cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authenticating Native/Hybrid mobile apps via SCP Identity Authentication Service (IAS)

gregcarino
Product and Topic Expert
Product and Topic Expert

on ‎04-02-2019 7:45 AM

Hi Experts,

I have the following scenario for a customer:

- An existing SCP subaccount has a default Identity Provider set as the corporate IdP.

- We will develop new apps, 1 of which is a Native iOS app deployed to SCP Mobile Services.

- This new application is supposed to authenticate via SCP IAS instead of corporate IdP.

My question:

Since the subaccount's default IdP is the corporate IdP, is there a way in Mobile Services to configure specific native/hybrid apps to authenticate via IAS? Currently, you only have the options in the below screenshot.

I know that you can do the reverse and use IAS as the default and then set up a corporate IdP. But are there other approaches? (assuming we are not allowed to change the default IdP due to governance restrictions).

Cheers,

Greg

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member599323
Discoverer
‎04-02-2019 1:41 PM
0 Kudos

Hi Greg,

You can only have 1 IDP per sub-account and as far as i know, you cannot configure which IDP to use explicitly on a per-app basis.

Hope that helps.

Thanks and Regards,

Rakshith

Show replies
Show replies
former_member599323
Discoverer
‎04-02-2019 10:32 AM
0 Kudos

Hi,

While i am still trying to de-cipher the ask here, IAS just acts like a reverse proxy and the list you have pasted above represents the Auth mode/protocol as such. Are you trying to authenticate the app users via on-prem IDP ?

Thanks and Regards,

Rakshith

Show replies
Show replies
gregcarino
Product and Topic Expert
Product and Topic Expert
‎04-02-2019 1:25 PM

Hi Rakshith,

Basically my question is: can you explicitly define, in SCP mobile services, which IdP a hybrid/native app should use?

In my scenario i have both corporate IdP(default) and IAS in my subaccount and would like to specify which IdP an app is using.

Cheers,

Greg

LutzR
Active Contributor
‎04-02-2019 8:08 AM
0 Kudos

Hi Greg,

I don't know mobile services, but as you probably control the application's URL this should be possible.

To use a secondary (non-default) IDP the application URL needs to be assembled like this:

https://<app name>.hana.ondemand.com/index.jsp?saml2idp=<idp name>

Source: https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/dc618538d97610148155d97dcd1...

Cheers, Lutz

Show replies
Show replies
gregcarino
Product and Topic Expert
Product and Topic Expert
‎04-02-2019 8:46 AM
0 Kudos

Hi Lutz,

Thanks for the answer but that is for web apps or portal. My question is specifically for native or hybrid apps which are not accessed via web links and whose security is configured in mobile services.

Cheers,

Greg

Ask a Question