How To... Configure SMP Apps Using Mobile Secure

(1)

SAP How-to Guide SAP Mobility

SAP Mobile Secure and SAP Mobile Platform

provided by SAP Mobile - Rapid Innovation Group

Applicable Releases:

SAP Afaria 7.0 (SP5)

SAP Mobile Secure (2.5)

SMP 3.0 (SP5)

Version 1.0

February 2015

(2)

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc.

JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG. This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.

SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.

The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.

SAP “How-to” Guides are intended to simplify the product implement-tation. While specific product features and procedures typically are explained in a practical business context, it is not implied that those features and procedures are the only approach in solving a specific business problem using SAP NetWeaver. Should you wish to receive additional information, clarification or support, please refer to SAP Consulting.

Any software coding and/or code lines / strings (“Code”) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent.

Disclaimer

Some components of this product are based on Java™. Any code change in these components may cause unpredictable and severe malfunctions and is therefore expressively prohibited, as is any decompilation of these components.

(3)

Document History

Document Version Description

(4)

Typographic Conventions

Type Style Description

Example Text Words or characters quoted

from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options.

Cross-references to other documentation

Example text Emphasized words or phrases in body text, graphic titles, and table titles

Example text File and directory names and their paths, messages, names of variables and parameters, source text, and names of installation,

upgrade and database tools.

Example text User entry texts. These are words or characters that you enter in the system exactly as they appear in the documentation.

<Example text>

Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system.

(5)

1. Business Scenario

Among the many challenges in rolling out mobile apps is the distribution of your App to your target audience as well as providing the required configuration settings for the app. The configuration data could be the SMP server IP address, port, as well as provisioning certificates required for device registration and/or Single Sign-On (SSO) to the mobile device should they be a requirement.

2. Background Information

This document provides an overview of steps that one would need to follow to leverage SAP Mobile Secure to configure a Mobile Application built using SMP 3. The same libraries and setup described in this guide are applicable to Kapsel and Native Apps on SMP3 as well as Hybrid Web Container and Native Apps on SMP 2.3 and later, for the earlier versions specified, this guide should help you implement the end-to-end scenario for yourself, further information may be found in the

appropriate product documentation.

The steps described in this guide will be based on Mobile Secure (Cloud); however most of the steps are applicable to SAP Afaria (On-premise).

3. Prerequisites

This guide relies on you already having a Kapsel App to test this scenario with, for details on creation of a basic Kapsel App and implementing the Logon Plugin, please refer to the appropriate documentation or relevant How-to-Guide.

The following are pre-requisites that must be met in order for you to complete the business scenario in this H2G:

 A valid Mobile Secure Cloud account, a trial version may be obtained at https://portal.sapmobilesecure.com/free_trial.php

OR

 SAP Afaria on-premise 7sp3 or later. AND

 Access to the Admin Portal / MDM Administration Console.  An existing Kapsel project which includes the Logon Plugin.

 To test App registration, the Application created and configured on your SMP Runtime Server.

 An SMP 3.0 or later runtime server with the Hybrid (Kapsel) .  SAP Mobile Secure (or Afaria on-premise).

 An existing Kapsel App that uses the Logon Plugin.

(7)

March 2015 2

4. Step-by-Step Procedure

This H2G provides a basic procedure to follow for provisioning your SMP Kapsel Application with initial settings and registering on the SMP Runtime using those settings without having to provide them to the user for manual entry or having to hard-code the configuration into the App. The guide will take you through the steps required to add your Kapsel Application to Mobile Secure for distribution and configuration using MDM.

We will use Application Policies in MDM to provide the configuration settings for our Kapsel App and link that Application Policy to an appropriate group to ensure that the App (and the settings) are only deployed to an authorized user (by virtue of their group membership).

It’s important to note that the our App will use the Afaria Static Link Library (SLL) to connect to the MDM Package Server (Afaria) server from the mobile device to fetch the App configuration (and, if required, certificates). The Kapsel App will automatically check if there is an MDM client on the device when it is first run and if so try to fetch the configuration settings from the MDM Package Server. In Kapsel, this is achieved through the Logon Plugin without having to modify a single line of code within your Kapsel Project. It is also possible to implement the Afaria Static Link Library (SLL) which the Kapsel Logon Plugin uses in a Native Application and retrieve settings/certificates in the same manner using only a few lines of code, this is not covered in this guide.

4.1 Test Your Kapsel App without MDM

1. Install your Kapsel App onto your test device and launch the App.

(8)

March 2015 3

3. We will now add the App to Mobile Secure and provide the settings to our user automatically.

4.2 Create a new App on Mobile Secure

1. Logon to your SAP Mobile Secure Admin Portal with the appropriate Admin role. 2. Click Applications from the main dashboard.

(9)

March 2015 4

4. Select Enterprise Application and click Next to launch the Application workflow.

(10)

March 2015 5

6. Before Moving to the next step make sure you select the Deploy to managed users only checkbox. This will create an app policy in MDM and allow us to add the App configuration we need.

It’s important to note the Deploy to managed users only step described above is applicable to devices that are enrolled in MDM and would have the MDM client installed on the device. The functionality provided by the Static Link Library (SLL) is dependant the MDM client and MDM relationship between the device and MDM server in order to retrieve the settings for the App.

(11)

March 2015 6

8. In OS Platorm, select Android.

9. Select the appropriate Form factor checkboxes.

10. For App binary, click the Browse button and locate the binary file for your Kapsel project. This may take a while to upload, depending on the size of your Kapsel App.

11. Once, the upload is complete, click OK.

(12)

March 2015 7

13. Click OK.

14. You will see your new supported platform listed with a State of New in the listing, you could add additional operating systems and form factors as required.

15. Click Save.

16. Click the Actions button and then click Set to Production in the pop-up menu.

(13)

March 2015 8

4.3 Add the App Seed Data through MDM

We will now need to put the App’s configuration data (IP address of your SMP Server, Port etc) into the MDM Administration Console by way of creating an Application Policy. Currently, this is a separate user interface, which can be launched directly from the Mobile Secure administration dashboard.

(14)

March 2015 9

2. A new browser window will be launched for the MDM Administration (Afaria). You should be authenticated automatically via SSO.

3. Click Policy.

4. Now, locate the Android Application Policy which was automatically created in MDM when you published your Kapsel App in the Mobile Secure Admin Portal.

Note that an Application Policy and a Static Group for your Policy is automatically

generated from the Mobile Secure Administration Portal everytime you add a new App. The Policy should be easy to locate based on type, Last Modified date and the generated Policy name.

5. Click the Edit toolbar button for the selected App Policy and review the details.

(15)

March 2015 10

7. You will need a settings file to upload.

It is vital that you create a settings file and upload it, rather than pasting the text of the settings file directly into the MDM Admin Console.

Take particular note of the formatting, the settings are in the format

setting1=value1;setting2=value2 etc. They have to all be entered on the same line, word wrap to the next line is ok but do not enter each setting on a separate line.

8. Using your favorite text editor, create a new file called settings.txt and enter the configuration parameters you require for your App’s seed data. See the online SMP documentation located at http://help.sap.com/mobile-platform/ for details of the supported fields for your SMP version. Your content should look something like this, with the appropriate servername and port for your SMP server.

servername=1.2.3.4;serverport=8080;ishttps=false;vaultpolicy=defaulton;usercreationpolicy= automatic;

The example below for illustration purposes would be for creating a secure connection and using a certificate for user registration in SMP. The certificate request to your CA would be proxied through SMP view the Static Link Library, dependent on the CA settings being present in your MDM configuration.

servername=smp.server.com; serverport=8443; ishttps=true; vaultpolicy=defaulton; usercreationpolicy=certificate

(16)

March 2015 11

10. Click Save to commit your changes to the Application Policy.

11. Now we will simply need to assign the Application Policy to a Group. In this case we have selected “All Devices” for illustration purposes only.

12. Click the Link icon in the left hand toolbar with your Application Policy Selected.

13. In the link pane on the right, select the group of your choice and click the Link button, as shown.

(17)

March 2015 12

4.4 Test your Kapsel App Registration

1. On your device, open the Afaria MDM client.

2. If required, click the refresh button and locate the application you added in the previous steps. If it is not available, check your group assignment again.

3. Ensure that the App you tested with in the beginning of this document is uninstalled from the device before installing the app through the MDM (Afaria) client.

4. Install and run the App.

5. You should see the Registration screen shown below, without the server fields you saw in the beginning of this document.

6. If you have created the Application on your SMP server, enter your credentials and click Submit.

(18)

March 2015 13

Note, in the example screenshot above, the first entry in my App registration was created using a certificate, as shown in the User Name field.

(19)

www.sap.com/contactsap