cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to implement SSO / SSL / X.509 / SAML based Authentication for SAP UI5 based Apache Cordova/PhoneGap App using JavaScript?

Former Member

on ‎04-22-2014 12:35 PM

0 Kudos

Hello,

I have developed a Mobile App using SAP UI 5 framework, HTML, JavaScript and Apache Cordova / PhoneGap.

The app is completed, but I am still stuck with the Login Authentication task. The code which I have written, pertains to OData Service based BASIC Authentication using Username and Password(which the user enters through the app's UI). The code works fine for Valid Login credentials, but doesn't work at all, when the user enters Invalid credentials.

I came to know that instead of using BASIC Authentication (with Username and Password), either of SSO / SSL / X.509 or SAML based Authentication mechanisms needs to be used for SAP UI5 mobile app.

I Researched and found some links which speak about SSO Authentication but are either for Java EE or Microsoft .Net applications(and they are irrelevant in my context).

I am looking for code, which is in JavaScript, as I my entire app is HTML, JavaScript with SAP UI5 framework and I have also used Apache Cordova/PhoneGap to transform my HTML and related project files into an iOS app( and later will be morphed into an Android app as well).

It would be of great help, if I could get any sort of help, either in the form of sample code or some leads.

PLEASE NOTE ->

  1. For the rest of the app's Business Logic, I have used OData services and " OData.read(...); " statements to fetch the data and store them in  "sap.ui.model.json.JSONModel(); "model, for further manipulations and binding them to the UI controls.
  2. In case the SSO / SSL or any such implementation needs any additional setup or any kind of modification in the code to fetch the data, kindly highlight that as well.
  3. And at this instant, we do not intend to use SAP HANA Cloud Platform, as it does not fall under our project scope and requirements.

Thanks and Regards,

Suraj Kumar Y Midgay

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-05-2014 1:01 PM
0 Kudos

Hi Suraj!

In order to get your app up and running with the X.509 certs have a look at this wonderful OpenSSL implementation in JavaScript: https://github.com/digitalbazaar/forge#x509

Assuming you have an Apache or equivalent webserver handling the authentication process you do need to configure it properly.

Here are two really helpful tutorials how to do it in Apache:

Depending on the client certificate creation process (either generating locally via forge or deploying it to the user) you need to use the forge.http or forge.tls request methods in order to use the TLS implementation correctly.

HTTP:



var request = forge.http.createRequest({method: 'GET', path: url.path});

or

TLS:



varclient=forge.tls.createConnection(...);

Between that you can either use the oData auth or configure the server accordingly to accept the x.509 certs and pass it to the SSO service.

Happy Coding!
Peter

Show replies
Show replies
Former Member
‎05-06-2014 7:49 AM
0 Kudos

Hello Peter,

I appreciate your effort and Thank you for providing the info and the links.

I have gone through them. It might be really helpful for me when I would work on a requirement with Apache Server.

For now, I am looking for X.509 / SSO or OData BASIC Authentication on SAP Netweaver Gateway Backend.

Currently, Apache Server is not in my project scope or landscape. I am just using Apache Cordova/PhoneGap, which is a tool to simply create an iOS, Android, Blackberry app template, which will house the HTML, JavaScript and other SAP UI5 related framework files, etc.

I am really thankful to you, for coming forward and share the info.

Thanks and Regards,

Suraj Kumar Y. Midgay

Former Member
‎05-06-2014 9:03 AM
0 Kudos

Hi Suraj,

ok, I guessed you have the secure configuration with proxy and auth described here: Web Application Scenario.

Basic OData auth can be done with this sample code:



var sServiceUrl = 'https://host/SERVICE';


var sUser = 'username';


var sPassword = 'password';


var oModel = new sap.ui.model.odata.ODataModel(url, true, username, password);

For more, please have a look at the according API Reference for oModel.

Hope this helps for your request?

Happy coding!
Peter

Former Member
‎05-06-2014 1:33 PM
0 Kudos

Hello Peter,

I have alreadt tried a similar piece of code earlier and the code snippet shared by you.

But I could not get the expected result out of it. Moreover, I believe the the Username and Password, can not be transmitted in plain text format. Hence I even tried modifying the above code snippet by adding "authorization" tag and encrypting the credentials. And this too was of no effect.

To understand my issue more clearly, please refer one of my posts

Thank you for the code snippet and the links.

Thanks & Regards,

Suraj Kumar

tim_alsop
Active Contributor
‎04-22-2014 12:46 PM
0 Kudos

Hi,

I have a few hints/suggestions.

  1. Using SSL is going to encrypt the communications between the mobile device and the app server, so you should consider this anyway. Using SSL is not related to your question about authentication. SSL can be configured on the app server and will be used by the browser on the device when https:// is given in the URL.
  2. To decide what technology to use for your user authentication you need to decide what type of credentials you want the user to enter. I find that most companies want to allow users to enter their Active Directory account and password so that they don't have to remember many passwords - normally they use AD account and password to logon to their workstation, so using it when prompted on their device will be more convenient for the user.
  3. For mobile devices you can consider SSO, but this normally means that the user doesn't get asked for any credentials on the device. Do you want this, or do you want to ask user for some kind of user name and password ?

Thanks

Tim

Show replies
Show replies
Former Member
‎04-23-2014 5:26 AM
0 Kudos

Hello Tim,

Thanks for your prompt and kind response.

As this is my first app in SAP, I am not much aware of the best mechanism to be used for the Authentication.

I was told by someone that SSO is a better way for authentication and is much better than asking the user to enter the login credentials.

Requesting you to through some light on this and guide me in further aspects of authentication approach with the pre-requisites and necessary Set-Up.

I would be grateful towards your valuable co-operation.

Thanks and Regards,

Suraj Kumar

Ask a Question