Skip to Content
Former Member
Jun 11, 2014 at 08:15 PM

Using SMP 2.3 to authenticate user - Login logic issue


Anyone out there using SMP 2.3 as a way to authenticate a user credentials?

I have a mobile app wrapped in Cordova and I am using SAPUI5. I have a login screen that the "Login" button makes a call using XMLHTTP to SMP that is passing user credentials. If the credential is correct, SMP responds with an XML that has a valid ApplicationConnectionId and this can be verified because in SMP SCC, we see the user registered. Below is the use case that is giving me a huge issue:

1. From the app startup, not coming out of suspended mode in iOS, user provides correct credentials. When SMP responds, I look for the element ApplicationConnectionId, I grab that value and that tells me that user authenticated successfully. I direct the user to the next screen, we can call that "Page2".

Note that once I've determined a succesful login, I don't need the application connection id anymore in the app, so I "unregister" the user from SMP; This works cause we can validate in SCC that the user registration is now gone. So at this point, I am not saving the value of application connection id, username and password at all.

2. From Page2, the "logout" sequence is does nothing more but does an which brings the user back to the login screen.

3. Assuming that current user just left the app on the login screen or puts the app in suspend mode; the next user comes and use the app. Assume they enter the wrong credentials; from my debugging and doing alert, I am passing the incorrect credentials yet SMP still responds that I can am able to parse out the application connection id. thus directing the user to Page2. I peform a "logout" to bring me back to the Login screen.

4. I try again with an incorrect credentials, and this time, I get a response from SMP with authentication failed and it keeps the user on the login screen.

I'm going crossed eyed here to make sure that I am not passing correct credentials at any point in the login process and at this point in time, I am super confident that I am not doing anything weird. I know it's probably not ideal to this authentication with SMP this way, but it's what we've got and I think this works but just not sure if SMP is caching something on server end.

Any thoughts on this would be a great help. thanks.