cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Always-Connected Clients & SSO

Former Member

on ‎08-06-2009 10:52 PM

0 Kudos

Hello All,

I am stuck on this problem right now - getting a blackberry to work with our SSO solution to connect to our backend SAP system. I am running a custom webdynpro java application I developed ( a mobile version of the UWL), which works perfectly fine with SSO while running on IE or Firefox - but when I try to access from my blackberry -I get the login prompts (which I hope to get rid of - with an SSO solution in place). I have tried reconfiguring the blackberry to utilize the TLS option - with a private certificate on the blackberry - but the blackberry browser does not use/recognize the certificate when it comes to login time...

I tried the RIMDispatcher solution - but it seems that the SSO solution in place does not seem to work with it. This solution does not seem to be what was implied from the statement below - but then again there are so few details given - that I am not sure what it meant by it.

On the link below - the following statement is made:

"For user convenience, SAP has integrated single sign on to SAP systems via the Blackberry device. The user only has to enter the password to unlock his Blackberry, and is able to access SAP applications online without any further logon screens. "

Link: [https://www.sdn.sap.com/irj/sdn/nw-mobile?rid=/webcontent/uuid/20ffed54-9812-2a10-9fb5-cb973a37ba3b#section4 [original link is broken]]

Is there a document which outlines what is necessary for this ? I am trying to bring 3 worlds together for this to work - my blackberry admin team, my SAP admin team, and a person who knows certificates. I am the developer trying to bring these 3 worlds together - and there seems to be no outline for what needs to be done. My SAP admin has recently been implementing SAP SSO - so that all SAP logins are via certificate, but I am still stuck.

Thanks for any help !

Mike

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎08-20-2009 4:31 PM
0 Kudos

Thank you for your answer Ed,

However, I have attempted this solution (see rimdispatcher reference above), and with the overall SAP SSO solution (not related to blackberry ) we are working with - which forces the user to an https connection - the rimdispatcher does not seem to work. We always get back to a login page. It would be a good thing if the RimLoginModule guide was updated to do 2 things:

1. show how to configure when SSO is already in place and make the rimlogin work. The rimdispatcher actually does work - in that the url forwards the request to the referenced application - just the RIM SSO does not seem to work with the ECC SSO solution. I am not sure of there are additional steps when configuring SSO for SAP or with the rimloginmodule- to make the SSO for blackberry work - because it does not work per the instructions with https. I think this has something to do with the authschemes.xml configuration, and how the SAP SSO requests is processed prior to the usage of the authschemes...

2. Have the rimlogin module document explain how to set up more than 1 application. We have a few apps which are intended to run from the RIM device - it would be good to see if there was a recommeded method for handling more than one.

In an attempt to get SSO working for the blackberry, I had also attempted to utlize the personal certificate used for SAP SSO on the blackberry itself. I had used the blackberry desktop manager's certificate synchronization tool to move the certificate to the blackberry, but this does not work. I have been notified by RIM that personal certificates do not work on a blackberry for browser based webdynpro applications (the "always connected type").

To quote:

"In regards to the Single Sign-On certificate, the BlackBerry won't be able to use the cert when accessing the internal page if credentials are needed to view it, they will be prompted every time. If the application was local (installed on/pushed to) the BlackBerry device, than the SSO certificate could be used by the application. If certificates were needed to load every time a web page was viewed, it would produce a lot of traffic, but this is also setup that way for security reasons."

We have no interest in pushing apps to the blackberry itself - we have already developed a small suite of browser based apps with webdynpro java, which run out of the SAP Portal environment, and can run as independent browser apps. This is part of the current strategy of "zero footprint browser based clients"...

If you have any further info - it would always be appreciated - we are at a dead end here...

Thanks !

Show replies
Show replies
Former Member
‎08-19-2009 9:03 PM
0 Kudos

Hi Mike

This document should help:

https://service.sap.com/~sapdownload/011000358700005072882005E/RIMLoginModule_Inst_Guide.pdf

It describes the rimloginmodule which was originally designed for the web version of SAP CRM.

It takes advantage of this ability of the BlackBerry Browser/ BlackBerry Enterprise Server platform:

http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800792/801079/How_To_...

cheers

ed

Show replies
Show replies
Ask a Question