Skip to Content
avatar image
Former Member

Using SMP 2.3 to authenticate user - Login logic issue

Anyone out there using SMP 2.3 as a way to authenticate a user credentials?

I have a mobile app wrapped in Cordova and I am using SAPUI5.  I have a login screen that the "Login" button makes a call using XMLHTTP to SMP that is passing user credentials.  If the credential is correct, SMP responds with an XML that has a valid ApplicationConnectionId and this can be verified because in SMP SCC, we see the user registered.  Below is the use case that is giving me a huge issue:

1. From the app startup, not coming out of suspended mode in iOS, user provides correct credentials.  When SMP responds, I look for the element ApplicationConnectionId, I grab that value and that tells me that user authenticated successfully.  I direct the user to the next screen, we can call that "Page2".

Note that once I've determined a succesful login, I don't need the application connection id anymore in the app, so I "unregister" the user from SMP;  This works cause we can validate in SCC that the user registration is now gone.  So at this point, I am not saving the value of application connection id, username and password at all.

2. From Page2, the "logout" sequence is does nothing more but does an app.to(page1) which brings the user back to the login screen.

3. Assuming that current user just left the app on the login screen or puts the app in suspend mode; the next user comes and use the app.  Assume they enter the wrong credentials; from my debugging and doing alert, I am passing the incorrect credentials yet SMP still responds that I can am able to parse out the application connection id.  thus directing the user to Page2.  I peform a "logout" to bring me back to the Login screen.

4. I try again with an incorrect credentials, and this time, I get a response from SMP with authentication failed and it keeps the user on the login screen.

I'm going crossed eyed here to make sure that I am not passing correct credentials at any point in the login process and at this point in time, I am super confident that I am not doing anything weird.  I know it's probably not ideal to this authentication with SMP this way, but it's what we've got and I think this works but just not sure if SMP is caching something on server end.

Any thoughts on this would be a great help.  thanks.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jun 11, 2014 at 08:48 PM

    You wouldn't happen to have some sort of SSO setup would you?  E.g. A
    SSO2token in the cookies after the first successful login.

    Thanks,

    Andrew.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Andrew.  No SSOToken with this phase.  This is a simple HTTPRequest call, read the response, look for the element ApplicationConnectionId, if it finds it parse out the value and direct the user to the next screen.  If credentials are incorrect, respond from SMP is something like:

      <error>....

      <message xml:lang='en-US'>UNAUTHORIZED</message>

      </error>

      So my parsing for ApplicationConnectionId would essentially fail.

      Thanks for the response.

      J