In network-edge authentication, the SSO system intercepts an unauthenticated client request headed to SAP Mobile Platform, challenges the client to authenticate, and adds an SSO cookie to the request before forwarding to SAP Mobile Platform.
SAP Mobile Platform supports network-edge authentication by allowing the administrator to configure which client values set in the connection to SAP Mobile Platform using network-edge authentication are to be used for authentication into SAP Mobile Platform server.
Client applications can connect to reverse proxy servers or agents at the network edge. These agents perform authentication, and return authenticated tokens delivered as HTTP cookies or HTTP headers. An example of an HTTP-based SSO provider is SiteMinder running inside the enterprise and its SiteMinder agent running at the network edge inside an Apache reverse proxy server.
SAP Mobile Platform uses the HTTP/HTTPS Authentication provider to reach out to a Web server integrated to the SSO system to validate the SSO cookie and derive information about the user identified by that cookie, how long the cookie is valid for, and any security roles the user has.
Network-edge authentication is the most common SAP Mobile Platform SSO scenario.