cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setup two different ABAP AS (ERP + EIC) as Service Providers through the same SAP Web Dispatcher

pieterjanssens
Active Participant

on ‎02-08-2017 12:55 PM

0 Kudos

I finished setting up SAML2 for our ERP ABAP AS system.

Using a SAP Web Dispatcher it is required to access the SAML setup page through the web dispatcher in order to get the correct URL's in the metadata export.

I now want to configure our other ABAP AS system to use SAML and this system is used over the same SAP Web Dispatcher. The problem now is that both ABAP AS servers are using the same relative paths for the SAML (SICF) services.

Below you can see the SAP Web Dispatcher config that we have in place. Using the URL prefix we can distinguish between EIC (crm_ui_start) and ERP (Fiori, Web GUI, HR Renewal).

wdisp/system_0 = SID=DHE, MSHOST=hostname_eic,
MSPORT=8150, SSL_ENCRYPT=0,
SRCURL=/sap/bc/bsp/sap/crm_ui_start;/sap(*)/bc/bsp/sap/crm_ui_start

wdisp/system_1 = SID=DHC, MSHOST=hostname_erp,
MSPORT=8120, SSL_ENCRYPT=0, SRCURL=/sap

wdisp/system_2 = SID=DHP, MSHOST=hostname_portal,
MSPORT=8131, SSL_ENCRYPT=0, SRCURL=/

First issue is I can't access the SAML2 config page (/sap/bc/webdynpro/sap/saml2) on the EIC system since the path /sap is leading to the ERP system. I could manually change all the hostnames in the exported metadata file, but I cannot see how we can get both systems to work with SAML since the Identity Provider will have the exact same SAML endpoints for both systems. e.g. https://hostname_webdisp/sap/saml2/sp/acs/010

Show replies
Show replies
gregorw
Active Contributor
‎02-08-2017 3:47 PM

Hi Pieter,

the easiest option would be to configure two different virtual hosts. One called:

dhc.company.local
and another
dhp.company.local

That way you have separate access URL's and remove all issues trying to access the same path on different backend system. Would that be a valid option?

Best regards
Gregor

pieterjanssens
Active Participant
‎02-08-2017 3:58 PM
0 Kudos

Hi Gregor,

That sure sounds like a good option. The setup of the virtual host is done entirely in the Web Dispatcher config right?

And besides that I would only have to set the hostnames in HTTPURLLOC for each system and regenerate the metadata?

I quickly googled "web dispatcher virtual hosts" but looking at https://launchpad.support.sap.com/#/notes/2010948 it says something about "Requests with HTTP host headers". That part confuses me.

wdisp/system_0 = SID=DHE, MSHOST=hostname_eic,
MSPORT=8150, SSL_ENCRYPT=0,
SRCVHOST=dhe

wdisp/system_1 = SID=DHC, MSHOST=hostname_erp,
MSPORT=8120, SSL_ENCRYPT=0, SRCVHOST=dhc

wdisp/system_2 = SID=DHP, MSHOST=hostname_portal,
MSPORT=8131, SSL_ENCRYPT=0, SRCVHOST=dhp

Would this be the correct setup to reach the systems through dhe.webdisphost.local / dhc.webdisphost.local and dhp.webdisphost.local?

Best regards,

Pieter

gregorw
Active Contributor
‎02-10-2017 9:53 PM
0 Kudos

Hi Pieter,

you found the right resources. In addition to the configuration in Web Dispatcher you have to talk to your DNS admin to get the names pointing to the Web Dispatcher IP. But together with what you described that should be it. I would only strongly recommend to switch to HTTPS.

CU
Gregor

Answer

Accepted Solutions (0)

Answers (0)

Ask a Question