Using the AuthProxy Plugin to Register With SAP Mobile Platform Server

This example procedure demonstrates how to use the AuthProxy plugin to register with the SAP Mobile Platform Server using a client certificate.

This example does not use the Logon plugin to perform the registration. You can test certificates on an Android device or emulator, or an iOS device. The server certificate must be installed on the device's system store, so for iOS, the actual device is required.

  1. Use the keytool utility to create the server and client certificates.
    The SAP Mobile Platform Server stores its certificates in a file named smp_keystore.jks.
  2. Download the certificate and generate a certificate signing request (CSR).
  3. Import the signed certificate into the keystore.
  4. Copy the client's public key to smp_keystore.jks so that the server can authenticate the client.
  5. Create a security profile in Management Cockpit
  6. Import the public and private key of the client certificate to the mobile device using the PKCS12 format.
    Both the client certificate (stored in the keystore client.p12 containing the public and private keys) and the certificate authority's certificate, must be added to the mobile device. You should add the certificate authority's certificate to the device's trust store. The client certificate in this example for Android is placed in a location the application can access it from. 
    adb push SAPServerCA.cer /mnt/sdcard/
adb push client.p12 /mnt/sdcard/
adb shell
cd /mnt/sdcard
ls
exit
    For an iOS device, both certificates can be installed into the device's trusted store by sending them through an e-mail, opening the device browser to a Web page that contains the links to the certificates, or by using the iPhone Configuration Utility. See http://support.apple.com/kb/DL1465.
    On the iOS device, the certificates can be viewed and uninstalled under Settings > General > Profiles.
    In addition to accessing the certificate from the file system and the device's secure store, the client certificate can be provisioned to the device using Afaria and then accessed from Afaria using the Logon plugin using the method sap.AuthProxy.CertificateFromLogonManager("clientKey").
  7. Create a new Cordova project to perform mutual authentication to the SAP Mobile Platform Server.
  8. Add the AuthProxy plugin.
  9. Create a new security provider and add an x.509 User Certificate authentication provider.
  10. Copy the files to the platform directory by running the prepare command.
  11. Use the Android IDE or Xcode to deploy and run the project.
Parent topic: Using the AuthProxy Plugin