Create a new security configuration, assign the
HttpAuthenticationLoginModule authentication provider to it, and assign the security
configuration to an SAP Mobile Server domain or package.
The HttpAuthenticationLoginModule authentication provider supports
SSO2 token logins to SAP systems through JCo and Web service connections,
DOE-C packages, and other packages that require token
authentication.
- Create the new security configuration:
- From SAP Control Center, select
Security.
- Select the General tab, click New, and enter a name for the new security configuration, for example, SAPSSOSECADMIN. Click OK.
- Configure the SAP EIS portal:
- Apply SAP Note 1250795 to the portal server. This is required to get the HTTP challenge pop-up window.
- Verify the SAP EIS URL configured as the SAP Mobile Server SAP
Server URL property is an URL with a challenge popup window, not just a
generic portal URL.
- Maintain the URL and control flag security configuration parameters, which are the only required parameters.
- Configure the new security configuration:
- Select the SAPSSOSECADMIN security configuration.
- Select the Authentication tab.
- Click New and select
com.sybase.security.http.HttpAuthenticationLoginModule
as the authentication provider. Set the SAP server URL, the SSO cookie
name (typically set to MYSAPSSO2), and other
properties as appropriate for the connection.
- Select the General tab, and click
Validate to confirm that
SAP Mobile Server accepts the new security
configuration.
A message indicating the success of the validation appears above the menu bar.
- Click Apply to save changes to the
security configuration, and apply them across
SAP Mobile Server.
- Assign the SAPSSOSECADMIN security configuration to the domain to which SSO packages are being deployed.
- Click .
- Click Assign.
- Select SAPSSOSECADMIN and click OK.
- If any other security configurations have been assigned to this SSO domain,
SAP suggests that you unassign them.
However, many deployments of SAP Mobile Platform do mix
SSO and non-SSO MBOs or operations in the same package. There are certain
operations that are not sensitive and do not require the overhead of setting up
the SSO connection to the backend. Some packages may even perform DCNs, and the
DCN user would not be part of the SSO-enabled login module. If you do
authenticate a user against a non-SSO login module and then attempt to perform
an SSO-enabled operation, then the credentials are sent to the backend, which
may not be desired.