Fiori Mobile Client (iOS) with Single Sign On opti...

former_member489507 · ‎09-14-2018

We are looking to integrate our IDP (Provided by OKTA) and SAP Fiori Mobile Client on iOS to implement the single sign on functionality.

We are able to access FLP using Fiori Client and OKTA – but OKTA requires sign-in when the session ends, or when the app is closed and started again. (the SAML ticket is not persistent)

The other solution was to implement a mobile device management solution like Afaria to issue X509 certificates between the device and the SMP server - but this option is less favorable as it includes purchasing license for another product.(https://help.sap.com/saphelp_smp3012sdkmfadev/helpdata/en/c7/ee0275986543a9a9ddd1f1061f43e3/content....)

I read through the discussion here (https://answers.sap.com/questions/114897/fiori-saml2-with-touch-id-support-for-authenticati.html) and it looks like the only other solution is to implement SAP SSO with SAP Authenticator app - which is also not a desirable solution.(https://help.sap.com/saphelp_smp3012sdkmfadev/helpdata/en/f3/8288c9aad649d4881f9a1d0cdfe5fd/content....)

I was wondering if any one has had success in customizing the Fiori Client such that the SAML ticket could be made persistent when the app is closed?

Signing-in to the IDP everytime the app is opened is not a preferred way.

Additional question - If the Fiori Client were to receive push notifications - how does unavailability of persistent connection with the back-end affect the ability to receive notifications on the device?

abhijit_masih · ‎10-25-2019

Hi Arihant,

i was wondering if you were able to solve your problem?

Former Member · ‎09-28-2018

Hi, unfortunately I don't have an answer for you, but I'm working in a similar topic. I was thinking to do something in between your points 1 and 2. My understanding is that okta provides MDM features, so an x.509 scenario could be viable. Did you explore this option?

Also, in your point number 1, when you say "We are able to access FLP using Fiori Client and OKTA – but OKTA requires sign-in when the session ends, or when the app is closed and started again. (the SAML ticket is not persistent)" Are you using the pre-integrated SAP Fiori client that okta has in the Okta applications network? Does not it have persistence for the SAML certificate?

Now a question of curiosity, how is the experience from user perspective for your first integration with okta. Do they have to log in to the browser and then run the SAP fiori client, or you are using the Okta mobile app to allow you to use the native fiori client? Please let me know how does it work from user prospective, it is curiosity because I will be soon working with your same topics.

By the way, it is always possible to create a custom client to manage the persistence, although it is something you will also want to avoid.

Let me know your progress.

Thanks,

Fernando

Fiori Mobile Client (iOS) with Single Sign On options using IDP/SAML

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: Re Generate Co files and data files

Re: error during install SAP S/4HANA Server 2022

Re: BODS Job Stored Procedure

Re: Query does not work in Procurement Price Speci...

Re: Integrate an external task system to Cloud ALM...