Support for Security Assertion Markup Language (SAML) was added to Kapsel in SP05 of the SDK. The onpremise version of the SMP server added support for SAML in SP05.
The following samples were creating using SP07 PL01 of the SDK.
Here are a few terms that are used with SAML. An identity provider maintains a directory of users and provides authentication. A service provider is the web site or service that is being accessed. A user is the person who has an account with the identity provider.
When a user logs in with the identity provider, a SAML token is returned that grants access to an application for a certain length of time. If the SAML token is compromised it is only valid for a limited length of time against a specific application. Multiple applications can use the same identity provider hence one user name and password or perhaps even a biometric like a fingerprint can be used.
The following steps demonstrate how to configure the Logon example from the HCPms section to use SAML as the authentication provider for the application.
Using the HANA Mobile service cockpit, modify the Security Configuration of the application com.mycompany.logon from None to Form. Form indicates SAML should be used. The identity provider for the HCPms trial server is
Modify the context variable in LogonDemo\www\index.html to indicate that SAML should be used by adding.
Copy the files to the platform directory by running
cordova -d prepare
Use the Android IDE or Xcode to deploy and run the project.
Note, if the Remember me checkbox is checked, a cookie will be set that will remain valid for three months so the user name and password will not need to be re-entered.
The following steps will demonstrate how to configure the SMP server to work with an identity provider and then use that identity provider as an authentication provider for the Logon sample. The identity provider used in this section is a hosted solution from SSOCircle that has free account registration to their hosted identity provider as well as paid offerings.
Once registered, note the user id and remember your password.
Choose Manage Metadata > SSOCircle Public IDP Metadata.
Save the xml as
In the SMP server's management cockpit choose Settings > SAML > Local Service Provider. Provide a unique name and a Base URL that is the fully qualified host name of the SMP server.
Click on Generate Key Pair. Click Save. Click Get Metadata. Copy that file to the following location.
In the SMP server's management cockpit choose Settings > SAML > Trusted Identity Provider > New > and for the Metadata File click the browse button and choose
In the SSO Circle website choose Manage Metadata and click on Add new Service Provider.
Modify the application with the id of com.mycompany.logon to use a SAML Authentication provider.
Note the Identity Provider Name can be determined by examining Settings > SAML > Trusted Identity Provider > Name.
Modify the host variable points to your onpremise server and ensure that the port is the HTTPS port and https is true. Modify the context variable in LogonDemo\www\index.html to indicate that SAML should be used by adding.