Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
mgrasshoff
Advisor
Advisor


Hi there,

It’s this time again – HCPms release date. Today it includes:

 

  • Support for OAuth

  • Actionable Push for iOS

  • Account Self-Service (SCIM)

  • Same Origin Policy

  • Capability based notifications


 

So let's take a look into the details.

 

 

Support for OAuth


Most prominently we now support OAuth2.0.  With the OAuth authorization framework support we have added another way to authenticate the users besides BasicAuth, Form (with SAML) and Certificate authentication. The nice benefit of OAuth is that there is no need to store the users credentials on the device anymore. We do that in the most secure manner – if wanted, but with OAuth it’s even more secure and more user friendly, since OAuth tokens can be renewed without user interaction.

This is how it looks like from the Admin perspective:



 

Push improvements for iOS


With iOS 8 Apple introduced interactive notification that let you react on incoming notifications without unlocking your device. To better facilitate this feature we have introduced some optional information into our back-end push API that let you control this behaviour.

This example shows how to trigger an action on the device by a back-end call.

 

> POST /restnotification/registration/<applicationId> HTTP/1.1


> Accept-Encoding: gzip,deflate


> Content-Type: application/json


> Authorization: Basic bm9uZW9meW91cmJ1c2luZXNz


> Content-Length: 117


> Host: localhost:8080


> Connection: Keep-Alive


> User-Agent: Apache-HttpClient/4.1.1 (java 1.5)


> {


"alert": "PushAlert",


"data": "pushTest",


"customParameters":


{"apns.category":"YourAction" }


}


 

With the information “content-available” you can send a wake up notification to the client:

 

> POST /Notification/<<applicationId>> HTTP/1.1

> Accept-Encoding: gzip,deflate

> Content-Type: application/xml

> Authorization: Basic cHVzaDpzZWNyZXQ=

> X-SMP-APNS-CONTENT-AVAILABLE: true

> X-SMP-APNS-DATA: pushTest

> Content-Length: 0

> Host: localhost:8080

> Connection: Keep-Alive

> User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

 

This will make sure that your Apps application:didReceiveRemoteNotification:fetchCompletionHandler: is called, allowing you to react on the notification when your App is resumed or launched in the background. For instance to trigger a refresh of the local data.

 

Account Self-Service (SCIM)


Once you login the first time into HCPms 1.3 you’ll notice that there is a new tile on the home screen, labeled “Account Configuration”. This currently holds one option only: SCIM Type configuration.

The SCIM configuration allows you to delegate your user authentication to the SCIM capabilities of the Cloud Connector ("HCP SCIM" Option). This allows you to use an on-premise system like an SAP Gateway OData Service to be the source for your user authentication. Simply point the URL to the Service you want to use, HCPms will then forward BASIC Auth requests to this URL for all mobile applications in your account.

The other option is to select "HCPms SCIM". This allows a more granular setup of your authentication, where you can define a SCIM authentication URL for every mobile application individually. Here you also have the option to define a global URL that is used for all BASIC auth configured Apps that do not have a dedicated SCIM URL. Notice that SCIM is only available if your application is configured to use Security: Basic.

 


Same Origin Policy


With this application wide setting you can control whether you want to allow or disallow cross-origin resource access in your mobile application. This option controls the response headers that will be sent to your mobile apps. If Same Origin Policy is enabled, which is the default, then we always make sure that we send the corresponding header to the client. Example:

 

Access-Control-Allow-Origin: https://hcpms-d055161trial.hanatrial.ondemand.com

 

 

Download of Usage Data


With the feature of uploading usage data you can instrument your mobile application and gather usage information on the device, and upload it for further analysis to the server. Here the data will be stored and is waiting for you. With a simple click you can download the collected data and put them into SAP Lumira.

 


Capability based Push Notifications


We now provide capability-based push support. This enables you to send push notifications to devices with a particular capability, rather than to individual applications, allowing you to further abstract in your backend from devices and Apps. I'll later explain it in a separate blog post, if time allows.

 

 

Of course, we have included one or the other bug fix as well.

 

Have Fun,

Martin

1 Comment