cancel
Showing results for 
Search instead for 
Did you mean: 

Use Cloud IAS users as Cloud Platform Mobile Service Cockpit authentications

SumitKundu
Active Participant
703

Hello experts,

I am planning to use IAS users as the developers/admin in SAP MTP Mobile Services cockpit.

I am following this blog post but a bit lost on the way. I have done the part in IAS tenant admin console and established SAML2 trust (by uploading SAP Cloud Platform subaccount SAML metadata).

In IAS tenant admin console: application 'mobileServices'

I have created the role collection in SAP BTP subaccount as well to match Group in IAS.

But how to point the SAP Cloud Platform Mobile service cockpit link to IAS login page. It still redirects to SAP ID Service login page.

Best regards,

Sumit

SumitKundu
Active Participant
0 Kudos

jitendrakumar.kansal sami.lechner can you please advise.

Best regards,

Sumit

Accepted Solutions (0)

Answers (2)

Answers (2)

j_raymakers
Participant
0 Kudos

Hi Sumit,
Did you manage to solve this issue? We are trying to setup Mobile Service Cockpit with IAS on Cloud Foundry as well and yes we are facing the same issue as stated above. Only SAP idp is shown, and not the, in our case, AzureAD logon screen. I hope you have managed to solve this issue... and how did you solve this issue? Kind Regards, Jacco Raymakers

j_raymakers
Participant

Additional information: The authentication with Business Application Studio is working fine via IAS based on AzureAD.
But this is not the case, as stated earlier, when opening the Mobile Services Admin UI url.

SumitKundu
Active Participant
0 Kudos

Sorry, could not solve this then, Went ahead with SAP ID service authentication only. However I am not aware how is the current state of MS cockpit. And yes, same for Business app studio for me too.

BR,

Sumit

dvankempen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Sumit,

Not familiar with this particular scenario but you configure the IdP for your subaccount under Security > Trust Configuration

When there is more than one IdP you should be prompted to select the one to use; you can edit the properties of each IdP entry to enable/disable it for user logon.

SumitKundu
Active Participant
0 Kudos

The trust configuration is maintained for IAS tenant.

But the mobile services cockpit (https://mobile-service-cockpit-web.cfapps.eu20.hana.ondemand.com/) page does not give any option of this IdP, i.e. IAS.

dvankempen
Product and Topic Expert
Product and Topic Expert
0 Kudos

With two IdPs both enabled for user logon, I would expect to be prompted to select.

Works when you disable the first custom entry?

SumitKundu
Active Participant
0 Kudos

Even after disabling the default 'SAP ID Service', mobile services cockpit page redirects to same login page as of SAP ID Service.

dvankempen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Using basic authentication?

For applications that use basic authentication, you can configure SAP Mobile Services to authenticate users with the default identity provider. The default identity provider is SAP ID service, and not the default Identity provider configured in SAP BTP account trust settings.

SumitKundu
Active Participant
0 Kudos

Well, this mobile services cockpit is a SAP delivered app, are for administrators where other mobile apps (native/hybrid) are configured and managed. So, not sure if it allows only basic authentication or not.

SAP BTP Mobile Services tutorial

Best regards,

Sumit

Hi Sumit,

  • Once you have marked the IdP of your choice in the trust settings, please open the Mobile Services Admin Cockpit in a different browser or at least in 'incognito' mode. Sometimes, the browser cache may still direct you to the 'old' endpoint.
  • To your point about supported authentication mechanisms, there is no limitation either way. You are not limited to Basic Authentication.

Hope this helps.

Prakalp.

SumitKundu
Active Participant

I have tried different browser and incognito mode as well. But the mobile services cockpit only shows SAP ID Service authentication page.

Best regards,

Sumit