Use native browser with wrapped App insted of Citrix Secure Web

[ANTONI MASSO FERRER]

Hi,

 

We are working on providing Access to our employees to SAP FIORI launchpad by wrapping the SAP FIORI Client using the MDX toolkit. The problema we are facing is that somehow the MDX toolkit is forcing the application to open SAP FIORI Launchpad URL through CITRIX Secure Web application instead of using the in-built browser contained in the App, and this generates a very por user expereince as the browser is not embedded into the App container.

 

Our understanding is that there should be some way to configure XenMobile server to avoid this behavior.

 

Just to add some more information to the context, XenMobile server has been configured to use microVPNs as the only way to connect to the company internal resources, including SAP FIORI Launchpad.

 

So the question would be, is there any way to have the application use its internal browser? And if that is posible, would the connection still go through the microVPN?

 

Thanks!

[Alex Rubio]

Is this iOS or Android?  Do you have the secure web domains policy set?  This allows links to be open in native browser or Secure Web.  I'm not sure how the app is written but the app should be able to handle opening the url into its own web view.

[ANTONI MASSO FERRER]

Hi Alex,

 

Initially is iOS although we are planning to cover Android in the future. If by the security web domains policy you mean the exclusión list configuration parameter associated to the Secure Web App, it is empty right now. our understanding is that setting a specific doamin in the exclusión list would take connection out of the microVPN and would result in a nonreachable URL...

[Alex Rubio]

Thanks, I wanted to make sure it wasn't causing it.   I'm wondering if we can turn off something through the policy to not allow opening url to another app?   can you try making this change:  Go to Allowed URLs MDX policy in the SAP app and remove the following: ^http:=ctxmobilebrowser: ^https:=ctxmobilebrowsers: 

 

Let me know if that has the intended effect. 

[ANTONI MASSO FERRER]

Thanks again Alex. I understand from your response that there is nothing that can bemade in the XenMobile server side but we need to make this change directly in the SAP FIORI client MDX policies (XML file), right?

[Ryan Tsamouris]

21 hours ago, ANTONI MASSO FERRER said:

We are working on providing Access to our employees to SAP FIORI launchpad by wrapping the SAP FIORI Client using the MDX toolkit.

 

Antoni, quick question related to this - Did SAP provide you the unsigned IPA file for you to wrap? Or did they provide the xcode source code so that you could build the app with your certificate? We were able to previously get the SAP BI app and wrap it a few years ago but I haven't followed up if Fiori was also available.

 

Also, were you able to resolve the issue you mentioned in this thread?

[ANTONI MASSO FERRER]

We used the unsigned IPA file and we wrapped it using Citrix Wrapping Service. the issue has not been fixed yet but we have still not tested the solution provided by Alex 2 posts below. I'll let you know if we are able to make it work. First we need to get the App use its native browser instead of Citrix Secure Web and then the connection to the company internal resources must work, what means that the App will be successfully using the microVPN.

[ANTONI MASSO FERRER]

Hi,

 

we finally tested the solution provided by Alex: 'Go to Allowed URLs MDX policy in the SAP app and remove the following: ^http:=ctxmobilebrowser: ^https:=ctxmobilebrowsers:'. it is not working either. this time it successfully avoids Citrix Secure Web from opening but SAP FIORI Client App remains blank.

 

Any suggestions?

[Ryan Tsamouris]

On ‎3‎/‎14‎/‎2019 at 2:48 PM, ANTONI MASSO FERRER said:

We used the unsigned IPA file

Where did you get the IPA file?

 

26 minutes ago, ANTONI MASSO FERRER said:

this time it successfully avoids Citrix Secure Web from opening but SAP FIORI Client App remains blank

It sounds like the Fiori app is attempting to reach a URL to authenticate prior to setting up the app. How is your SAP system set to authenticate? Is it on-prem or in SAP Cloud?

 

[ANTONI MASSO FERRER]

It is an on-premise installation. The app browser should take to the SAP Fiori authentication page where you should insert your credentials  before accessing Fiori launchpad.