an SSO-enabled operation, then the credentials are sent to the backend, which
may not be desired.