on 01-09-2014 8:55 AM
Hi Folks,
I am new to this Enterprise Portal, but here is the Situation.
Enterprise Portal is redirecting on to HTTP and we want it to Redirect it to a Secure HTTPS, we are not using SAP Web Dispatcher but a third party tool.
I have no idea which tool it is since the good folks that installed and configured that tool are gone and have left without a KT.
I would appreciate any help that I can get here.
The problem that I am facing is that the Who's who page is not redirecting properly and that is what I want resolved.
Thanks in advance.
Good Folks, I am still getting the following error any insgihts into this would be of great help.
sapgenpse get_pse –p SAPSSL.pse –x abcpin –r abc.req "CN=host123.mycompany.com, OU=I1234567890-MyCompany, OU=SAP Web AS, O=SAP Trust Community, C=DE"
Following is the error:
-------------------------------------------------
**********************************************************************
** sapgenpse WARNING: Environment variable "USER" not defined! **
** ---------------------------------------------------------------- **
** Please define the USER environment variable *AND* insert **
** the definition into the startup script of your Unix shell, **
** or you may get problems accessing credentials created **
** through 'seclogin'! **
** **
** Examples additions for your shell startup scripts: **
** **
** (sh): if [ "$USER" = "" ];then USER="`whoami`";export USER;fi **
** (csh): if ( $?USER == 0 ) setenv USER "`whoami`" **
** **
** You appear to have a csh-style login shell **
**********************************************************************
Couldn't load function "sapcr_cert2p7" from shared library "libsapcrypto.so"
I am logged in with the <sidadm> user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Folks, I have successfully installed the SAP Web Dispatcher. SSL Encryption is also done with.
I am stuck at the poiunt where the URL Redirection is not working.
I am going to explain the scenario again.
---------------------------------------------------------------------------------
Help is appreciated I am attaching the following files in this message, sapwebdisp.pfl, icm_dev_sec and dev_webdisp.
sapwebdisp.pfl
--------------------------------------------------------------------------
more sapwebdisp.pfl
#Profile generated by sapwebdisp bootstrap
# unique instance number
SAPSYSTEM = 01
# add default directory settings
DIR_EXECUTABLE = /usr/sap/sid/sapwebdisp
DIR_INSTANCE = /usr/sap/sid/secudir
ssl/ssl_lib = /usr/sap/sid/sapwebdisp/libsapcrypto.so
ssl/server_pse = /usr/sap/sid/secudir/sec/SAPSSL.pse
# Accessibility of Message Servers
rdisp/mshost = ephostname.company name.in
ms/http_port = 8101
# SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
# configuration for default scenario (medium size)
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500
wdisp/HTTPS/max_pooled_con = 500
# SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTPS,PORT=50000
icm/server_port_1 = PROT=HTTP,PORT=0
#to terminate SSL connection
wdisp/ssl_encrypt = 0
#to add the client's protocol into the HTTP header information at the sap webdispatcher
wdisp/add_client_protocol_header = true
#no need for client's own certificate
icm/HTTPS/verify_client = 0
# SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
sapwebdisp.pfl: END
-----------------------------------------------
dev_icm_sec contents
-----------------------------------------------
more dev_icm_sec
---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------
Mon Jan 27 14:24:26 2014
hostname webdispserver.companyname.in
logfile name dev_icm_sec
max file size 512000
switch type 0
max file size 512000
file wrap 0
logging level 2
***********************************************************************************
****** SECURITY LOG STARTED ******
***********************************************************************************
---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------
Mon Jan 27 14:26:54 2014
hostname webdispserver.companyname.in
logfile name dev_icm_sec
max file size 512000
switch type 0
max file size 512000
file wrap 0
logging level 2
***********************************************************************************
****** SECURITY LOG STARTED ******
***********************************************************************************
---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------
Mon Jan 27 14:28:26 2014
hostname webdispserver.companyname.in
logfile name dev_icm_sec
max file size 512000
switch type 0
max file size 512000
file wrap 0
logging level 2
***********************************************************************************
****** SECURITY LOG STARTED ******
***********************************************************************************
---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------
Mon Jan 27 15:17:22 2014
hostname webdispserver.companyname.in
logfile name dev_icm_sec
max file size 512000
switch type 0
max file size 512000
file wrap 0
logging level 2
***********************************************************************************
****** SECURITY LOG STARTED ******
***********************************************************************************
---------------------------------------------------
trc file: "dev_icm_sec", trc level: 1, release: "720"
---------------------------------------------------
Tue Feb 4 11:58:23 2014
hostname webdispserver.companyname.in
logfile name dev_icm_sec
max file size 512000
switch type 0
max file size 512000
file wrap 0
logging level 2
***********************************************************************************
****** SECURITY LOG STARTED ******
***********************************************************************************
--------------------------------
dev_webdisp log file
--------------------------------
more dev_webdisp
---------------------------------------------------
trc file: "dev_webdisp", trc level: 1, release: "720"
---------------------------------------------------
sysno 01
sid
systemid 274 (HP (IA-64) with HP-UX)
relno 7200
patchlevel 0
patchno 523
intno 20020600
make multithreaded, ASCII, 64 bit, optimized
profile /usr/sap/sid/sapwebdisp/sapwebdisp.pfl
pid 12777
[Thr 01] Tue Feb 4 11:58:23 2014
[Thr 01] *** WARNING => The maximum number of sockets supported on this host is 4092.
This is less than the number of sockets configured in parameter icm/max_sockets (8192) [icxxrout_mt. 3436]
[Thr 01] started security log to file ./dev_icm_sec
[Thr 01] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 01] SAP Web Dispatcher running on: webdispserver.companyname.in
[Thr 01] MtxInit: 30001 0 2
[Thr 01] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&webdispserver.companyname.in&12777&) [icxxrout_mt. 1931]
[Thr 02] **** SigHandler: signal 18 received
[Thr 01] IcmInit: listening to admin port: 65000
[Thr 01] MPI: dynamic quotas disabled.
[Thr 01] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
[Thr 01] CCMS: SemInMgt: Semaphore Management initialized by AlAttachShm_Ext.
[Thr 01] CCMS: SemInit: Semaphore 38 initialized by AlAttachShm_Ext.
[Thr 01] IcrCoreInitSessionTable: Session table initialized
[Thr 03] HttpExtractArchive: files from archive /usr/sap/sid/sapwebdisp/wdispadmin.SAR in directory . are up to date
[Thr 03] HttpISubHandlerAdd: Added handler HttpAdminHandler(60000000011d62f0), slot=0, flags=36869) for /sap/wdisp/admin, active: 1, table 60000000011d1fa0
[Thr 03] HttpISubHandlerAdd: Added handler HttpModHandler(60000000011d6380), slot=1, flags=12293) for /, active: 1, table 60000000011d1fa0
[Thr 03] CsiInit(): Initializing the Content Scan Interface
[Thr 03] HP (IA-64) with HP-UX (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 03] CsiInit(): CSA_LIB = "/usr/sap/sid/sapwebdisp/libsapcsa.so"
[Thr 03] HttpISubHandlerAdd: Added handler HttpAuthHandler(60000000011d6410), slot=2, flags=12293) for /, active: 1, table 60000000011d1fa0
[Thr 03] HttpISubHandlerAdd: Added handler HttpWebDispHandler(60000000011d8150), slot=3, flags=1060869) for /, active: 1, table 60000000011d1fa0
[Thr 03] =================================================
[Thr 03] = SSL Initialization platform tag=(hpia64_11.23_64)
[Thr 03] = (720_REL,Jan 18 2014,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 03] profile param "ssl/ssl_lib" = "/usr/sap/sid/sapwebdisp/libsapcrypto.so"
[Thr 03] resulting Filename = "/usr/sap/sid/sapwebdisp/libsapcrypto.so"
[Thr 03] = found CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.13 pl40 (Jan 16 2014) MT-safe
[Thr 03] = current UserID: "sidadm", env-var USER=<not set>
[Thr 03] = found SECUDIR environment variable
[Thr 03] = using SECUDIR=/usr/sap/sid/secudir/sec
[Thr 03] profile param "ssl/server_pse" = "/usr/sap/sid/secudir/sec/SAPSSL.pse"
[Thr 03] resulting Filename = "/usr/sap/sid/secudir/sec/SAPSSL.pse"
[Thr 03] = secudessl_Create_SSL_CTX(): PSE "/usr/sap/sid/secudir/sec/SAPSSLC.pse" not found,
[Thr 03] = using PSE "/usr/sap/sid/secudir/sec/SAPSSL.pse" as fallback
[Thr 03] = secudessl_Create_SSL_CTX(): PSE "/usr/sap/sid/secudir/sec/SAPSSLA.pse" not found,
[Thr 03] = using PSE "/usr/sap/sid/secudir/sec/SAPSSL.pse" as fallback
[Thr 03] ******** Warning ********
[Thr 03] *** No SSL-client PSE "SAPSSLC.pse" available
[Thr 03] *** -- this might limit SSL-client side connectivity
[Thr 03] ********
[Thr 03] = Success -- SapCryptoLib SSL ready!
[Thr 03] =================================================
[Thr 03]
[Thr 03] Started service PORT=50000,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=60,VCLIENT=0
[Thr 03] SSL settings: verify_client: 0, cache_size: -1, cache_lifetime: -1, credfile: SAPSSLS.pse, ciphers: default
[Thr 03] Started service PORT=0,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
[Thr 01] IcmCreateWorkerThreads: created worker thread 0
[Thr 01] IcmCreateWorkerThreads: created worker thread 1
[Thr 01] IcmCreateWorkerThreads: created worker thread 2
[Thr 01] IcmCreateWorkerThreads: created worker thread 3
[Thr 01] IcmCreateWorkerThreads: created worker thread 4
[Thr 01] IcmCreateWorkerThreads: created worker thread 5
[Thr 01] IcmCreateWorkerThreads: created worker thread 6
[Thr 01] IcmCreateWorkerThreads: created worker thread 7
[Thr 01] IcmCreateWorkerThreads: created worker thread 8
[Thr 01] IcmCreateWorkerThreads: created worker thread 9
[Thr 15] IcmWatchDogThread: watchdog started
[Thr 02] Tue Feb 4 14:32:45 2014
[Thr 02] **** SigHandler: signal 1 received
[Thr 15] Tue Feb 4 14:32:53 2014
[Thr 15] IcmReInit: reset hostname buf
[Thr 15] IcmReInit: reset server caches
[Thr 15] IcmReInit: activate all schedules
[Thr 15] IcmReInit: reloaded content scanner with rc=0
dev_webdisp: END@
Folks any help is appreciated, thanks
Hi Folks this might be a ridiculous question but
1) how do you edit a .PFL file in UNIX somehow the vi editor is not working for me for that particular file type.
Does anybody know how to do that, I need to edit the sapwebdisp.pfl file.
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Rishi thanks for the quick and prompt replies.
I have some confusion as to my own scenario. I have web dispacther on one Server which does not have a SAP Instance running and I have the EP running on Seperate Servers i.e. Dev, Qua and Prod.
Now When I read the notes that you provided above I am confused as what to do with the following:
1. Copy the library and the "sapgenpse" program to the $DIR_EXECUTABLE directory. Copy the "ticket" file to the $DIR_INSTANCE/sec directory on every application server
2. Set the environment variable SECUDIR to the $DIR_INSTANCE/sec directory for the application server's user, now there is no SAP Instance running on the Server where the Web Dispacther is installed. So do I set this variable on the EP Dev box ??
3. To replace the SAPSECUILIB library with the SAPCRYPTOLIB library, set the following profile parameters and restart the server(s).
Set these profile parameters in the instance profile and not in the default profile.
Now where do I set these Parameters in the Server where the Web Dispatcher is installed or where the EP Dev Server is present.
OR Shall I INstall the Web dispacther on the same server as the EP Dev.
Help is appreciated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I posted one doc earlier but i thing you dint check ...
As you are trying to generate the ssl certs for web dispatcher you need to do them on web dispatcher..
Thanks
Rishi Abrol
Hi Folks,
We have decide to install the SAP WebDispatcher after all, I am moving along but unfortunately I am stcuk at one point where when I am trying to uncar the sapgenpse.sar file the HP-UX is not allowing me to make the dir.
I am posting the detailed error below, I have changed the permissions as well but to no avail.
------------------------------------------------
SAPCAR: processing archive sapgenpse_3-20000565.sar (version 2.00)
x /QSYS.LIB/R3FIX640U.LIB/SAPGENPSE.FILE
SAPCAR: can not create directory /QSYS.LIB/R3FIX640U.LIB/SAPGENPSE.FILE (error 3). Permission denied
I don't know what is going wrong any suggestions are welcome. I have created the webdisp.pfl file and I am stuck at the following command
./sapgenpse get_pse -p SAPSSL.pse -x PIN -r SAPSSL.req "CN=<hostname>, OU=RIG, O=SAP, C=SG"
help is appreciated, thanks in advance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
SAPCAR: processing archive sapgenpse_3-20000565.sar (version 2.00)
x /QSYS.LIB/R3FIX640U.LIB/SAPGENPSE.FILE
SAPCAR: can not create directory /QSYS.LIB/R3FIX640U.LIB/SAPGENPSE.FILE (error 3). Permission denied
This looks like to be that you dont have full permission . Try one thing.
create one directory in tmp and try to uncar this file..
What is the file...
Why don't you download the sapcrypto files as they will have all the files..
SAPCRYPTOLIB software download (traditional multi-library archives
for manual install according to SAP Note 510007, and used by
SAPINST in 70x, 71x):
Download Area -> SAP Cryptographic Software
alterative:
-> Support Packages and Patches
-> Browse Download Catalog
-> SAP Cryptographic Software
Please use the below doc to configure the web dispatcher.
A How-to Guide about "How To Configure SAP Web Dispatcher for SSL" is provided on SDN at the following address: https://www.sdn.sap.com/irj/sdn/howtoguides under "SAP Web Application Server". |
Thanks
Rishi Abrol
Hi Rishi,
Thanks for the help I found the sapgenpse in the dir named Hp-ux****.
But when I run the sapgenpse it gives me the following error man, I would appreciate all the help that I can get man.
Following is the error:
-------------------------------------------------
**********************************************************************
** sapgenpse WARNING: Environment variable "USER" not defined! **
** ---------------------------------------------------------------- **
** Please define the USER environment variable *AND* insert **
** the definition into the startup script of your Unix shell, **
** or you may get problems accessing credentials created **
** through 'seclogin'! **
** **
** Examples additions for your shell startup scripts: **
** **
** (sh): if [ "$USER" = "" ];then USER="`whoami`";export USER;fi **
** (csh): if ( $?USER == 0 ) setenv USER "`whoami`" **
** **
** You appear to have a csh-style login shell **
**********************************************************************
Couldn't load function "sapcr_cert2p7" from shared library "libsapcrypto.so"
I am logged in with the <sidadm> user.
Hi,
Please check the below note.
Note 800240 - FAQ: SAP Cryptographic Library error analysis (App. Server). Would be helpful.
and
in page 13 also helpful
Thanks
Rishi Abrol
Missed to attach these two notes...
1471126 - STRUST: How to correctly install SAPCRYPTOLIB
1525059 - Analysis of Problems Accessing a PSE via Credentials
Thanks
Rihsi Abrol
Thank you all for the help,
What my company really wants to do is redirect
http://<Hostname1>:5<instancenumber>00>/irj/portal to
https://<hostname2>:5<instancenumber>00>/irj/portal
Hostname has also been modified to go to a new hostname, but the IP Address is the same.
Now I have tried to go into http://<Hostname>:5<instancenumber>00>nwa and went into virtual hosts and created a new virtual host apart from the default one.
I am still doing R&D in Dev and Qua. We are using a thrid party load balancer and not the standar SAP Web Dispatcher.
Help is appreciated
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Enterprise Portal is redirecting on to HTTP and we want it to Redirect it to a Secure HTTPS
can you please explain more what do you want to redirect.....
Is this redirected application sap or non sap.
Thanks
Rishi Abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It is true that the tool might rewrite URLs but I doubt it. Rather than looking only at that tool, you might want to also look into how the involved SAP components determine and generate URLs. To begin, share the version details (incl. EHPs, SPs and patch levels) of what SAP components are involved. In order to help you with the Who's who problem, one has to first know what version you are using because the configuration is determined by it. With older versions the URL generation is determined by portal system landscape configuration (the system object), in newer versions Launchpad and/or backend configuration can be used.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can use an http watcher (http watcher, fiddler or chrome developer toolbar - network) to find out what is being redirected. Maybe you can click on some http responses to find out what kind of software it is?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.