cancel
Showing results for 
Search instead for 
Did you mean: 

MOBI SSO with trusted authentication and form based authentication

0 Kudos

Dear All,

I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:

- SAP BI 4.1 SP04

- Trusted authentication with HTTP header configurred for BI Launchpad and working fine.

Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.

And

Provide our app users their X502 certs.

1. Will the above approach work ??

2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??

I would appreciate your valuable inputs.

Regards,

Sarvjot Singh

Accepted Solutions (0)

Answers (1)

Answers (1)

ashutosh_rastogi
Active Contributor
0 Kudos

Hi Sarvjot,

I am aware that few customers have been successfully able to setup SSO using HTTP Header Approach.

Also, the note that you have mentioned does not indicate an application error - this is in-fact a configuration error which indicates that the request received by mobile server does not contain the expected HTTP header.

We have tested the scenario with X509 certs. However, I am not sure whether this would work simply with X502 certs as well. However, you may give a try ...

The workflow would look like

  • User imports the SSO connection (or connection is pre-configured with the SDK App) in Mobile BI App [for client configuration ]
  • When he taps on the connection to connect, he is prompted for the certificate. He can then select a valid certificate and then say Ok
  • The same cert is forwarded to mobile server. Mobile server when configured correctly will extract the CN name from the cert and use to connect to BI platform using trusted authentication
    • In cases where certificates reach mobile server, you will have to configure mobile server as described in 
    • In cases where the certificates terminates at reverse proxy level and user name is passed on further as HTTP header, you will have to configure mobile server as described in
  • As long as the CN name in the cert matches the enterprise username in BIP, user would be logged in.

Hope this clarifies and solves your concern.

Regards,

Ashutosh