1 2 3 80 Previous Next

SAP for Mobile

1,191 Posts
Pete Lagana

UI5 Projects

Posted by Pete Lagana Aug 28, 2015

I am really excited about UI5, or I should say OpenUI5... I've done a podcast on this in the past, talking about the virtues, but the more we work with it, the more promise is revealed.  With OpenUI5 - SAP is really taking major steps to put proprietary UIs of the past in the rear view mirror - things like WebDynpro, NWBC, BSP, and BusHTML.  For those of us who have spent many an hour on JQuery, JS, and frameworks like Bootstrap, we understand the power of openness... We recently held an internal tech talk around UI5 and you would think the topic was really nuts and bolts... but we really found ourselves talking about the best way to actually do a UI5 project... With so much to sort through, we decided to do a VLOG to cover the most important points... More to come as we sort through Business Case, User Experience, Tech Options (even covering off if screen scrapers  or code generators make sense), Support, and Strategy...

Many time I got asked the question, how does SAP Mobile Platform 3.0 handle SSL Server Certificate validation and specifically how does Agentry WebSockets streaming protocol fit on all that.


In this blog, you will find a link to a WIKI that explains in details and describes the steps that SMP takes in order to validate the certificate.



As of SMP3 SP07 you can use SAP Web Dispatcher as a reverse proxy for SMP3. Depending on your landscape, this simplifies A LOT your architecture. And you can reuse your WD knowledge and gain support from SAP. Installing the WD is done as usual, with one caveat: you have to inform the commonlib which TLS to use:


ssl/ciphersuites = 896:HIGH
ssl/client_ciphersuites =896:HIGH

Without these parameters, WD will try to connect to SMP3 but won't be able to connect, as the response send by SMP3 cannot be interpreted (protocol not understood). With the above configuration, WD can connect to SMP3 using TLS. While this may look strange, it actually is necessary as SMP3 uses some high TLS security.

To understand better what these two parameters do, take a look at the Commonlib + Web Dispatcher SAP Note: 510007

For more information like a sample WD profile, read on here.

If you are looking for a place that will help you get started with HCPms, then you need to start here:

Hana Cloud Platform mobile service (HCPms) quick start customer content guide


This wiki is designed to be a central location that points to all written content to help with administering/developing HCPms applications.

SAP Afaria is available as a on premise and cloud version. The on premise version can be downloaded from SMP and installed locally on Windows Server. While this gives more flexibility than the cloud version – you are in control over the environment – it also means that you have to provide and configure the environment. This isn’t easy as it is up to you to configure the Active Directory, Certificate Authority, SQL Server and the Afaria components.


In case you still are interested in setting up your own SAP Afaria on premise test system, I’ve written a set of blogs that detail each step. Following the blogs, you’ll get a landscape starting from installing Windows Server, AD, CA, SQL Server and Afaria 7. The whole environment will be installed on the same server. Therefore, you cannot really use the blogs when installing a QA or PRD system. It is only intended for your personal try-it-out system. As for the operating system: you can use a Windows Server trial version from Microsoft or use a version available at Azure, AWS, etc.


For the installation I started with the Afaria version available under the Installation section in SMP, but you can also go directly for a higher version like SP5 if you want.


The blogs:

Afaria Setup 1: Windows preparations

Afaria Setup 2: Install roles – Active Directory

Afaria Setup 3: Install roles – Certificate Authority

Afaria Setup 4: Install roles – Certificate Authority – NDE

Afaria Setup 5: Install roles – Application Server

Afaria Setup 6: Configure SSL for IIS

Afaria Setup 7: Configure SSL for web application

Afaria Setup 8: Installation – SQL Server

Afaria Setup 9: Configuration – SQL Server

Afaria Setup 10.1 – Install Afaria 7 – Download installation package and install license

Afaria Setup 10.2 – Install Afaria 7 – Afaria Server

Afaria Setup 10.3 – Install Afaria 7 – SAP Afaria API Service and Administrator

Afaria Setup 10.4 – Install Afaria 7 – Afaria Admin


Going to be published soon:

Afaria Setup 10.5 – Install Afaria 7 – Self Service Portal

Afaria Setup 10.6 -Install Afaria 7 – Enrollment Server

Afaria Setup 10.7 -Install Afaria 7 – Package Server

Afaria Setup 10.8 – Install Afaria 7 – SCEP Plugin


Zebra offers an extended device management API with ruggedized Android devices like the Motorola TC70. Using this API offers the possibility to enable the device to setup the device quickly and run applications securely.

  • Manage personal certificates to proof device or user identity
  • Manage root certificates to setup trust to networks and applications
  • Manage the wireless interface to configure networks
  • Manage other communication interfaces
  • Manage the installation, update and configuration of applications
  • Manage barcode scanner configuration
  • Manage device settings like clock, language or the touch configuration
  • Sending intents or broadcast messages to the Android API
  • […] many more […]

The following document outlines the steps enabling Afaria to access the Zebra device management API.



The central element of the architecture is an Android application that listens to a broadcast receiver the Afaria client sends commands to. This commands will enforce the execution of the Mobility Extension device management API.



  1. The foundation of the device management API is the Mx (Mobility Extensions) layer.
  2. To enable the accessibility for the connector application the Motorola EMDK Android Application has to be installed on the device. (The EMDK is installed in future releases of the Zebra device firmware)
  3. The MDM Toolkit Connector App uses a broadcast receiver to listen to intents sent by the Afaria Client.
    1. The Afaria App will enforce the MDM Toolkit Connector to apply a configuration that is stored in an XML file on the file system
    2. The Afaria App enforces the MDM Toolkit Connector to request a certificate via static link library.
  4. The client file system holds XML, Application, and certificate files for the MDM Toolkit Connector App and stores the MDM Toolkit Connector App log for the Afaria Client.
  5. The Afaria App receives Session Script commands “Execute Program: am <broadcast […]>” to enforce the MXM Toolkit Connector app applying the configuration and it manages the XML, Application and Certificate files on the client file system.
  6. The Afaria Package Server component receives the certificate request of the static link library and forwards it to the certificate authority.
  7. The Afaria Session Manager component holds the script files that send XML, Application and certificate files from the server file system to the client file system and receives log files from the client file system.

Building the MDM Toolkit Connector Application

The following section will outline the implementation of the MDM Toolkit Connector application and present the technical background.


In the past Motorola started building the Mobility Extension API to support the device configuration and a basic device management. The device listens to XML files sent to a specific folder and signed by a certificate provided during deployment process. The next step was implementing the EMDK. An Android Firmware Update provided by Zebra encapsulate the XML signing and configuration applying process and provides the possibility to include configuration files into applications that can trigger the configuration. Currently Zebra starts to ship the MDM Toolkit to enable MDM vendor to integrate the configuration API into device management software.


The implementation

The application design is quite simple. A broadcast receiver listens to commands send by the Afaria Client. According to the send command the application will

  • Either: Consume a XML file in the working folder and apply the configuration. If  extra files are required, it has to be in the working folder
  • Or: Manage a device certificate that will be stored in the device key store. Depending on parameters it will happen:
    • Nothing. If a valid certificate is installed and it will not expire in X days
    • A new certificate is requested with the Afaria Static Link Library and it will replace to old certificate


Every action will be stored in a log file in the working folder. If the XML was processed correctly by the Device Management Framework, the framework call will return exact the same XML. Errors in the configuration will be shown in the returned XML. These results and other program calls are stored in the log file in the working folder.

Calling the MDM Toolkit Connector Application in Afaria

The exact call depends on the implementation of the broadcast receiver.

am broadcast.png

Our Implementation listens to <App-Identifier>.<COMMAND-NAME> <extras>.

Lessons Learned

  • Android devices show a different behaviour depending on their operating system. Calling the activity manager (am) from the Afaria application requires a right to do this. "broadcast -a com.sap.mit.APPLY_MDMTOOLKIT_CONFIG_FILE --es filename <%ConfigFileName> --user 0" In Android 4.4.2 the user context needs to be set.
  • Calling the activity manager is always asynchronous. The only possibility to wait for feedback is the usage of the script "Wait for file to exist" with a file that never exist.
  • If we would connect the devices to the session script that executes the broadcast without any checks, the MDM API would be connected every time. A controlling mechanism is required. We decided to use a change tracking mechanism.
    • We defined a variable that is set, if an XML file is sent to the device. Only if this variable is set during a session, the configuration will be applied. If a configuration must be updated, the administrator needs to update the XML files on the Afaria Server. Only in this case the session will send a file to the device.
    • Our use case was managing only one personal certificate on the device. We built the certificate managing logic in the application. We keep the certificate metadata in the app trigger a check by broadcast. The app decides, if it calls the static link library and the MDM API to install a new certificate.
  • We received the log file from the client during sessions and store them in a folder.
    • The connector application logs, if actions are successful or not and it translates the log file that is returned by the Mx API.
    • The Mx API returns an identical XML, if the configuration is applied successfully. It is enough to extract the header.
    • The Mx API modifies the XML, if the configuration is only applied partially. Errors can be extracted.

Example XML






  <characteristic type="Clock" version="4.2" >

    <parm name="AutoTime" value="true"/>

    <characteristic type="AutoTimeDetails">

      <parm name="NTPServer" value="ch.pool.ntp.org"/>

      <parm name="SyncInterval" value="00:30:00"/>





  <characteristic type="WirelessMgr" version="4.3" >

    <parm name="Bluetooth" value="2"/>

    <parm name="BluetoothState" value="2"/>

    <parm name="NFCState" value="2"/>

    <parm name="GPSState" value="2"/>

    <parm name="WWANState" value="1"/>




  <characteristic type="AppMgr" version="4.2" >

    <parm name="Action" value="Install"/>

    <parm name="APK" value="/storage/sdcard1/AfariaMDMToolkitConnector/Fiori.apk"/>




  <characteristic type="CertMgr" version="4.2" >

    <parm name="CertAction" value="1"/>

    <characteristic type="cert-details">

      <parm name="CertAlias" value="Company Root CA"/>

      <parm name="CertType" value="5"/>

      <parm name="CertMethod" value="2"/>

      <parm name="CertFileCA" value="/storage/sdcard1/AfariaMDMToolkitConnector/CompanyRootCA.pem"/>

      <parm name="CertAdjustClock" value="false"/>





  <characteristic type="TouchMgr" version="0.3" >

    <parm name="TouchAction" value="Stylus and Finger"/>





The configuration file is a wap-provisioningdoc that can consist of multiple characteristics


This characteristic modifies the clock on the device







This characteristic modifies the wireless components on the device








This characteristic installs the Fiori app on the device, if the file is stored in the file system.






This characteristic installs the root certificate on the device.












This characteristic changes the touch method on the device


Enterprise mobility management (EMM) continues to be of strategic importance according to market analysts. A quick glance at the countless number of companies who have adopted EMM solutions will tell you the same thing – EMM provides the foundation the ability for companies to improve productivity through mobility.


According to the analyst firm 451 Research, the current enterprise mobility management market is made up of 125 vendors of all sizes. While this may be considered an overwhelming number of vendors, many of them are new entrants to the market and only a handful are well established. The established vendors, including SAP are championing the enterprise mobility management space, innovating to simplify mobility. The report The Top Five Enterprise Mobility Management Vendors, published in April 2015, identifies the companies that are leading the EMM field – and SAP is in the top five.


In order to make it into this lucrative top five, vendors must be actively working to address the growing needs of enterprises. 451 Research positions SAP as an early adopter and promoter of dynamic mobile solutions; the report states that over the last five years, SAP has “shifted its emphasis from device management to app enablement, which is ahead of the EMM market as a whole”. SAP is a company that has always prided itself on forging the technology trail, and its success with app enablement is based on the company’s broad enterprise application focus.


The words “SAP” and “integrated” can be found coupled together often in the report, demonstrating that SAP’s EMM offering is much more than just a stand-alone solution. The report says it best: “SAP's emphasis on mobile has moved from stand-alone but integrated EMM and Mobile Application Platform to app development philosophy targeting all end points in the enterprise.” With integration to vital systems such as SAP Fiori, SAP HANA, SuccessFactors and Ariba, SAP’s enterprise mobility management offering is powerful and unrivaled. It’s easy to see why SAP is one of the top five EMM vendors.


To read the full report, click here.

One of the question I get asked is:  What does it mean the following error in the MobiLink Log:


"The consolidated and remote databases disagree on when the last synchronization took place, the progress offsets are 123 in the consolidated database and 103 in the remote database. The remote is being asked to send a new upload that starts"




In order to discuss this, we have created a WIKI that explains the use case of how MobiLink and UltraLite deal with this situation and in what situation the system cannot recover.


WIKI: http://wiki.scn.sap.com/wiki/x/WAG6GQ

Want to learn how to use SAP Mobile Secure and Afaria to manage and secure corporate email, apps and content on Android?
Register now for our upcoming Meet The Expert session on Android for Work scheduled for September 10th.


If you can't make that date, you may check out the Replay Library in the SAP Enterprise Academy to watch the recording of this session.

Check the Delivery Method "Meet the Expert - Replay Library" and simply search for 'Android for Work'.


The following topics will be covered in this session:


  • How to fully secure corporate data
  • Explanation of key policies
  • Simple and efficient application management



  • Learn how to acquire a Google domain and enterprise token to enable Android for Work functionality.
  • Be able to create and deploy Android for Work applications.
  • Be able to update the Mobile Device management console to support Android for Work.

SAP HotNews are now being used to notify customers about important product related topics for SAP Afaria and SAP Mobile Secure.


HotNews are priority 1 SAP Notes and are only used to tell you how to resolve or avoid problems that can cause the SAP system to shut down or lose data.


You can create your own filters based on your specific needs to receive HotNews notifications on the SAP Support Portal.


How to guide 1:

  1. Go to SAP Support Portal and log in with your S-User account
  2. At the top click at the drop down menu next to your name and select 'Change my notifications and subscriptions
  3. Configure the notification mechanism, format and how often you would like to get notified
  4. Tick the box to enable notification for 'SAP HotNews'
  5. Create an appropriate filter for your needs by selecting the 'Define Filter' behind the SAP HotNews option

How to guide 2:

  1. Go to SAP Support Portal and log in with your S-User account
  2. Click 'Knowledge Base & Incidents at the top of the page'
  3. Click 'SAP Note& Knowledge Base Article Notifications' on the left hand side
  4. Click 'Manage your filters and notifications'
  5. Configure the notification mechanism, format and how often you would like to get notified
  6. Tick the box to enable notification for 'SAP HotNews'
  7. Create an appropriate filter for your needs by selecting the 'Define Filter' behind the SAP HotNews option



Hint to create your notification filter:

SAP Afaria is currently listed as 'Sybase Afaria'

SAP Mobile Secure Cloud is currently listed as 'SAP Afaria Cloud'

To All SAP Agentry/SMP 3.0 users,


SAP Global Services and Support (GSS - One Service) tries to be proactive in giving resolutions out to the customer to be readily available before the need arises.


Based on some internal and external installation of SAP Mobile Platform/Agentry Products in Windows Mobile 5.0/5.1 OS or iOS 9 (example: Motorola MC70), the KBA document will help users troubleshoot issues tied to Windows Mobile 5.0/5.1 or iOS 9. This SCN blog/article can be used as a quick check or fix.


We understand that customers may still have several thousand older devices released in Windows Mobile 5.0/5.1 (ex: MC70). With this article we hope that your upgrade or connectivity to SMP 3.0 (Agentry) will work.


Please review the Knowledge Base Article (KBA) below (proper SAP access required):


2202742 - Authentication error accessing SAP SMP 3.0 using Windows Mobile 5.0/5.1 devices (MC70) or iOS 9 - Agentry Client


The goal of SAP AGS mobility support is to share the knowledge on key areas to properly support the users and customers using the SAP mobile products.

Best Regards,

Mark Pe

SAP Platinum Support Engineer (Mobility)

Please review the new Support on One Page wikis that have been created to provide you with a quick overview of the selected product in regard to available training sessions, hot issues, latest product updates, planned product related events, top KBAs, QuickIQs and much more.


Currently available for the following products and components:




SAP Mobile Platform


SAP Mobile Secure Cloud


SAP Afaria


The content was selected based on customer requests.

If you would like to see additional content, have questions, concerns or constructive feedback, please let us know.

This morning a new Android client for Afaria and Mobile Secure was released to the Play Store.   The new version of the client is 7820 and the release notes for this client can be found here:


Current Android client release August 2015 - Afaria

What are the requirements for Afaria and Mobile Secure to support iOS 9?


Due to a change in iOS 9, a patch to Afaria servers will be required for iOS9

device support. Devices that are updated to iOS 9 will not be able to

communicate with un-patched Afaria servers    SAP will be providing the code

fixes in the following versions:


  • Mobile Secure 3.1 has been released
  • Afaria 7 SP4 HF19 has been released
  • Afaria 7 SP5 HF13 has been released 
  • Afaria 7 SP6  - Release date August/September 2015


We strongly suggest that you apply the appropriate patches for on premise
installations as soon as they are available to avoid any disruption.  Mobile
Secure cloud customers will not need to make any change and the updates will
already be in place.


Note: iOS 9 has made a few changes that may affect your deployment


1) When using client-first enrollment (using the SAP custom signed Afaria
app) the behavior has slightly changed in that you must “trust” the enterprise
app by going to app settings > general > profile and accept the app.


This will add an extra step in the enrollment process.  This does not affect
the client first enrollment using the SAP App Store Client.  This will not
affect customers using MDM-first enrollment through the Afaria Self-service
Portal or a custom portal or Mobile Secure cloud customers.


2) Apple has moved the capability to block access to the App Store to only be
available on Supervised devices.  Devices that are not supervised will no longer
be able to block access to the Apple App Store.


Please see the following KBA for any updates:


SAP Mobile application for Inventory Management and Warehouse Management



Some of the new key features of SAP Inventory Manager 4.2 are:


This release includes new functionality and features like :

  • Stock transport order
    • Ability to search/download STO
    • Ability to view STO details
    • Ability to perform goods issues and receipt against a STO
  • Support consignment stock
  • Purchase requisition
    • Ability to create/edit/delete purchase requisition
  • Outbound delivery process
    • Ability to download outbound delivery document
    • Perform confirmations against outbound delivery document
  • Ability to change bin quantity during bin to bin transfer




For the latest version of the installation guide, see the SAP Service Marketplace at service.sap.com/instguides → SAP Mobile → SAP Inventory Manager-> SAP Inventory Manager 4.2

SAP Inventory Manager 4.2 Installation Guide

SAP Inventory Manager 4.2 Configuration Guide

SAP Inventory Manager 4.2 Installation Guide

SAP Inventory Manager 4.2 Java Docs

SAP Inventory Manager 4.2 User Guides

SAP Inventory Manager 4.2 Sizing Guide


SAP Inventory Manager important notes


2158268 - Software Release Note - SAP Inventory Manager 4.2

2158270 - Release Restrictions Note - SAP Inventory Manager 4.2

2016828 - SAP Inventory Manager ABAP Add-On Installation Master Note


SAP Inventory Manager Software Pre Requisites for SAP ERP System:

SAP ERP 6.0 (SAP ECC 6.0) with SP15









Customer can only choose one scenario for the deployment:

1) Base SAP Inventory Manager 4.2 with only IM Inventory functions

2) SAP Warehouse Manager 1.2


Base SAP Inventory Manager 4.2 with only IM Inventory functions

Install the following ABAP Add-ons in ERP System:

SMFND 610_700 with Support Package 05

SMERP 610_700 with Support Package 05


SAP Warehouse Management 1.2

Install the following ABAP Add-ons in ERP System

SMFND 610_700 with Support Package 05

SMERP 610_700 with Support Package 05


Ugrade from existing Inventory Manager 3.X,4.0  to Inventory 4.2



SMFND 610_700 Installation Package

SMFND 610_700 Upgrade Package


Reference note: 1936049- How to upgrade ABAP AddOn SYCLO 3XX_700 to SMCRM 610_700  (Steps are similar for Inventory Manager 4.2)


SAP Knowledge Base Articles

1957056 How to install or upgrade to Mobile Syclo AddOn 600_700 or 610_700


Note: - Both .SAR files should in same queue before importing.



SAP Mobile Add-on download link

https://support.sap.com/swdc -> Installation & Upgrade -> SAP Mobile Solutions



POST Installation BC SET activation

Depending on your requirement activate appropriate BC set


/SMERP/SAP_INVENTORYMGR_42_REF : SAP Inventory Manager 4.2 BC Set – Reference 

/SMERP/SAP_WAREHOUSE_MANAGER_12_REF : SAP Warehouse Manager 1.2 BC Set - Reference


Customer Support

For any support related inquiries for SAP Inventory Manager 4.2 please open an incident using component MOB-SYC-SAP.


Additional reference SAP notes for Inventory Manager 4.2


2175488 - SAP Inventory Manager - Outbound Issue List missing columns on WinCE Client.


Demo Inventory Manager 4.2 Apps  can be downloaded from   Appstore for iOS platform or from Google play for Android platform.


Filter Blog

By author:
By date:
By tag: