Enabling cookie based SSO Authentication for BEP (Exposed as OData services) using integration gateway in SMP 3.0
To access SAP Gateway exposed services via SMP 3.0 using SSO Cookie based authentication
SAP Gateway system is capable of handling cookies eg: MYSAPSSO2
Steps to Create MYSAPSSO2 Scenario
I) Enable SMP to access the backend https url:
II) SMP Gateway Cockpit Steps:
- Log on to the SMP Admin Cockpit https://<host>:8083/gateway/cockpit and go to the Destinations-> New
Provide the Destination Name, select destination type as HTTP, provide Destination URL, and Select Authentication
Type as SSO Mechanism
Click on Add button to select from various SSO Mechanisms.
Select Technical User(Basic) authentication as authentication mechanism,
and click on Save button.
Different SSO Mechanisms at the Gateway cockpit is mainly used to test the destination connection and to initially test
the services in the cockpit.
The security profile created at the SMP Admin will overwrite the destination configurations created at the gateway
In a productive scenario we need to consume the services exposed in gateway cockpit through SMP.
For different SSO Mechanisms refer to the link
Once the destination is created, in the https://<host>:8083/gateway/cockpit Click on register button,
provide the destination created and search for the service required to be
With this we have registered the service in gateway cockpit. If we need to access this service by cookie based SSO
mechanism through SMP follow the steps mentioned in the next section.
III) SMP ADMIN Cockpit Steps
1. Log on to the SMP Admin Cockpit https://<host>:8083/Admin and go to the Settings-> Security
2. Create a security profile with HTTP/HTTPS Authentication and provide the URL of the Back end System from where odata
service is hosted and MYSAPSSO2 Cookie is enabled. Click on Save as Shown Below.
3. In the SMP Admin Cockpit https://<host>:8083/Admin create the application for the service
document url exposed in gateway cockpit as shown in screen shots below:
Provide the odata service exposed through gateway cockpit, and mark the service as internal.
Once this is done, application is ready to be consumed.
IV) Onboarding through REST CLIENT
Onboard to the created application in the REST client/Mobile Application though a
http://<host>:8080/odata/applications/latest/<application id created in SMP>/Connections
Onboarding Post Body:
<?xml version=’1.0′ encoding=’utf-8′?>
<d:DeviceModel m:null=”true” />
Onboarding Operation: POST
While onboarding it will initially ask for the user details, and for the subsequent requests it will use the Cookie we have configured.
After onboarding the entities of the application can be accessed via the url
http://<host>:8080/ <application id created in SMP>/<entites>