HTTP/HTTPS Authentication Provider

Use the HTTP/HTTPS Authentication provider to authenticate the user with a call to a separate Web server to validate the user's credentials. It is useful to validate user name and password basic credentials, or to validate a single sign-on token from the client (in lieu of passwords).

The HTTP/HTTPS Authentication authentication provider validates standard user name and password style credentials by passing them to a Web server. Configure the URL property to point to a Web server that challenges for basic authentication.

This provider is enhanced to authenticate the user by validating a token specified by the client by sending the configured client values to the HTTP back end in the specified format (header/cookie). Any parameter value, for example HTTP header, or HTTP cookie can be specified in the ClientHttpValuesToSend property so that the provider can retrieve the value of the configured parameter(s) and pass them to the Web server in the format required by the SendClientHttpValuesAs configuration property.

For example, to extract the cookie "MyCookie" from the client session to SAP Mobile Platform Server and pass it along to the Web server as the cookie "testSSOCookie", set the properties ClientHttpValuesToSend to "MyCookie" and set SendClientHttpValuesAs to cookie:testSSOCookie.

Note:

Best practice guidelines include:

Using an HTTPS URL to avoid exposing credentials.
If the Web server's certificate is not signed by a well known CA, import the CA certificate used to sign the Web server's certificate into the SAP Mobile Platform Server keystore. The keystore is pre-populated with CA certificates from reputable CAs.
If this Web server returns a cookie as part of successful authentication, set the SSO Cookie Name configuration property to the name of this cookie. Upon successful authentication, SSO cookie value is made available as single sign-on material for back-end connections later.

HTTP/HTTPS Authentication Configuration Properties
The HTTP/HTTPS Authentication provider authenticates the user with given credentials (user name and password) against the secured back end that requires basic authentication. To facilitate single sign-on (SSO), you can configure it to retrieve a cookie with the configured name and add it to the JAAS subject.

Parent topic: Authentication Providers for User Authentication and Authorization

Related reference

HTTP/HTTPS Authentication Configuration Properties