cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Web dispatcher does not work from internal URL

akash_ahuja
Explorer

on ‎08-23-2015 4:54 AM

0 Kudos

Hi All,

We have implemented SAP web dispatcher for multiple system through Name based virtual system by header values.

We have called four system with different SID's by using different URL and two for java system and two for ABAP system.

we are also using SSL termination in our scenario and everything is working fine from external world but we are facing the isssue through our internal url which works on HTTP we have able to logon successfully to our backend system but when we switch from HTTP to HTTPS internals we have faced mixed protocol warning and navigation is not working in our ESS portal which is configured over  web dynoro JAVA means when i click on somewhere like leave request it's not going forward.

Regards:

Akash Ahuja

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

isaias_freitas
Advisor
Advisor
‎08-23-2015 5:55 PM
0 Kudos

Hello Akash,

We would need more details, like:

  • Web Dispatcher profile;
  • hostnames and ports (internal and external) - it is ok not to share the real hostnames, just map the real hostnames to "fake" hostnames (so you know of what we would be talking about) and share the "fake" hostnames here;
  • If one of the Java systems is an SAP Portal, details of the "WebAS" and "ITS" properties of the system object related to the other ABAP systems (these should actually point to the Web Dispatcher).

Regards,

Isaías

Show replies
Show replies
akash_ahuja
Explorer
‎08-24-2015 5:54 AM
0 Kudos

Hi Isaías,

External Port, 443 and 80

External URl for Java - ess.domain.com(HTTPS)

Internal URL for JAVA- java.domain.com(HTTP)

External URL for ABAP - essb.domain.com(HTTPs)

internal URL for ABAP- abap.domain.com(HTTP)

WEB AS maintain - https://ess.domain.com cause we are using webdynpro JAVA which uses JCO connection.

ITS maintain- essb.domain.com(Web dispatcher URL)

Everything is working fine from external URL but while login from external URL https://ess.domain.com

but while accessing data from http://java.domain.com(inernal URL) we are facing issue while data is pull from back end it's access the data through reverse proxy and gives mixed content waning and also while clicking on ESS application like leave request it's not showing any mixed content warning but navigation is not happening in this case means no data is coming and while clicking on button.

please find web dispatcher profile:-

# Profile generated by sapwebdisp bootstrap

# unique instance identifier

SAPSYSTEMNAME = WDP

# unique instance number

SAPSYSTEM = 20

# add default directory settings

DIR_INSTANCE = /root/dispatcher

DIR_EXECUTABLE = $(DIR_INSTANCE)

DIR_PROFILE = $(DIR_INSTANCE)

DIR_HOME = $(DIR_INSTANCE)

Autostart = 1

Restart_Program_00 = local $(DIR_EXECUTABLE)/sapwebdisp$(FT_EXE) pf=$(DIR_PROFILE)/sapwebdisp.pfl

#-----------------------------------------------------------------------

# Accesssability of Message Server

#-----------------------------------------------------------------------

wdisp/system_0 = SID=EPP, MSHOST=java, MSPORT=8101

wdisp/system_1 = SID=RP1, MSHOST=abap, MSPORT=8300

#-----------------------------------------------------------------------

icm/max_conn      = 2000

icm/max_sockets   = ($(icm/max_conn) * 2)

icm/req_queue_len = 6000

icm/min_threads   = 10

icm/max_threads   = 500

mpi/total_size_MB = (min(0.06 * $(icm/max_conn) + 50, 2000))

mpi/max_pipes = ($(icm/max_conn))

wdisp/HTTP/max_pooled_con = ($(icm/max_conn))

wdisp/HTTPS/max_pooled_con = ($(icm/max_conn))

#-----------------------------------------------------------------------

# SAP Web Dispatcher Ports

#-----------------------------------------------------------------------

wdisp/ssl_ignore_host_mismatch = 1

wdisp/ssl_encrypt = 0

icm/server_port_0 = PROT=HTTPS,HOST=ess.domain.com,PORT=443,EXTBIND=1

icm/server_port_1 = PROT=HTTP,PORT=80

#icm/server_port_4 = PROT=HTTP,PORT=0

#icm/HTTP/redirect_0 = PREFIX=/,TO=/irj/portal,FROMPROT=HTTP,PROT=HTTPS

#icm/HTTP/redirect_1 = PREFIX=/,TO=/irj/portal,FROMPROT=HTTP,PROT=

icm/HTTP/mod_0 = PREFIX=/,FILE =/root/dispatcher/icm_filter.txt

#icm/HTTP/redirect_0 = PREFIX=/,TO=/irj/portal

wdisp/add_client_protocol_header = true

wdisp/add_xforwardedfor_header = true

wdisp/permission_table = /root/dispatcher/ptab

icm/HTTPS/verify_client = 0

icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,PORT=443,DOCROOT=./admin,AUTHFILE=icmauth.txt

#icm/HTTP/admin_0 = PREFIX=/sap/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),PORT=81$$

ssl/ssl_lib = /root/dispatcher/libsapcrypto.so

sec/libsapsecu = $(ssl/ssl_lib)

ssf/ssfapi_lib = $(ssl/ssl_lib)

ssl/server_pse=/root/dispatcher/sec/SAPSSL.pse

rdisp/TRACE = 1

Regards:

Akash Ahuja

isaias_freitas
Advisor
Advisor
‎08-25-2015 12:07 AM
0 Kudos

Hello Akash,

So, all works fine if you access the external URL.

However, when you access the Portal through the internal URL (java.domain.com) you see issues.

Please create a second system object dedicated for internal users only.

The properties of this system object should point to the internal URLs, not the Web Dispatcher.

Of course, you would also have to create new iViews, etc., so the internal users perform the access using the "internal system object", and the external users will continue to use the existing setup.

If this is not a suitable solution, what I can suggest is for you to make internal users be able to access the Web Dispatcher as well, through the same URLs.

It does not need to be the same Web Dispatcher, actually, as long as it is a Web Dispatcher with the same settings and the end users can access it using the same hostnames (but with internal IP addresses).

Regards,

Isaías

akash_ahuja
Explorer
‎08-25-2015 5:30 AM
0 Kudos

HI Isaias ,

We have tried to route our all users through proxy mapping setting in portal with same dispatcher system but when user logon to CRM and BW system via portal it's shows mixed mode warning for show content cause it switch HTTPS to HTTP which resolved by enabling the mixed mode in internet setting but i don't thing so it' recommended   setting for users.

is there any setting by which we avoid this warning.

we have also one more issue for multi domain in which SSO is not possible to other domain for this we have found the below solution

ume.login.mdc.hosts= java.firstdomain.com

but when i logon from second domain it's not generate cookie for first domain so SSO doesn't happen.

please suggest which entry should be maintained there.

Regards:

Akash Ahjjuja

isaias_freitas
Advisor
Advisor
‎08-25-2015 1:13 PM
0 Kudos

Hello Akash,

If the Java and ABAP have different domains, the best option (for the SSO to work) is to perform the access through the Web Dispatcher (or another load balancer, proxy, ...).

About the mixed content, indeed that is not the recommended setup.

Confirm that the parameter "wdisp/add_client_protocol_header = true" is set at your Web Dispatcher.

If it is not set, maintain it and restart the Web Disp.

Another verification you can make is at the system object(s). Confirm that the "WebAS" and "ITS" options have the protocol set to "https".

Regards,

Isaías

Ask a Question