cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enterprise Portal Redirection

Former Member

on ‎01-09-2014 8:55 AM

0 Kudos

Hi Folks,

I am new to this Enterprise Portal, but here is the Situation.

Enterprise Portal is redirecting on to HTTP and we want it to Redirect it to a Secure HTTPS, we are not using SAP Web Dispatcher but a third party tool.

I have no idea which tool it is since the good folks that installed and configured that tool are gone and have left without a KT.

I would appreciate any help that I can get here.

The problem that I am facing is that the Who's who page is not redirecting properly and that is what I want resolved.

Thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (8)

Answers (8)

Former Member
‎01-22-2014 7:16 AM
0 Kudos

Good Folks, I am still getting the following error any insgihts into this would be of great help.

sapgenpse get_pse –p SAPSSL.pse –x abcpin –r abc.req "CN=host123.mycompany.com, OU=I1234567890-MyCompany, OU=SAP Web AS, O=SAP Trust Community, C=DE"

Following is the error:

-------------------------------------------------

**********************************************************************
  **   sapgenpse WARNING:  Environment variable "USER" not defined!   **
  ** ---------------------------------------------------------------- **
  **  Please define the USER environment variable *AND* insert        **
  **  the definition into the startup script of your Unix shell,      **
  **  or you may get problems accessing credentials created           **
  **  through 'seclogin'!                                             **
  **                                                                  **
  **  Examples additions for your shell startup scripts:              **
  **                                                                  **
  **  (sh):  if [ "$USER" = "" ];then USER="`whoami`";export USER;fi  **
  ** (csh):  if ( $?USER == 0 ) setenv USER "`whoami`"                **
  **                                                                  **
  **  You appear to have a csh-style login shell                      **
  **********************************************************************

Couldn't load function "sapcr_cert2p7" from shared library "libsapcrypto.so"

I am logged in with the <sidadm> user.

Show replies
Show replies
Former Member
‎02-05-2014 3:31 AM
0 Kudos

Hi Folks, I have successfully installed the SAP Web Dispatcher. SSL Encryption is also done with.

I am stuck at the poiunt where the URL Redirection is not working.

I am going to explain the scenario again.

---------------------------------------------------------------------------------

  1. One sandbox server on which the SAP Web Dispatcher is running.
  2. Enterprise Portal is running on another Unix Server, I only have JAVA
  4. stack and no ABAP Stack
  5. SAP Web Dispatcher and SSL Encryption is done and completed.
  6. I want the following done that the HTTP requests to the portal should redirect to HTTPS, i.e. when users enter the portal address in the address bar they should type HTTPS and they should be taken to the Portal homepage. Currently the users type the HTTP address and not the HTTPS request.
  7. http://<hostname>.<complany name>:50000/irj/portal this should be changed to https, i.e. https://<hostname>.<company name>:50000/irj/portal

Help is appreciated I am attaching the following files in this message, sapwebdisp.pfl, icm_dev_sec and dev_webdisp.

sapwebdisp.pfl

--------------------------------------------------------------------------

more sapwebdisp.pfl
#Profile generated by sapwebdisp bootstrap

# unique instance number
SAPSYSTEM = 01

# add default directory settings
DIR_EXECUTABLE = /usr/sap/sid/sapwebdisp

DIR_INSTANCE = /usr/sap/sid/secudir

ssl/ssl_lib = /usr/sap/sid/sapwebdisp/libsapcrypto.so
ssl/server_pse = /usr/sap/sid/secudir/sec/SAPSSL.pse

# Accessibility of Message Servers
rdisp/mshost = ephostname.company name.in
ms/http_port = 8101

# SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100

wdisp/shm_attach_mode = 6

# configuration for default scenario (medium size)
icm/max_conn      = 500
icm/max_sockets   = 1024
icm/req_queue_len = 500
icm/min_threads   = 10
icm/max_threads   = 50
mpi/total_size_MB = 80

#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500

wdisp/HTTPS/max_pooled_con = 500

# SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTPS,PORT=50000
icm/server_port_1 = PROT=HTTP,PORT=0

#to terminate SSL connection
wdisp/ssl_encrypt = 0

#to add the client's protocol into the HTTP header information at the sap webdispatcher
wdisp/add_client_protocol_header = true

#no need for client's own certificate
icm/HTTPS/verify_client = 0

# SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt


sapwebdisp.pfl: END

-----------------------------------------------

dev_icm_sec contents

-----------------------------------------------

more dev_icm_sec

---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------

Mon Jan 27 14:24:26 2014
hostname       webdispserver.companyname.in
logfile name   dev_icm_sec
max file size  512000
switch type    0
max file size  512000
file wrap      0
logging level  2
***********************************************************************************
******                           SECURITY LOG STARTED                        ******
***********************************************************************************


---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------

Mon Jan 27 14:26:54 2014
hostname       webdispserver.companyname.in
logfile name   dev_icm_sec
max file size  512000
switch type    0
max file size  512000
file wrap      0
logging level  2
***********************************************************************************
******                           SECURITY LOG STARTED                        ******
***********************************************************************************


---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------

Mon Jan 27 14:28:26 2014
hostname       webdispserver.companyname.in
logfile name   dev_icm_sec
max file size  512000
switch type    0
max file size  512000
file wrap      0
logging level  2
***********************************************************************************
******                           SECURITY LOG STARTED                        ******
***********************************************************************************


---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------

Mon Jan 27 15:17:22 2014
hostname       webdispserver.companyname.in
logfile name   dev_icm_sec
max file size  512000
switch type    0
max file size  512000
file wrap      0
logging level  2
***********************************************************************************
******                           SECURITY LOG STARTED                        ******
***********************************************************************************


---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------

Tue Feb  4 11:58:23 2014
hostname       webdispserver.companyname.in
logfile name   dev_icm_sec
max file size  512000
switch type    0
max file size  512000
file wrap      0
logging level  2
***********************************************************************************
******                           SECURITY LOG STARTED                        ******
***********************************************************************************

--------------------------------

dev_webdisp log file

--------------------------------

more dev_webdisp

---------------------------------------------------
trc file: "dev_webdisp", trc level: 1, release: "720"
---------------------------------------------------
sysno      01
sid
systemid   274 (HP (IA-64) with HP-UX)
relno      7200
patchlevel 0
patchno    523
intno      20020600
make       multithreaded, ASCII, 64 bit, optimized
profile    /usr/sap/sid/sapwebdisp/sapwebdisp.pfl
pid        12777


[Thr 01] Tue Feb  4 11:58:23 2014
[Thr 01] *** WARNING => The maximum number of sockets supported on this host is 4092.
This is less than the number of sockets configured in parameter icm/max_sockets (8192) [icxxrout_mt. 3436]
[Thr 01] started security log to file ./dev_icm_sec
[Thr 01] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 01] SAP Web Dispatcher running on: webdispserver.companyname.in
[Thr 01] MtxInit: 30001 0 2
[Thr 01] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&webdispserver.companyname.in&12777&) [icxxrout_mt. 1931]
[Thr 02] **** SigHandler: signal 18 received
[Thr 01] IcmInit: listening to admin port: 65000
[Thr 01] MPI: dynamic quotas disabled.
[Thr 01] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
[Thr 01] CCMS: SemInMgt: Semaphore Management initialized by AlAttachShm_Ext.
[Thr 01] CCMS: SemInit: Semaphore 38 initialized by AlAttachShm_Ext.
[Thr 01] IcrCoreInitSessionTable: Session table initialized
[Thr 03] HttpExtractArchive: files from archive /usr/sap/sid/sapwebdisp/wdispadmin.SAR in directory . are up to date
[Thr 03] HttpISubHandlerAdd: Added handler HttpAdminHandler(60000000011d62f0), slot=0, flags=36869) for /sap/wdisp/admin, active: 1, table 60000000011d1fa0
[Thr 03] HttpISubHandlerAdd: Added handler HttpModHandler(60000000011d6380), slot=1, flags=12293) for /, active: 1, table 60000000011d1fa0
[Thr 03] CsiInit(): Initializing the Content Scan Interface
[Thr 03] HP (IA-64) with HP-UX (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 03] CsiInit(): CSA_LIB = "/usr/sap/sid/sapwebdisp/libsapcsa.so"
[Thr 03] HttpISubHandlerAdd: Added handler HttpAuthHandler(60000000011d6410), slot=2, flags=12293) for /, active: 1, table 60000000011d1fa0
[Thr 03] HttpISubHandlerAdd: Added handler HttpWebDispHandler(60000000011d8150), slot=3, flags=1060869) for /, active: 1, table 60000000011d1fa0
[Thr 03] =================================================
[Thr 03] = SSL Initialization    platform tag=(hpia64_11.23_64)
[Thr 03] =   (720_REL,Jan 18 2014,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 03]   profile param "ssl/ssl_lib" = "/usr/sap/sid/sapwebdisp/libsapcrypto.so"
[Thr 03] resulting Filename = "/usr/sap/sid/sapwebdisp/libsapcrypto.so"
[Thr 03] =   found CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.13 pl40 (Jan 16 2014) MT-safe
[Thr 03] =   current UserID: "sidadm",  env-var USER=<not set>
[Thr 03] =   found SECUDIR environment variable
[Thr 03] =   using SECUDIR=/usr/sap/sid/secudir/sec
[Thr 03]   profile param "ssl/server_pse" = "/usr/sap/sid/secudir/sec/SAPSSL.pse"
[Thr 03]            resulting Filename = "/usr/sap/sid/secudir/sec/SAPSSL.pse"
[Thr 03] =  secudessl_Create_SSL_CTX():  PSE "/usr/sap/sid/secudir/sec/SAPSSLC.pse" not found,
[Thr 03] =      using PSE "/usr/sap/sid/secudir/sec/SAPSSL.pse" as fallback
[Thr 03] =  secudessl_Create_SSL_CTX():  PSE "/usr/sap/sid/secudir/sec/SAPSSLA.pse" not found,
[Thr 03] =      using PSE "/usr/sap/sid/secudir/sec/SAPSSL.pse" as fallback
[Thr 03] ******** Warning ********
[Thr 03] *** No SSL-client PSE "SAPSSLC.pse" available
[Thr 03] *** -- this might limit SSL-client side connectivity
[Thr 03] ********
[Thr 03] = Success -- SapCryptoLib SSL ready!
[Thr 03] =================================================
[Thr 03]
[Thr 03] Started service PORT=50000,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=60,VCLIENT=0
[Thr 03] SSL settings: verify_client: 0, cache_size: -1, cache_lifetime: -1, credfile: SAPSSLS.pse, ciphers: default
[Thr 03] Started service PORT=0,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
[Thr 01] IcmCreateWorkerThreads: created worker thread 0
[Thr 01] IcmCreateWorkerThreads: created worker thread 1
[Thr 01] IcmCreateWorkerThreads: created worker thread 2
[Thr 01] IcmCreateWorkerThreads: created worker thread 3
[Thr 01] IcmCreateWorkerThreads: created worker thread 4
[Thr 01] IcmCreateWorkerThreads: created worker thread 5
[Thr 01] IcmCreateWorkerThreads: created worker thread 6
[Thr 01] IcmCreateWorkerThreads: created worker thread 7
[Thr 01] IcmCreateWorkerThreads: created worker thread 8
[Thr 01] IcmCreateWorkerThreads: created worker thread 9
[Thr 15] IcmWatchDogThread: watchdog started

[Thr 02] Tue Feb  4 14:32:45 2014
[Thr 02] **** SigHandler: signal 1 received

[Thr 15] Tue Feb  4 14:32:53 2014
[Thr 15] IcmReInit: reset hostname buf
[Thr 15] IcmReInit: reset server caches
[Thr 15] IcmReInit: activate all schedules
[Thr 15] IcmReInit: reloaded content scanner with rc=0
dev_webdisp: END@

Folks any help is appreciated, thanks 

Former Member
‎01-21-2014 7:41 AM
0 Kudos

Hi Folks this might be a ridiculous question but

1) how do you edit a .PFL file in UNIX somehow the vi editor is not working for me for that particular file type.

Does anybody know how to do that, I need to edit the sapwebdisp.pfl file.

Thanks.

Show replies
Show replies
Former Member
‎01-20-2014 11:57 AM
0 Kudos

Rishi thanks for the quick and prompt replies.

I have some confusion as to my own scenario. I have web dispacther on one Server which does not have a SAP Instance running and I have the EP running on Seperate Servers i.e. Dev, Qua and Prod.

Now When I read the notes that you provided above I am confused as what to do with the following:

1. Copy the library and the "sapgenpse" program to the $DIR_EXECUTABLE directory. Copy the "ticket" file to the $DIR_INSTANCE/sec directory on every application server

2. Set the environment variable SECUDIR to the $DIR_INSTANCE/sec directory for the application server's user, now there is no SAP Instance running on the Server where the Web Dispacther is installed. So do I set this variable on the EP Dev box ??

3. To replace the SAPSECUILIB library with the SAPCRYPTOLIB library, set the following profile parameters and restart the server(s). 

    •     ssf/name    = SAPSECULIB
    •     ssf/ssfapi_lib  = <Path and file name of SAPCRYPTOLIB>
    •     sec/libsapsecu  = <Path and file name of SAPCRYPTOLIB>

           Set these profile parameters in the instance profile and not in the default profile.

Now where do I set these Parameters in the Server where the Web Dispatcher is installed or where the EP Dev Server is present.

OR Shall I INstall the Web dispacther on the same server as the EP Dev.

Help is appreciated.

Show replies
Show replies
Former Member
‎01-21-2014 12:52 AM
0 Kudos

Hi,

I posted one doc earlier but i thing you dint check ...

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60b1edfb-2a5c-2d10-2294-d1777056c...

As you are trying to generate the ssl certs for web dispatcher you need to do them on web dispatcher..

Thanks

Rishi Abrol

Former Member
‎01-21-2014 5:31 AM
0 Kudos

OK Thanks Rishi. I am trying to install this component and will update when this is done.

Thanks man.

Former Member
‎01-17-2014 12:55 PM
0 Kudos

Hi Folks,

We have decide to install the SAP WebDispatcher after all, I am moving along but unfortunately I am stcuk at one point where when I am trying to uncar the sapgenpse.sar file the HP-UX is not allowing me to make the dir.

I am posting the detailed error below, I have changed the permissions as well but to no avail.

------------------------------------------------

SAPCAR: processing archive sapgenpse_3-20000565.sar (version 2.00)

x /QSYS.LIB/R3FIX640U.LIB/SAPGENPSE.FILE

SAPCAR: can not create directory /QSYS.LIB/R3FIX640U.LIB/SAPGENPSE.FILE (error 3). Permission denied

I don't know what is going wrong any suggestions are welcome. I have created the webdisp.pfl file and I am stuck at the following command

./sapgenpse get_pse -p SAPSSL.pse -x PIN -r SAPSSL.req "CN=<hostname>, OU=RIG, O=SAP, C=SG"

help is appreciated, thanks in advance.

Show replies
Show replies
Former Member
‎01-17-2014 1:21 PM
0 Kudos

Hi,



SAPCAR: processing archive sapgenpse_3-20000565.sar (version 2.00)


x /QSYS.LIB/R3FIX640U.LIB/SAPGENPSE.FILE


SAPCAR: can not create directory /QSYS.LIB/R3FIX640U.LIB/SAPGENPSE.FILE (error 3). Permission denied

This looks like to be that you dont have full permission . Try one thing.

create one directory in tmp and try to uncar this file..

What is the file...

Why don't you download the sapcrypto files as they will have all the files..

SAPCRYPTOLIB software download (traditional multi-library archives

for manual install according to SAP Note 510007, and used by

SAPINST in 70x, 71x):

  http://service.sap.com/TCS

  Download Area -> SAP Cryptographic Software

alterative:

  http://service.sap.com/swdc

  -> Support Packages and Patches

    -> Browse Download Catalog

      -> SAP Cryptographic Software


Please use the below doc to configure the web dispatcher.


A How-to Guide about "How To Configure SAP Web Dispatcher for SSL" is provided on SDN at the following address: https://www.sdn.sap.com/irj/sdn/howtoguides under "SAP Web Application Server".



Thanks

Rishi Abrol


Former Member
‎01-20-2014 5:37 AM
0 Kudos

Hi Rishi,

Thanks for the help I found the sapgenpse in the dir named Hp-ux****.

But when I run the sapgenpse it gives me the following error man, I would appreciate all the help that I can get man.

Following is the error:

-------------------------------------------------

**********************************************************************
  **   sapgenpse WARNING:  Environment variable "USER" not defined!   **
  ** ---------------------------------------------------------------- **
  **  Please define the USER environment variable *AND* insert        **
  **  the definition into the startup script of your Unix shell,      **
  **  or you may get problems accessing credentials created           **
  **  through 'seclogin'!                                             **
  **                                                                  **
  **  Examples additions for your shell startup scripts:              **
  **                                                                  **
  **  (sh):  if [ "$USER" = "" ];then USER="`whoami`";export USER;fi  **
  ** (csh):  if ( $?USER == 0 ) setenv USER "`whoami`"                **
  **                                                                  **
  **  You appear to have a csh-style login shell                      **
  **********************************************************************

Couldn't load function "sapcr_cert2p7" from shared library "libsapcrypto.so"

I am logged in with the <sidadm> user.

Former Member
‎01-20-2014 6:43 AM
0 Kudos

Hi,

Please check the below note.

Note 800240 - FAQ: SAP Cryptographic Library error analysis (App. Server). Would be helpful.

and

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a2909b90-0201-0010-6da4-e1b600a4...

in page 13 also helpful

Thanks

Rishi Abrol

Former Member
‎01-20-2014 6:50 AM
0 Kudos

Missed to attach these two notes...

1471126 - STRUST: How to correctly install SAPCRYPTOLIB

1525059 - Analysis of Problems Accessing a PSE via Credentials


Thanks

Rihsi Abrol

Former Member
‎01-14-2014 5:13 AM
0 Kudos

Thank you all for the help,

What my company really wants to do is redirect

http://<Hostname1>:5<instancenumber>00>/irj/portal to

https://<hostname2>:5<instancenumber>00>/irj/portal

Hostname has also been modified to go to a new hostname, but the IP Address is the same.

Now I have tried to go into http://<Hostname>:5<instancenumber>00>nwa and went into virtual hosts and created a new virtual host apart from the default one.

I am still doing R&D in Dev and Qua. We are using a thrid party load balancer and not the standar SAP Web Dispatcher.

Help is appreciated

Show replies
Show replies
Former Member
‎01-14-2014 3:28 AM
0 Kudos

Hi,

Enterprise Portal is redirecting on to HTTP and we want it to Redirect it to a Secure HTTPS

can you please explain more what do you want to redirect.....

Is this redirected application sap or non sap.

Thanks

Rishi Abrol

Show replies
Show replies
Former Member
‎01-13-2014 5:03 PM
0 Kudos

It is true that the tool might rewrite URLs but I doubt it. Rather than looking only at that tool, you might want to also look into how the involved SAP components determine and generate URLs. To begin, share the version details (incl. EHPs, SPs and patch levels) of what SAP components are involved. In order to help you with the Who's who problem, one has to first know what version you are using because the configuration is determined by it. With older versions the URL generation is determined by portal system landscape configuration (the system object), in newer versions Launchpad and/or backend configuration can be used.

Show replies
Show replies
nol_hendrikx
Active Contributor
‎01-13-2014 3:41 PM
0 Kudos

You can use an http watcher (http watcher, fiddler or chrome developer toolbar - network) to find out what is being redirected. Maybe you can click on some http responses to find out what kind of software it is?

Show replies
Show replies
Ask a Question