on 06-19-2013 12:37 PM
Hi Experts,
In our environment, user log on from Portal and open GUI for HTML in iView.
After log off from Portal, both sessions in Portal and in ERP are cleared. But user come back to Portal and log on with other ID and password, the previous ID is used to log on to ERP.
For example,
a user log on to Portal with ID:USERA, then automatically log on to ERP via transaction iView as USERA with SAPLogon Ticket.
then log off from Portal with Log off link.
on the same PC, remaining browser window open, other user log on to Portal with ID:USERB, then log on to ERP via transaction iView as USERA.
if user close browser after log off, the user ID newly entered is used.
I read Note 1039335, Incomplete logoff from an ITS WebGUI application, but it says the solution doesn't work in the Portal.
could anyone help to solve this problem? it could be security risk or cause inappropriate data entry (with other person's ID).
best regards,
Megumi
Take a look at SAP Note 1322944 - ABAP: HTTP security session management
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Close ALL browser sessions / windows. Browsers like to store the session information across different windows. In Internet Explorer you can start a brand new session via "File > New session".
This might be an issue in your case.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Megumi,
This is call HTTP Security Session Management.
Check if this function is active in ECC System via tcode SICF_SESSIONS.
The recommendation is to active this feature.
As you have activate this feature then you need to adjust your Portal to be aware of this.
Go to your system landscape configuration in System Administration.
Open properties of one of your ECC system connection
Choose All and modify :
ABAP HTTP Security Sessions Enabled to TRUE (checkmark)
This should solve your issue. But one thing you need to manage the buffer of Security session in ABAP system, so makesure to assign sufficient cache size
Regards,
Achmad
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Achmad,
According to your advice, and read the note,
Note 1471069 - Security Note - ABAP Security Sessions and SAML 2.0
I set the ABAP HTTP Security Sessions Enabled to TRUE but it failed.
When I set the value and tried to logon,exception happens to open the WebGUI iView.
Regards,
Megumi
Hi Megumi,
Could you provide the error log from SICF_SESSIONS? Are your ABAP system has fulfill the requirement to activate HTTP Security Session Management?
Note 1322944 - ABAP: HTTP security session management
AS ABAP 7.0 as of Enhancement Package 2 (SAP_BASIS 7.02) or AS ABAP 7.2 (SAP_BASIS 7.20) and subsequent releases.
Don't activate anything in Portal before HTTP Security Session Management in ABAP has been activated
Best Regards,
Achmad
Hi Achmad,
Where can you see the SICF_SESSIONS log?
Our ERP, ABAPkernel is 720, SAP_BASIS is 731. It satisfies requirement to activate.
HTTP security session management is activated by default (I can see green status in SICF_SESSIONS for all clients).
When I set the flag ABAP HTTP Security Sessions Enabled to TRUE in System Landscape in the Portal and try to open WebGUI, the error below comes out.
-----------------------------------------------------------------
Content pass of Application Integrator failed.
Component Name: 'com.sap.portal.appintegrator.sap.Transaction',
Context Name (iView): 'pcd:portal_content/<Folder>/<desktop>/frameworkPages/<Framework page>/<iView>',
Top Layer: 'Transaction/DragAndRelateLayer',
Producer ID (FPN): 'null',
System Alias: '<ALIAS>',
-----------------------------------------------------------------
[EXCEPTION]
com.sapportals.portal.prt.component.PortalComponentException: Error in service call of Portal Component
Application name : com.sap.portal.appintegrator.sap
Component : pcd:portal_content/<Folder>/<desktop>/frameworkPages/<Framework page>/<iView>
Component class : com.sapportals.portal.sapapplication.SAPApplicationIntegratorComponent
......
Caused by: com.sapportals.portal.prt.runtime.PortalRuntimeException: Exception in SAP Application Integrator occured: Unable to parse template '<System.Access.WAS.protocol>://<System.Access.WAS.hostname>/sap/public/bc/icf/logoff'; the problem occured at position 0. Cannot process expression <System.Access.WAS.protocol> because Invalid System Attribute:
System: 'System Alias: <ALIAS>, System ID: pcd:portal_content/<System Landscape>,
Attribute: 'protocol'.
-----------------------------------------------------------------
Could you give me any idea on this?
Megumi
Hi Megumi,
Could you remove again the setting of "ABAP HTTP Security Sessions Enabled" in Portal then turn-off the HTTP security session management in ABAP for related client from SICF_SESSIONS?
Please see if it's work. This setting should solve your issue too but not recommended by SAP.
Regarding the latest error, you need to check the iview session property or you can recreate the iview after you have set "ABAP HTTP Security Sessions Enabled" in the system landscape.
Best Regards,
Achmad
This solution did not work for us as the session was still showing as "waiting for timeout" in SM05. The other solution (Thanks Achmad) to turn off 'ABAP HTTP Security Sessions Enabled' in the portal and disable the HTTP session management via SICF_SESSIONS on the ABAP backend did work.
Kind regards,
-Nathan
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.