Single Sign-on Authentication

Understand the role of user credentials and X.509 certificates in single sign-on authentication.

Single sign-on authentication comprises three main areas:

Configuring SAP Mobile Platform to perform single sign-on to the back end requires the applications created in SAP Mobile Platform Server to be configured to use the HTTPS protocol with mutual certificate authentication to communicate with the back end. Use Management Cockpit to navigate to the application, and set the property "Certificate Alias" — that is, give the name of a certificate alias in SMP_HOME\Server\configuration\smp_keystore.jks.

During mutual certificate authentication between the client and SAP Mobile Platform, the client presents a certificate to SAP Mobile Platform Server. For authentication to succeed, the client’s certificate, or more typically the certificate authority (CA) that signed the client certificate must be present in the SAP Mobile Platform Server keystore.

Note: When administrators import a certificate to the keystore, they must use the same password for the key alias entry as the keystore password, and thus the same value for the Certificate Alias.
Parent topic: Single Sign-on for SAP
Related tasks
Configuring SAP Mobile Platform Server Certificate-based Authentication with a Reverse Proxy
Related reference
X.509 User Certificate Configuration Properties