Skip to Content
author's profile photo Former Member
Former Member

Using SMP 2.3 to authenticate user - Login logic issue

Anyone out there using SMP 2.3 as a way to authenticate a user credentials?

I have a mobile app wrapped in Cordova and I am using SAPUI5. I have a login screen that the "Login" button makes a call using XMLHTTP to SMP that is passing user credentials. If the credential is correct, SMP responds with an XML that has a valid ApplicationConnectionId and this can be verified because in SMP SCC, we see the user registered. Below is the use case that is giving me a huge issue:

1. From the app startup, not coming out of suspended mode in iOS, user provides correct credentials. When SMP responds, I look for the element ApplicationConnectionId, I grab that value and that tells me that user authenticated successfully. I direct the user to the next screen, we can call that "Page2".

Note that once I've determined a succesful login, I don't need the application connection id anymore in the app, so I "unregister" the user from SMP; This works cause we can validate in SCC that the user registration is now gone. So at this point, I am not saving the value of application connection id, username and password at all.

2. From Page2, the "logout" sequence is does nothing more but does an which brings the user back to the login screen.

3. Assuming that current user just left the app on the login screen or puts the app in suspend mode; the next user comes and use the app. Assume they enter the wrong credentials; from my debugging and doing alert, I am passing the incorrect credentials yet SMP still responds that I can am able to parse out the application connection id. thus directing the user to Page2. I peform a "logout" to bring me back to the Login screen.

4. I try again with an incorrect credentials, and this time, I get a response from SMP with authentication failed and it keeps the user on the login screen.

I'm going crossed eyed here to make sure that I am not passing correct credentials at any point in the login process and at this point in time, I am super confident that I am not doing anything weird. I know it's probably not ideal to this authentication with SMP this way, but it's what we've got and I think this works but just not sure if SMP is caching something on server end.

Any thoughts on this would be a great help. thanks.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Jun 11, 2014 at 08:48 PM

    You wouldn't happen to have some sort of SSO setup would you? E.g. A
    SSO2token in the cookies after the first successful login.



    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Andrew. No SSOToken with this phase. This is a simple HTTPRequest call, read the response, look for the element ApplicationConnectionId, if it finds it parse out the value and direct the user to the next screen. If credentials are incorrect, respond from SMP is something like:


      <message xml:lang='en-US'>UNAUTHORIZED</message>


      So my parsing for ApplicationConnectionId would essentially fail.

      Thanks for the response.


Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.