1 2 3 9 Previous Next

SAP BusinessObjects Mobile

132 Posts

This blog discusses IOS 9 security changes and its impact on SAP BusinessObjects Mobile SSL or HTTPs connections.


With introduction of IOS 9 apple has added certain security measures and mandates that might cause existing setups not to work with certain SSL based setups which do not follow the IOS 9 security recommendations.


Quoting ATS requirements from Apple Site :-

Cocoa Keys Section "Requirements for Connecting Using ATS"

iOS 9.0 Whats New in IOS.




"Requirements for Connecting Using ATS

With ATS fully enabled, your app’s HTTP connections must use HTTPS and must satisfy the following security requirements:


  • The server certificate must meet at least one of the following trust requirements:The negotiated Transport Layer Security version must be TLS 1.2
    • Issued by a certificate authority (CA) whose root certificate is incorporated into the operating system
    • Issued by a trusted root CA and installed by the user or a system administrator
  • The negotiated TLS connection cipher suite must support forward secrecy (FS) and be one of the following:
  • The leaf server certificate must be signed with one of the following types of keys:
    • Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits
    • Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
  • In addition, the leaf server certificate hashing algorithm must be Secure Hash Algorithm 2 (SHA-2) with a digest length of at least 256 (that is, SHA-256 or greater)."


It is also recommended to follow the ATS requirements which is more secure way for SSL communication.

This blog discusses about how to enable tracing for SAP BusinessObjects mobile server for troubleshooting issues with the SAP BusinessObjects Mobile App.


Errors encountered on the SAP BusinessObjects Mobile App may not always be App issues and would require further logging on the mobile server to troubleshoot and share logs for deeper analysis.


To set log levels for the Mobile server component, you need to create three environment variables in the system where Mobile Server is deployed.


  • BO_TRACE_LOGDIR: Specifies the path to the folder where logs are generated.
  • BO_TRACE_CONFIGFILE: Specifies the path to BO_trace.ini.
  • BO_TRACE_CONFIGDIR: Specifies the path to the folder where BO_trace.ini is located.


BO_trace.ini is the configuration file where multiple log levels can be set. This file is available in the location like for example tomcat ..webapps\MobileBIService\WEB-INF\conf. There are different log level types: trace_none, trace_debug, trace_path, trace_information and trace_error.


The following table describes the logging level importance in decreasing order of detail:


SeverityConfiguration Value
ERRORtrace_ error


To set the log level, perform the following steps:


  • Open the BO_Trace.ini file for editing.
  • Set the required logging level for each unit as above.


Set dedicated folder for server logs

By default, the path to BO_trace file location is accessed from BO_TRACE_CONFIGFILE.

However, It can also be configured in web.xml by specifying a new context parameter "mobi.trace" and specifying the path value "/WEB-INF/conf/BO_Trace.ini".


Sample BO_trace.ini

  • sap_trace_level = trace_none; // Developer log information
  • sap_log_level = log_none; // Administrator log information
  • size = 10; // Size of log file
  • keep = false; // Retain the log file

Kerberos is an Authentication mechanism wherein no passwords are transmitted over the network. The server depends on a trusted ticket issued by a Ticket granting server, which the client sends in the request from the client to the server.

In order to enable Kerberos based authentication for the Mobi iOS application a few simple steps are to be done both on the iOS device and the Mobile server. Below we outline what these steps are and how they are to be done.


Supported on SAP BusinessObject Mobile 6.3 onwards(iOS only)

Supported on SAP BI Platform 4.1 SP07 only


(Note: This entire document is written assuming that the BI Platform is configured for Kerberos based Authentication. Kerberos SSO is supported only for normal BOE Connections from mobile. Connections involving SUP and SMP are not supported)

Configuring the iOS Device


On iOS Kerberos is controlled by a configuration profile which guides iOS framework so as to how Kerberos tickets should be handled. This profile can be installed from any MDM tool.  If you do not have an MDM tool then you can host the file on any application server and access the link on the safari browser. iOS will automatically detect it as a Kerberos SSO profile and will come up with the installation screen.The configuration profile should have a .mobileconfig extension. Let us look at a sample Configuration profile and check what values we are supposed to update.


  1. <?xml version="1.0" encoding="UTF-8"?> 
  2. <!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
  3. <plist version="1.0"> 
  4. <dict> 
  5.   <key>PayloadContent</key> 
  6.   <array> 
  7.     <dict> 
  8.       <key>PayloadDisplayName</key> 
  9.       <string>SSO Settings</string> 
  10.       <key>PayloadType</key> 
  11.       <string>com.apple.sso</string> 
  12.       <key>PayloadVersion</key> 
  13.       <integer>1</integer> 
  14.       <key>PayloadUUID</key> 
  15.       <string>d3fe4709-0cc6-4f51-afed-839c6ab1451c</string> 
  16.       <key>PayloadIdentifier</key> 
  17.       <string>com.sap.example.sso</string> 
  18.       <key>Name</key> 
  19.       <string>username@EXAMPLE.COM</string> 
  20.       <key>Kerberos</key> 
  21.       <dict> 
  22.         <key>PrincipalName</key> 
  23.         <string>username</string> 
  24.         <key>Realm</key> 
  25.         <string>EXAMPLE.COM</string> 
  26.         <key>URLPrefixMatches</key> 
  27.         <array> 
  28.           <string>https://example.com/</string> 
  29.           <string>https://example.com:443/</string> 
  30.         </array> 
  31.         <key>AppIdentifierMatches</key> 
  32.         <array> 
  33.           <string>com.apple.mobilesafari</string> 
  34.           <string>com.sap.*</string> 
  35.         </array> 
  36.       </dict> 
  37.     </dict> 
  38.   </array> 
  39.   <key>PayloadOrganization</key> 
  40.   <string>SAP</string> 
  41.   <key>PayloadDisplayName</key> 
  42.   <string>SSO for SAP</string> 
  43.   <key>PayloadVersion</key> 
  44.   <integer>1</integer> 
  45.   <key>PayloadUUID</key> 
  46.   <string>f4544183-fc96-495f-a384-435cdb66e5b9</string> 
  47.   <key>PayloadIdentifier</key> 
  48.   <string>com.sap.example.sso.profile</string> 
  49.   <key>PayloadDescription</key> 
  50.   <string>SSO Configuration profile</string> 
  51.   <key>PayloadType</key> 
  52.   <string>Configuration</string> 
  53. </dict> 
  54. </plist>



PayloadDisplayNameDo not modify this string. Leave it as it is
PayloadTypeDo not modify this string. Leave it as it is.
PayloadVersionDo not modify this string. Leave it as it is.

This should be a unique Id which can be generated from the following website



This should be modified so that it reflects your company domain.

                                    Example: com.<your company name>.mobi.sso

NameAny name for the Profile which you are creating
PrincipalNamePrincipal name the winAD user name with which the Kerberos login happens.

This should be the Kerberos Realm. In the case of Active Directory, that’s usually going to be an AD domain.


This is the URL to which iOS will append the service ticket. It can have multiple entries. Of these entries at least one of them should be of the following format.

http://<Host Name FQDN>:<Port> of the Mobile Server

FQDN is the fully qualified domain name.

AppIdentifierMatchesThis is the list of applications which are eligible to use Kerberos based Authentication. No changes are to be made here since we already have com.sap.* which includes the Mobi iOS application for which the app id is com.sap.mobi
PayloadOrganizationYour organization name.
PayloadDisplayNameName for this SSO payload. Any string can be given here
PayloadVersionDo not modify this string. Leave it as it is

This should be a unique id which can be generated from the following website



This should be modified so that it reflects your company domain.

                                    Example: com.<your company name>.mobi.sso.profile

PayloadDescriptionAny description of the payload profile.
PayloadTypeDo not modify this string. Leave it as it is.



This configuration profile must be modified carefully before deploying since this is the single source which tells iOS how and when to append the Kerberos service ticket. Utmost care should be taken while providing values for Name, PrincipalName, Realm and URLPrefixMatches.



Configuring the Import Connection Server


SSO connections in SAP BusinessObjects Mobile can be setup only using Import server URL. Following connection configuration need to be done on MOBI configuration server (MOBIServer) in the server.properties file.





SSO_Kerberos.DisplayName – This can be any string which will be your connection name

SSO_Kerberos.BOBJ_MOBILE_URL – This is the mobile server url. The url given here and the url given in the URLPrefixMatches of the iOS configuration profile prescribed in the previous section must be the same. (URL’s should be FQDN*)

SSO_Kerberos.BOBJ_MOBILE_CMS – This should be CMS cluster name or FQDN hostname running the BI Platform CMS.

SSO_Kerberos.BOBJ_MOBILE_SSO_ENABLED – Do not change the value! Let it be true

SSO_Kerberos.BOBJ_MOBILE_SSO_TYPE– Do not change the value. Let it be kerberos.

Configuring the Mobile Server


Last but not the least the mobile server must be enabled for kerberos based authentication. You will be required to carry the following three steps in order


*Stop tomcat server

*Modify sso.properties, authscheme.properties and web.xml

*Clean start tomcat server.


Let us see the changes to be made for the three files mentioned above.


Changes for sso.properties




  1. Uncomment default.cms.identifier and assign it the value 1
  2. Uncomment aliases and give it the value which you gave for SSO_Kerberos.BOBJ_MOBILE_CMS described in the previous section.
  3. Uncomment authentication.scheme and assign it the value KERBEROS.


Changes for authscheme.properties



  Uncomment the KERBEROS property as highlighted in the above image.

Configuring web.xml


Replace the Web.xml which exists in MobileBIService with the attached web.xml file! A few parameters mentioned below should be provided with values which are specific to your environment.









































The values for each of these keys can be found in global.properties which would be created when setting up BI Platform with kerberos. global.properties can be found under installation folder\tomcat\webapps\BOE\WEB-INF\config\custom\global.properties.



Troubleshooting and Help




  • Kerberos SSO does not seem to work on iPad – This might be due to a variety of reasons

        But it would be good to check the following few things on the device before investigating further


               User’s DNS server settings details must be included from where the ticket-granting

               server needs to provide the ticket to iPad. This includes adding the entries in DNS

               and Search Domains Under the IP address settings of the Wi-Fi network connected.



               If you get a Username/Password Authentication popup while trying to connect to a

               kerberos connection try restarting the iPad since the profile installed on the iPad

               requires a restart at times.



We would like to use web service query (Query as a Webservice) in dashboard mobile. It works fine in desktop but in mobile we get this error "Enterprise authentication could not log on. Please make sure your logon information is not empty". Does anybody have a good answer on how to solve this problem without a hardcoded user?



We have fixed the below issue and the new version of the application is now available in AppStore with version 6.2.4






Hi All,


It has been observed that if you are on iOS version 8.4 and then triggered an update of SAP BI app from version 6.1 to 6.2.3 product becomes unstable in some cases . Only workaround at this point of time is to delete & install the application again.



For those who have not yet updated the app to the latest version, we would recommend to remain on older version. We are actively working on a patch to ensure a smooth upgrade & we will keep you updated regarding this.




SAP Mobile BI 6.2 is planned for release during the first week of July - both iOS and Android.  Special thanks to Srikanth Rao for this webcast.


Please note the usual legal disclaimer applies that things in the future are subject to change


First a review of the general features.  SAP is trying to harmonize content types, so you can annotate on top of any content type, it has SSO capabilities; depends on your BI Platform.  SAP wants to ensure the experience is consistent


Enhancements 6.2 – first week of July


Figure 1: Source: SAP


Figure 1 shows a new feature; you can use the Apple Touch ID secure documents/apps


It validates your touch ID and fingerprint


If there are confidential documents, you can add more security by enabling touch ID for documents


Mobile security is always a prime concern


The administrator can control this behavior; the end user can choose to take advantage of touch ID



Figure 2: Source: SAP


Today support 6 different content types; in additional will support PDF content type.  Any PDF content would be accessible on Mobile BI


This will work in offline mode


It works for both iOS & Android


If password protected, this is supported as well


Figure 3: Source: SAP


This is a usability aspect


Today the default is all reports


Administrators can organize reports by creating categories


As an end user, you can decide your default landing page – set it as a default category as shown in Figure 3 - "High Tech" is the default landing category


Admins can control via properties to be enforced throughout organization



Figure 4: Source: SAP


If there is a network fluctuation, the application should handle it "gracefully"


Today there is an offline mode


If network goes off, or switch to airplane mode, show only the downloaded documents.  Once network is available, and once connected, it will show the documents.


Figure 5: Source: SAP


The ability to automatically download documents to your iPad; your users are CXO's and you want documents to be downloaded to iPad so it is available in offline mode.


On the BI Platform, if you tag "Featured" category, once they log on to those documents it is available in offline mode.


Once logs in, those marked as featured would download to iPad


I will get to Part 2 when I can...to be continued.


Question and Answer



Q: What version and patch level of Mobile BI are we reviewing and discussing?

A: Mobile BI 6.2 - coming in the future



Q: What about supporting Lumira documents store on BI Platform - when will Mobile BI support that?

Lumira documents - planned for H2 release - both for iOS & Android

A: Lumira documents - planned for H2 release - both for iOS & Android



Q; Is there a current document for Web Intellignece Mobile featues?

A: help.sap.com - Feature Compatibility matrix



Q: Is this new Mobile client compatable with SP5?

A: Yes, always backward compatible



Q: Automatic download: is version 6.2 the first time the "Featured" category has been utilized by the Mobile app?

A: Yes, that's correct



Q: Any plans for Windows Phone?

A: Currently assessing market for this; no plans in 2015 - assess market in Q3 timeframe and update direction & roadmap


If you have more questions join ASUG next week for this ASUG Q&A webcast on SAP Mobile BI June 3rd - register here

Thinking to deploy Mobile BI for your enterprise, then securing your BI content on mobile would possibly on top of your mind. You don't really have to worry a lot, as we know how important is that for you and hence we have built multiple security features into the app.


Here are some of the important ones ...


  • First and Foremost is the Application Password.
    • Mobile BI app is today secured with application password (of minimum length 8 by default) which is set by the user when he uses the application for the first time.
    • The password is prompted to user after the application is in background for more than 5 minutes (default value and can be changed).
    • As an additional security measure, the application data is wiped off after specific number of unsuccessful attempts.
    • Administrators can choose to ensure that the device user cannot disable the application password.


  • Next is connecting to your Enterprise Mobile Server. This could happen over Wifi, VPN or data network
    • In case of Wifi,  there is no network challenge encountered as you are already in corporate network
    • In case of VPN,  you are required to manually logon/device auto connects to your VPN as and when connection to mobile server is attempted
    • In case of Data, you are mostly presented with an enterprise authentication challenge - which could be Basic Auth, Form Auth etc.

     Note: SSO is supported for Mobile BI App, more details available at SAP BI Mobile Server Single Sign On Support



  • A user has to be authenticated to Business Objects Enterprise
    • Only an authenticated user can view/download documents on mobile device. And only the documents that he has rights to
    • Authentication is also required to even view the documents that have been previously downloaded on mobile device
    • If the right to view the document is revoked after the user downloaded the document to the device, the document is automatically removed from the device storage on the next refresh


  • As we know mobile has lots of offline use-cases and many a times users do not have access to the network. Hence, they do download documents from BIP on to their mobile devices.
    • Administrators can choose to allow users to save documents to device or not
    • even if administrators have allowed the storage of documents on the device, some documents can be marked as ‘secure’ and the contents of these documents are never stored on the device.
    • Once downloaded these documents are sandboxed within the app and are encrypted (FIPS-approved algorithm is used) before storage on the device. While viewing, the files mentioned above are loaded and decrypted in-memory
    • The Stored document are deleted (and possibly updated) in the following cases - The Documents are either updated or refreshed by the User, The Documents are deleted by the User, the connection is deleted by the user.
    • Additionally there is an option for the product to automatically delete the stored documents which is older than nnn days (configured by 'offlineStorage.ttl' in client settings)


  • Apple automatically takes a screen-capture of the active application’s screen before it goes to background, and stores it on the device. Apple does this to show a smooth transition when fore-grounding the application. the nature of BI Applications makes this behavior a possible security threat, hence this product ensures that only a blank screen gets captured by Apple when the application goes to background.


  • Application uses a small-sized low-resolution capture of the document view to display as a thumb-nail in tile view. However, the product does not create this thumbnail if the document has been marked as ‘secure’.


  • The product allows the device users to share reports/documents.
    • However, the product only shares URL to access the actual report (and not the underlying data) so that only authorized and authenticated users continue to have access to the data
    • The product allows for screen-image to be shared, but device users can crop the screen to the desired area, and also smudge (or blur) any sensitive data so that the sensitive data is no more visually recognizable

  • Definitely, this does not end here. Most of the enterprise customers do have a need of using the MDM apps for managing and securing the traffic from/into the app - Mobile BI App is already used by customers with solutions like Mocana, Xen Mobile etc.


In case you want more, do have a look at our detailed security guide at SAP BusinessObjects Mobile for iOS – SAP Help Portal Page

MOBI app user can now use touch based authentication for app password authentication. Many  users who don't like to type  a complex pass code can use touch based authentication in a seamless way to use  fingerprint as a pass code. It provides great security in simple way.

Apart from App password authentication , touch can be used to authenticate user while opening a secure document. BOE backend admin can mark a document as secure document by

  • Assigning document to additional security category
    • If Touch ID based additional security category is not already created then Admin need to create the category at backend.
  • When user try to access the document in MOBI app then app asks for authentication.


Here is the details about workflow where Touch ID can come :

  • User can enable touch ID , means its optional for user to enable.
  • Touch ID feature can be enabled (by User) Only when app password is enabled in the application.
    • If app password is not set then user can’t enable touch id.
  • Touch ID feature in MOBI app can be used for two purpose
    • App password level authentication
      • User can either type the app password or can use touch ID feature to authenticate
    • Document view of secure category
      • Admin can mark a mobile document at backend as option to set additional authentication by assigning it to specific category
      • When user try to open this document in MOBI app then
        • If app password is configured then
          • App prompts for authentication
            • If touch ID is enabled then user can authenticate via Touch ID or app password
            • If touch ID is not enabled then user can authenticate via entering app password.
      • If application password is not set then user can open this document directly, app doesn’t prompt for any authentication


In any of above authentication user has choice to authenticate by using either enter app password or by using fingerprint .

Personal Views is a capability to save personalized views of a Web Intelligence document. Mobile user can create multiple personalized views of the same base (source) Webi document, and each personal view document is independent of each other. Steps for creating personal view from Webi document is


  • Open Webi document (Source) in Mobi
  • perform the required server actions
  • Perform the required client side customization like sorting the table column data
  • Save the personalized view
  • Saving the Personalized view creates entirely new document in Mobile with the state and data of source Webi document.
  • Personal view document is created and maintained only on mobile device , not on BOE repository.
  • User can access this document while working offline also.


As created Personal View document is document inherited from source Webi document , its very important to ensure personal view doc doesn't breach the security set on source document.

Here is the security been considered in personal view document

  • If source document is marked for confidential then app doesn't allow user to create Personal view document from it
  • At any point of time if Admin removes the view permission of source Webi document from user then all personal view document created by user from source document get deleted from Mobi application.
  • Admin can restrict user from creating personal view
  • If connection that user has logged in is a secure connection then user won't be able to create personal view document.
  • If source document TTL get expired then all personal view document created by user from source document get deleted from Mobi application.
  • When admin deletes the source document at back end repository then all personal view document created by user from source document get deleted from Mobi application.
  • User can't share Personal view document .



-Here is an outline of the features delivered with latest versions of SAP BusinessObjects Mobile for Android (referred below as 'MOBI' in short).




MOBI 6.1.7:

SAP BusinessObjects Mobile app for Android version 6.1.7 is a patch release, available in playstore since Feb 18, 2015

Below are the capabilities delivered with this version:


1. MOBI now supports Android 5.0 Lollipop.



2. MOBI SDK enhancements to support side-by-side installation:

MOBI SDK now supports usage of custom package name. This allows Customers to change default package name of MOBI and be able to install their customized build in the device, alongside the MOBI appstore build.


Following post details out the steps to configure SDK build environment:

Mobi Android SDK setup using Android Studio









MOBI 6.1:

SAP BusinessObjects Mobile app for Android version 6.1 has been released during end of Q4, 2014.

Apparently Playstore does not allow us to view 'What is new' text on previous versions of the app. Here is a reference of new features that are available since MOBI 6.1 release (version number 6.1.6) in Android:


1. Revamped Homescreen:

MOBI homescreen has been revamped completely, to provide better user experience.


  • User can navigate his BI documents conveniently using category navigation panel


  • User can organize document listing using various grouping options, toggle between Grid and list view upfront from secondary toolbar.

NOTE: Toggle List/Grid view is available only for tablet device. MOBI supports only listview in Phone.


  • Pull-down gesture in homescreen refreshes document list from server.






  • Both, downloaded document and documents available in the server are seen with unified listing now.

The option 'Show only downloaded reports' option allows user to view only the documents that are downloaded to the device.

Download status is differentiated by an actionable icon.





  • Single tap access to document info and contextual/action menus of the document.









2. Support for multiple document download:

MOBI now supports background download of documents.

User can tap on ‘Add to home option’ of multiple documents, without having to wait for sequential download and continue with other actions in MOBI




3. Download document 'instance':

‘Add to device’ operation now downloads both base document and latest instance of the WebIntelligence document, for offline viewing





4. Support for nested category view:

  • MOBI supports Nested category navigation, to resemble launchpad structure. Following screenshot illustrates the same.
  • This can be done by adding a client settings property 'feature.home.category.nested.enabled' in server







5. Notification panel:

Support  for new Notification panel to manage document updates conveniently.


NOTE: Notification alerts appear when  MOBI is running in foreground in the device and user is logged in to the connection.

Needs a manual homescreen refresh (pull down gesture on document list screen) to receive new notifications if any. Notifications are also fetched during Login workflow.







6. Auto-update documents on Wi-Fi:

  • Auto Update on Wi-Fi feature automatically downloads document updates/new instances when the application is active
  • Support for Auto-Download of Inbox documents: This option also downloads WebI documents from user's 'BI Inbox' to the device for offline viewing.
  • The option can be enabled in application settings page as shown below






7. SAP BI URL Enhancements:

  • SAP BI URL enhancements to Share connection details via share option in connection page
  • SAP BI URL enhancement to share document context via eMail (retaining section and page navigation)







Note that Sl No 8 to 11 below are applicable only for WebIntelligence content


8. Personal View enhancements:

  • Personal view now records Drill operation on WebIntelligence document
  • Retains table actions (except for Apply Filter operation)
  • Retains last selected prompt values
  • Retains last navigated section
  • Displays update alerts if base document is modified. User can update personal view to reflect this change




9. Table enhancements:

  • Support for Table level filter: Use ‘Apply filter’ operation on table columns, to filter out required data values in the table
  • Support for Table auto wrap: MOBI respects wrap text format set on the table of Web intelligence document







10. Geo map with default filter view:

You can configure default filter value of  a Geo-map document now, with a special syntax


11. Hyperlink support in freecells:

You can configure hyperlink in the Freecell to be displayed in even in Phone, using new parameter named ‘url’ in the cell configuration syntax.

[Syntax: ="<a href=\"laction://cell? attachedto='Block 1'&valign='top'&halign='left'&url='http://google.com'\">My Hyperlink</a>"]


12. Performance improvements:

  • Performance improvements in online viewing of Web Intelligence document having multiple report tabs
  • Performance improvement in downloading Web Intelligence Document having multiple/large charts
  • Web Cache support in MOBI for viewing Analysis Applications (Design studio documents): MOBI caches resources from Design studio documents when it is opened for the first time. Hence subsequent viewing of any Analysis application, sharing common resources is faster





Link to MOBI documentation on SAP help portal: SAP BusinessObjects Mobile for Android – SAP Help Portal Page


Do let us know if you need any clarifications..

Read me

SAP BI Mobile Server Single Sign On Support

SAML2 implementation is not shipped by default with SAP Mobile BI Server. The reason for that is - there is no one size fits all approach. SAML2 authentication response are quite different from one customer to another, even though it conforms to SAML2 specification. SAML2 tickets are different as they have different issuers, different assertions, different certificates, different signatures, different subjects and their attributes. Hence handling each SAML2 ticket need to be implemented differently.

Before you start exploring further lets look at some pre-requisites

  • It is expected that you already have your environment/infrastructure set-up to authenticate and generate SAML2 tickets for the Incoming requests.
  • SAP Business Objects Enterprise Server has been enabled for Trusted Authentication (BIP Guide, Section 9.2). Note that you secEnterprise users should be enabled for logon to SAP Business Objects Enterprise Server as well.
  • Your SAML2 tickets has the user account name (user ID) of secEnterprise users of your SAP Business Objects Enterprise. Trusted authentication uses this user ID along with the trusted secret key to logon to SAP Business Objects Enterprise Server

Now, we will have to configure Mobile BI Server in a way so that when SAML2 ticket reaches mobile server, it performs the following

  • Validates the SAML2 tickets for expiry and authenticity
  • Extracts the user (BOE enterprise alias) and add it to javax.servlet.http.HTTPSession

At run-time, when configured for SAML2 scenario, mobile server will take this user id and log you on to BOE using trusted connection.

Implementing Custom Filter

SAP Mobile BI Server ships with a custom filter [Reference implementation attached] by default which can be enabled and modified to achieve this. The steps are as follows

First step

is to uncomment the following sections in web.xml (<WebAppsROOT>\webapps\MobileBIService\WEB-INF)

<!-- <filter>



</filter> -->

<!-- <filter-mapping>





</filter-mapping> -->

Second step

is to enable the Authentication Scheme

  • Copy the authscheme.properties from default folder in to custom folder (<WebAppsROOT>\webapps\MobileBIService\WEB-INF\config)
  • Then modify the authscheme.properties file in custom folder
  • Un-comment line 'TRUST_WEB_SESSION=com.businessobjects.mobilebi.server.logon.impl.TrustedAuthSession'
  • Save and close the file

Third step

is to define the default SSO configuration

  • Copy the sso.properties from default folder in to custom folder (<WebAppsROOT>\webapps\MobileBIService\WEB-INF\config)
  • Then modify the sso.properties file in custom folder
  • Choose your default CMS identifier
    • "default.cms.identifier=abc"
  • Now define your authentication scheme (the one that you have enabled in first step)
    • abc.authentication.scheme=TRUST_WEB_SESSION
  • CMS can be provided as an Alias, IP or cluster name
    • Alias
      • abc.aliases=boe.xyz.corp:6400
    • IP
      • abc.aliases=
    • Cluster name
      • abc.aliases=@xyz
  • Now configure all the properties using this identifier as below
    • abc.authentication.type=secEnterprise
    • abc.product.locale=en_GB
    • abc.preferred.viewing.locale=en_GB
    • abc.trusted.auth.sharedsecret=<copy the shared secret here>
  • You need to additionally configure the header name that you shall be using to provide the user ID
    • abc.trusted.auth.user.param=<Key against which you would be adding user as value in HTTP Session Object>
    • abc.trusted.auth.user.retrieval=WEB_SESSION
  • Save the sso.properties file

Fourth step

is to modify the Custom Filter

  • You need to setup a web project in eclipse development environment
  • Create a class with name "CustomFilter" extending "javax.servlet.Filter" inside package "com.businessobjects.mobilebi.server.filters"
  • Identify the SAML2 parsing libraries that you would want to use to parse the SAML2 ticket. I have used opensaml 2.4 library in the reference implementation
  • Reference the jars from your web project to resolve build dependencies
  • Implement the SAML2 handling code in the CustomFilter [Reference implementation Attached]

Fifth step

is to deploy the CustomFilter

  • You need to place the CustomFilter class in '<WebAppsROOT>\webapps\MobileBIService\WEB-INF\classes\com\businessobjects\mobilebi\server\filters'
  • All your dependent libraries (opensaml 2.4 library in my case) should be copied to '<WebAppsROOT>\webapps\MobileBIService\WEB-INF\lib'. Just ensure that your libraries are not already present in that folder, if there do not replace.


Final Step

is to now deploy and test the MobileBIService.

  • You can download and install Chrome Browser Plugin 'Advanced Rest Client'
  • You should send your request to following URL

        http://<server>:<port>/MobileBIService/MessageHandlerServlet?message=CredentialsMessage&requestSrc=ipad&data=<logon logonViaSSO="true"/>

  • In the Payload section add the "SAMLResponse" as key and your BASE64 encoded SAML2 ticket as value
  • Click Send. If everything is fine you should get a valid logon response with success message, logon token, rights info, user info etc.

Important Note

Please note that since this is a custom implementation this will be gone if and when you upgrade the Mobile Server to a later version. Hence, the suggestion would be to back-up the following and perform above steps on the new war file

  • modified 'sso.properties', 'authscheme.properties' and web.xml
  • CustomFilter.class file
  • Dependent libraries (opensaml 2.4 library in my case)

In this blog we will understand how to set up the Mobi Android SDK project with Android studio.  We will also understand the changes to be made to create new product flavors of the SDK project which in simple words mean we create an application which can be installed along side the Mobi application published by SAP on google Play store.

The blog is divided into four major parts:

*Installation of Android Studio

*Configuring the SDK project in Android Studio

*Modifying the project to enable “Side by Side” installation along with Mobi application present on Android Play Store( Supported from Mobi Android SDK version 6.1.7)

*Signing the release build

Installation of Android Studio

(Note: Please make sure you install JDK 7 since that is the minimum required java version for Android Studio to run.

Android Studio is now the official Android IDE. For “side by side” installation of the play store app and the SDK app the gradle build system present in Android studio is required. Eclipse does not support this feature.

The screenshots in this blog are taken from Android studio version 1.0.1.  It is possible that the layout of the screens might change in the future. A quick google search should help you map the corresponding controls in the new version)


Download Android Studio from the link http://developer.android.com/sdk/index.html

Start installation by double clicking the downloaded Android studio Installer.
Click on ‘Yes’ if you are prompted with a security warning



Click on Next to Continue the installation



Select all the components for installation



Select the location for all the components to be installed. ( Default recommended)



Click on “Next” and “Install” in the subsequent Windows to proceed with the installation!

Now select the “SDK Manager” option from the tool bar to install the following Components


Once the Installation is done Close SDK Manager and also Android Studio!


Configuring the SDK project in Android Studio


Download the zip file SAPBusinessObjectsMobileAndroidLib-X.X.X.zip

Extract it to the folder SAPBusinessObjectsMobileAndroidLib-X.X.X

(Note: The zip file name may vary from the actual file which you download from SMP and hence the name of the extracted folder name will also not be the same. The name used here serves as a placeholder)

Download the Android support Library version 19.1 from the below URL:


Unzip the downloaded file and select android-support-v4.jar from the support/v4 folder.

Paste it in the following folder SAPBusinessObjectsMobileAndroidLib-X.X.X /libs

Run android studio and you should be greeted with a welcome menu as given below. Select the “Import Non-Android Studio project” option as highlighted.



Go to the location where the unzipped folder exists and select the root level folder as shown below and Click on ok



Select a destination directory where you want the project to be copied( To make sure the original project is not disturbed Android studio creates a full copy) and click on next.



In this screen all three options are “checked” by default! Uncheck the first two as shown below and click on Finish



Open build.gradle under the app folder and add the following.

(Note: lintoptions and dexOptions  are children of the “android” tag while configurations and task are root level elements. multiDexenabled is a child of "default"  tag under the "android" tag. Please refer to the screenshot below to know where to place them)


    configurations {
group: 'com.android.support', module: 'support-v4'


    multiDexEnabled true

          lintOptions {

              checkReleaseBuilds false     



        dexOptions {

            javaMaxHeapSize "4g"


         task copyNativeLibs(type: Copy) {

              from(new File(getProjectDir(), 'src/main/java/native')) { include '**/*.so' }

              into new File(buildDir, 'native')



          tasks.withType(org.gradle.api.tasks.compile.JavaCompile) {

              compileTask -> compileTask.dependsOn copyNativeLibs



          clean.dependsOn 'cleanCopyNativeLibs'


          tasks.withType(com.android.build.gradle.tasks.PackageApplication) {

              pkgTask ->

                   pkgTask.jniFolders = new HashSet()

                   pkgTask.jniFolders.add(new File(buildDir, 'native'))




Click on “Sync now” present on the yellow bar found above the file editor





Note : If you have downloaded Android studio 1.5 or later the default gradle build version  shipped is greater than 2.2.1 . However our project is not compatible with later version of gradle builds and we need to force Android studio to use the earlier version. You would get an error as given below


Following steps should help you to use the older version

Step 1: Change the dependency classpath version  in the gradle file to 1.0.0gradle1.PNG

Step 2: Change the gradle version to 2.2.1 in the project structure dialog.


Step 3: In Android studio Settings select the "Use Default gradle wrapper" option.



Once you click on "OK" gradle would start to download these older libraries. Please make sure you have an active internet connection.


Now select File->Project Structure->app (under Modules)->Select Dependencies tab->Click the green ‘+’ button on the right corner and select the “Library Dependency” option.
Now select the play-services (com.google.android.gms:play-services:6.5.87) option from the popup and click on OK. Click on OK in the Project Structure Popup as well!

Let the build happen.

(Note- Please note that the version might be different. At the time this blog was written the version was 6.5.87)



The project is all set! You can run the application by clicking on theplay button.png button in the tool Bar

Note: After you carry out all the above mentioned steps and install the application everything should run fine. If for some reason you get the error message "Unfortunately, SAP BI has stopped". There is one thing which we can look at . The code to copy .so files is

  task copyNativeLibs(type: Copy) {

              from(new File(getProjectDir(), 'src/main/java/native')) { include '**/*.so' }

              into new File(buildDir, 'native')



The path is dependent on the folder structure constructed by Android studio. For example the above code is valid if the folder structure is as given in the below image.



In some versions of Android studio we have seen that the "java" folder is renamed as "resources" folder. If this the case we need to modify the code as below and sync the gradle build again.


  task copyNativeLibs(type: Copy) {

              from(new File(getProjectDir(), 'src/main/resources/native')) { include '**/*.so' }

              into new File(buildDir, 'native')




Modifying the project to enable “Side by Side” installation along with Mobi application present on Android Play Store




Open the build.gradle file under app (as done before)
Add the following lines and then click on “Sync now” like before.



              applicationId <Unique-Application-id>





              applicationId "com.sdk.mobi"




(Note- Please make sure your applicationId is not com.sap.mobi )




Now open the AndroidManifest.xml (Under Android->app->manifests)



Change the android authority attribute under the provider tag! This value should be the same as the applicationId given in the previous step.



Open the file defaultSettings.xml and change the value under the feature.package.name.default tag to the applicationId given in the previous steps.



Now select Build->Rebuild Project.

The project is all set! You can run the application by clicking play button.png on the button in the tool Bar.

Creating Multiple Applications


You can create more than one application by having multiple product flavors. You can select different build variants from build variants tab.

An important step after this is to make sure you change the values in AndroidManifest.xml and defaultSettings.xml with the application id of the variant chosen currently. ( As shown in the previous section)




Signing the release build


Select the ‘release’ build variant under the build variants tab and then Sign your application!



Sign your application following the guidelines given by google. http://developer.android.com/tools/publishing/app-signing.html

Align the APK after signing http://developer.android.com/tools/help/zipalign.html

Publish your APK onto the play store by signing up on Google Play Developer Console.











What is Mobile Page Layout?

            The Mobile Page Layout has been implemented mainly for supporting all layout scenarios of Webi Reports, as per the Report Element arrangements, defined on BI Launch-Pad.  This layout model helps user to design the Webi Reports with minimal design work, and user does not need to strain to place the report element in exact pixels or to align the report elements with accurate coordinate details. 

In this approach, the report elements are arranged and resized for the improved space efficiency and aesthetics, which work best when the report is displayed on tablet or a mobile device. The report page is cut up in to multiple columns and as per the coordinates the report elements will be grouped on the specific column. The report elements of a particular column will share space according to the proportion of actual size of the Report elements.

            It is recommended to use Mobile Page Layout, rather than Card Layout, as the Mobile Page Layout covers all the layout scenarios of a Webi Document, such as pagination, space efficiency, report element spanning.


A Report Page cut up into multiple columns:-

            The number of columns, created on the page, will be equivalent to the maximum number of report elements, which are located horizontally, without horizontal overlap with other report elements. In the below specified diagrams, it is explained with some examples.


Arrangement in WebiNumber of ColumnsDetail
1Screen Shot 2014-11-15 at 19.28.45.pngScreen Shot 2014-11-15 at 19.28.52.pngIn this layout, at maximum there are three reports elements, placed horizontally. The report elements are 1, 2 and 3. The Report element 2 comes to 2nd Column, because right side of Report element 1 ends before the left side report element 2.
2Screen Shot 2014-11-15 at 19.28.58.pngScreen Shot 2014-11-15 at 19.29.13.pngIn this layout, at maximum there are around 5 report elements, placed horizontally. The report elements are 1, 2, 5, 6 and 7.
3Screen Shot 2014-11-15 at 19.29.21.pngScreen Shot 2014-11-15 at 19.29.25.pngIn this Layout, the report element 2 remain on the first column itself, as it is overlapped with report element 1, and will be rendered one below the other.

Following statement will be easy to perceive, with the understanding of above examples.


In technical terms, a report element (2) will be placed in to a new column (on the right side), when at least one of its left side report element’s (1, 4, 8) right side boundary ends before the report element’s (2) left side boundary.



Why do we have column-based layout in Mobile Page Layout Model?

            For aligning report elements boundary to a nearest vertical or horizontal line, the layout needs to follow either a column based rendering or a row based rendering.  The main reason for following column based rendering in this layout model is to have space efficiency under a Vertical Table which may grow or shrink vertically, based on the number of rows, when filters are applied.


Pagination of Mobile Page Layout:-

            The Pagination of a Webi Report in mobile device will be done as per the Page Format setup of the report, defined in BI Launch Pad.  The default Webi Page Format is A4 size with Portrait orientation. When the page format is configured for other page size and orientation, the pagination with respective size is done in the mobile device screen as well.


Page FormatOn BI Launch PadOn Mobile Device
A4_Portrait on BILaunchpadScreen Shot 2014-11-15 at 19.39.11.pngScreen Shot 2014-11-15 at 19.40.08.png
A4_Landscape on BILaunchpadScreen Shot 2014-11-15 at 19.40.24.pngScreen Shot 2014-11-15 at 19.40.28.png



As shown in the snapshot, the arrangements of A4-Portrait of Webi Page in BI Launchpad will be same for both Portrait and Landscape orientation of Mobile WebI Page, i.e. when the orientation of mobile device screen is changed, the report elements will be just stretched to different dimension, and will not be moved to other page.


A Report element will not be spread across multiple pages:-

              In BI Launchpad, a Report element can be bigger than a Page size, hence it will spread across multiple page as show in the following snapshot.

Screen Shot 2014-11-15 at 19.40.49.png

But when the same report is rendered on Mobile Device screen, the Report elements will not be split or spread across multiple Pages. Instead a report element will be clipped with the page, where its origin resides. For instance, in the above example, the Pie Chart is spread on Page1 and Page2. But in the Mobile Device, the Pie chart will be displayed on Page1. And the vertical table in BI Launchpad is originated on Page1 and spread on Page2, Page3 and Page4. In the Mobile Device the table will be clipped and displayed inside Page1. Hence the report will be displayed in Mobile Device as per the below specified snapshot.

Screen Shot 2014-11-15 at 19.41.03.png

This webi report in Mobile Device has single page (only Page1) and the other pages (Page2, Page3, Page4) are not listed, as there is no report element, with its origin, on those pages.


Dimension of a Report element on Mobile Device:-

            Along with the space optimization on Mobile Device, Mobile Page Layout decides dimension of each Report element, based on the size proportion of a Report element against the size of a Report elements available on the particular page. For instance, the below Webi Report Page has Report elements with various different dimension and unaligned origins.

              When the same Report Page is rendered on Mobile Device, Based on the origin and dimension, each Report element will be aligned into a column, and the report element will be rendered one below the other inside the column.

Screen Shot 2014-11-15 at 19.41.21.png

The above Report Page will be displayed in Mobile device as per below snapshot. There are 2 columns, one column covers RP1 and RP2. And the other column covers RP3, RP4 and RP5. Here each column will get width based on the proportion of that column with all other columns.

Column width:-

On the first column, there are Report elements with maximum width as 2 inches (Width of RP1 or RP2). On the second column there are Report elements with maximum width as 3 inches (width of RP3). Here the width proportion of the columns is 2”:3”. When it is rendered on Mobile Device which has around 750 pixel width, as per the proportion, the first column will get 300px and the 2nd column will get 450px.



Report element height:-

              On the first column, there are 2 Report elements, one of which(RP1) has 3 inch height and other Report element(RP2) has 1 inch height. Here the height proportion is 3”:1”. When these report elements rendered on Mobile device, as per the proportion, RP1 will get 675px height and RP2 will get 225px height.

Screen Shot 2014-11-15 at 19.41.33.png

     On the Second Column, there are Report elements (RP3, RP4, RP5) with equal height of 2 inches. Here the height proportion of the report elements is 2”:2”:2”. Hence on the mobile device, each Report elements on the Column2 are rendered with equal height of 300px.

Report elements of a Column will have equal width:-

            The report elements of a particular column will have same width, which will be equal to the width of the column.

Space between Report elements:-

            Each Report elements and columns are rendered with 10px gap, on all of the sides. Even when there is more gap or no gap between report elements on BI Launchpad, there will be always a constant 10 px gap between report elements, when it is rendered on Mobile Device.



Report elements can be spanned across multiple columns:-

            A report element can be designed for spanning across multiple columns. For instance in the following Webi report page, the Line Chart is spread on both Column 1 and Column2.

Screen Shot 2014-11-15 at 19.41.52.png

The above webi report page will be rendered on Mobile Device as per the snapshot given below.

Screen Shot 2014-11-15 at 19.42.01.png

Tables on Mobile Page Layout :

            Tables on webi report may grow and shrink vertically, based on the applied filter values.  On the mobile device, whenever a Table shrinks on its height, the Report element, which resides under the table will occupy the space. If the below report element is another table and it is not spanned across multiple columns, then it will be moved up to occupy the space created by the shrunken table.

            When a Table grows on its height, it can grow up to the allotted height, which is derived from the proportion with other report elements on the same column.

  When the table content needs more height than the allotted size, then the Table will be vertically scrollable, within the allotted height. And when there is more number of columns, which could not be accommodated on the given width (column’s width), then the table will be horizontally scrollable, within the allotted height.


On BI LaunchpadOn Mobile Device
Screen Shot 2014-11-15 at 19.42.16.pngScreen Shot 2014-11-15 at 19.42.21.png

Based on the filter the Table has shrunk

and have just 4 rows

Screen Shot 2014-11-15 at 19.42.29.png

Table has shrunk,

and the gap is filled with Bar chart

Screen Shot 2014-11-15 at 19.42.34.png

Horizontal Alignment of report elements across columns: -

            The horizontal alignment of report elements across columns is achieved by keeping size proportion of the report elements equally on those columns. For instance, the following Webi Report page has 3 columns, and on each column report element height proportion is equal across the column.

            On the first column, the report element size proportion is 1.5”:2”:3”, likewise on the 2nd column also the size proportion as  1.5”:2”:3”. So RP2 and RP5 are horizontally aligned, as RP1 and RP4 heights on Mobile device are equal. And RP3 and RP6 are horizontally aligned, as RP1 + RP2 and RP4 + RP5 heights on Mobile device are equal.

            On the third column, the report element size proportion is 3.5”:3”. Based on this proportion, the sum of height of RP4 and RP5 will be equal to height of RP7. So RP8 will be horizontally aligned with RP3 and RP6.

              As the horizontal alignment of report elements are decided based on the height proportion, it is not necessary to keep the report elements exactly aligned origin on BI Launchpad.

Screen Shot 2014-11-15 at 19.42.44.png

Hence the above webi report will be rendered on Mobile device as per the below snapshot. Horizontal Alignment could not be achieved or will not consistent for the report elements, which comes below a Table, because when the table shrinks the report will be moved up automatically for space optimization, so alignment with other column report element will be disturbed. So it is suggested to use Charts or spanned Table, above the report elements, which need to be aligned horizontally.

Screen Shot 2014-11-15 at 19.43.10.png

Horizontal Alignment when there are Tables in the WebI Report:-

     When a table comes above to another Report element, due to the variable height of the table according to the number of rows, the other report element will keep on moving up and down. In such scenario, horizontal alignment across multiple columns can not maintained consistently.

Screen Shot 2014-11-15 at 21.50.34.png

In the above example report, the Pie Chart and the Line Chart is not horizontally aligned. In this scenario, we can follow following steps to arrange the report elements in horizontal alignment.

  • Make sure the table height is constant(for example, the number of rows of the table, or the content of the table should not be varied while applying different filter values)
  • Now the need is to slightly bring up the divider(between the bar chart and the line chart) in the second column.
  • This can be achieved either by reducing the bar chart height or by increasing the line chart height.
  • With some trials, we can achieve the horizontal alignment.

Sections on Mobile Page Layout:-

            When a Webi Report, which has sections, is displayed on Mobile Device, at a time a single section’s report elements only rendered. User can navigate to different section by selecting an item from the left side section navigation panel. For instance, the below webi report has 3 Charts are each section and it has one non-section report element(Vertical Table), above to the sections.

Screen Shot 2014-11-15 at 19.43.31.png

When the above webi report is opened on Mobile Device, initially the non-section report element will be displayed and no sections will be displayed. If there is no non-section report element, then initially the first section (2004) will be displayed. Then user can navigate to next section (2005), then the previous section will be cleared and the page will be rendered with the non-section report element (Vertical Table) and new section content (2005), as specified in the below snapshot.

Screen Shot 2014-11-15 at 19.43.45.png

Free cell on Mobile Page Layout: -

     Like other Report elements, Free cell follows all above-mentioned logics like size proportion, Spanning across columns and horizontal alignments. In addition to that the free cell can be used for creating empty space on the Mobile Device Report page, by keeping blank cell without any text.

One of the pain points observed when upgrading SAP BI Mobile SDK for iOS is migrating the preferences specified in DefaultSettings.plist file.This article provides a sample script to migrate the preferences.


We will be looking at two different approaches to write shell scripts.


Approach 1: Writing a shell script to overwrite specific values of the plist.


Let's consider the customization of the following 3 features:

  1. feature.email.enabled.default
  2. feature.streamwork.enabled.default
  3. feature.predefinedconnections.list.default:0


Sample script:





declare -a cust_arr=( \

"Customizations:feature.email.enabled.default" \

"Customizations:feature.streamwork.enabled.default" \

"Customizations:feature.addconnection.SUP.enabled.default" \

"Customizations:feature.predefinedconnections.list.default:0" \


echo "The script uses files in following locations, please exit and change the paths in script if needed: "

echo "Base version of file: [${MOBI_BASE_PLIST}]"

echo "Customized version of file: [${MOBI_MODIFIED_PLIST}]"

echo ""

echo "##################################################################"

echo ""

read -p "Do you want to proceed? " -n 1 -r


if [[ ! $REPLY =~ ^[Yy]$ ]]


exit 1


# Loop through the items in the array.

for i in ${cust_arr[@]}


MOBI_MODIFIED_VAL=$(/usr/libexec/PlistBuddy -c "Print :$i" "${MOBI_MODIFIED_PLIST}")

if [ "$?" == "0" ] #Proceed only if entry exists in modified file


MOBI_ORIG_VAL=$(/usr/libexec/PlistBuddy -c "Print :$i" "${MOBI_BASE_PLIST}")

if [ "$?" == "0" ]




echo Customization found: $i is changed from $MOBI_ORIG_VAL to $MOBI_MODIFIED_VAL.

/usr/libexec/PlistBuddy -c "Set :$i ${MOBI_MODIFIED_VAL}" "${MOBI_NEW_PLIST}"



/usr/libexec/PlistBuddy -c "Add :$i string ${MOBI_MODIFIED_VAL}" "${MOBI_NEW_PLIST}"




if [ "$?" != "0" ]



  echo "##################################################################"

  echo "Script run is complete. No customizations were detected."

  echo ""

  echo "If you are sure that you had performed customizations, ensure that following information is correct, and you have sufficient read/write permissions: "

  echo ""

  echo "Base version of the file: [${MOBI_BASE_PLIST}]"

  echo "Customized version of the file: [${MOBI_MODIFIED_PLIST}]"

  echo "##################################################################"



Approach 2: Writing a shell script that generates a shell script to overwrite specific values of the plist.


This script generates another script file(runGeneratedOverrides.sh in our example).



Let's consider the customization of the following 3 features:

  1. feature.email.enabled.default
  2. feature.streamwork.enabled.default
  3. feature.predefinedconnections.list.default:0


Sample script:









declare -a cust_arr=( \

"Customizations:feature.email.enabled.default" \

"Customizations:feature.streamwork.enabled.default" \

"Customizations:feature.addconnection.SUP.enabled.default" \

"Customizations:feature.predefinedconnections.list.default:0" \


#Inform the user that they need to review the generate file for any discrepancies.


echo "##################################################################"

echo "This script will generate the following file, deleting any existing copies: "


echo ""

echo "The script uses files in following locations, please exit and change path in the script if needed: "

echo "Base version of the file: [${MOBI_BASE_PLIST}]"

echo "Customized version of the file: [${MOBI_MODIFIED_PLIST}]"

echo ""

echo "You must review the generated file for its completeness  and make any additional changes that you desire."

echo "##################################################################"

echo ""

read -p "Do you want to proceed? " -n 1 -r


if [[ ! $REPLY =~ ^[Yy]$ ]]


exit 1



#copy the Modified plist file as Change plist file.




# Loop through the items in the array.

for i in ${cust_arr[@]}


MOBI_MODIFIED_VAL=$(/usr/libexec/PlistBuddy -c "Print :$i" "${MOBI_MODIFIED_PLIST}")

if [ "$?" == "0" ] #Proceed only if entry exists in modified file


MOBI_ORIG_VAL=$(/usr/libexec/PlistBuddy -c "Print :$i" "${MOBI_BASE_PLIST}")

if [ "$?" == "0" ]




echo /usr/libexec/PlistBuddy -c \"Set :$i ${MOBI_MODIFIED_VAL}\" \"${MOBI_NEW_PLIST}\" >> "${MOBI_CHANGE_SCRIPT}"



echo /usr/libexec/PlistBuddy -c \"Add :$i string ${MOBI_MODIFIED_VAL}\" \"${MOBI_NEW_PLIST}\" >> "${MOBI_CHANGE_SCRIPT}"





#Mark the script as an executable

chmod +x "${MOBI_CHANGE_SCRIPT}"


if [ "$?" == "0" ]



  echo "##################################################################"

  echo "Script run is complete. Please review the following file for its completeness and make any additional changes that you desire: "

  echo ""

  echo "  ${MOBI_CHANGE_SCRIPT}"

  echo ""

  echo "##################################################################"

  echo ""



  echo "##################################################################"

  echo "Script run is complete. No customizations were detected."

  echo ""

  echo "If you are sure that you had performed customizations, ensure that following information is correct, and you have sufficient read/write permissions: "

  echo ""

  echo "Base version of the file: [${MOBI_BASE_PLIST}]"

  echo "Customized version of file: [${MOBI_MODIFIED_PLIST}]"

  echo ""

  echo "Script output file: [${MOBI_CHANGE_SCRIPT}]"

  echo "##################################################################"


Shell scripts implementing both the approaches are attached to this article as .txt files. Kindly rename them to .sh formats after downloading.

Prerequisite for this configuration:-

  • SAP BusinessObjects Platform Configured for SAP authentication.
  • Support for SSO is from SAP BusinessObjects 4.0 SP08 or SAP BusinessObjects 4.1 SP02 onwards.
  • Basic Authentication URL, Which takes in SAP Authentication details and generates the MYSAPSSO2 Cookie for SSO.
  • Support from SUP 2.2.4 onwards.

Configuring Mobile Server for SSO Via SAP Logon tickets MYSAPSSO2 Cookie based:-

Below are the settings that need to be done for making the Mobile Server Look for MYSAPSSO2 Cookie in client request

MobileBIService Configuration:-

sso.properties file in MobileBIService config folder


# You can configure mobile server to connect multiple CMS, specify default CMS id here



# You can specify IP Address/Qualified Name/Alias for your CMS here

<id>.aliases=FQN of Mobile Server, IP address


# You can specify the sap system details here

<id>.sap.sid=SAP system SID

<id>.sap.client=SAP system client ID


# [You can specify name of Cookie here, if its other than default (siteminder default is SMSESSION, sap logon ticket default is MYSAPSSO2)



# You can specify the Authentication type here.  secLDAP, secWinAD, secEnterprise, secSAPR3



# Specify the default authentication scheme here. USERPASS, BASIC, BOETOKEN, COOKIE, TRUST




Authscheme.properties file in the MobileBIService config folder:-


# default User/Password log-on implementation



# allows you to configure WCAToken, Default Token or any other BOE Token



# allows you to configure SAP SSO2 Cookie



Configuring SUP for Mobile SSO Via SAP Logon tickets MYSAPSSO2 Cookie based:-

  • Login to SCC



Steps to create Security Configuration:

  • Security -> New -> Enter name (here for Ex., MobiSec)

        Note:- Do make a note of this name as it will used in future steps and at the client.

  • Select the created Security Configuration from tab on left hand side
  • Go to Authentication Tab -> New ->Authentication Provider -> Select HttpAuthenticationLoginModule
  • Specify your BASIC authentication URL for Validation SAP UserName and Password


Note:- URL -> Basic Auth URL with SAP authentication should issue ticket with MYSAPSSO2 Cookie    


Authentication Module.png


  • Specify SSO Cookie Name -> MYSAPSSO2

Cookie Parameter.png

  • Click to save the configuration.

  • Delete existing Provider Type(NoSecLoginModule)


     Delete Existing Provider.png


  • General Tab -> Validate and Apply


        Note:-This step has to pass before going ahead with any other configuration


     Validate Settings.png


Steps to create an Application and Application Template:

  • Applications -> New
  • Enter Application Id and name (Id = MobiApp). Make a note of the Id as it would be used by the client.
  • Select the Security configuration (here MobiSec).

Creating Application ID.png


  • On Next -> Proxy Tab -> Give value to Application Push Point -> http://<Mobile BI Server>/MobileBIService/MessageHandlerServlet


  • Creating proxy pool for Mobile Server

Creating Proxy Pool whitelisting URL.png

Configuring the Mobile Configuration Server for importing SSO connection

MobiServer Configuration:-

Server.properties file

Example Connection:-



SSOSUPSAP.BOBJ_MOBILE_SUP_APP_ID= MobiApp(your Mobile Application ID)



SSOSUPSAP.BOBJ_MOBILE_SUP_PORT=5001(your SUP Message Server port)




Import the connection and Connect from SAP BusinessObjects Mobile.


Filter Blog

By author:
By date:
By tag: