Skip to Content
0

Setup two different ABAP AS (ERP + EIC) as Service Providers through the same SAP Web Dispatcher

Feb 08, 2017 at 12:55 PM

108

avatar image
Former Member

I finished setting up SAML2 for our ERP ABAP AS system.

Using a SAP Web Dispatcher it is required to access the SAML setup page through the web dispatcher in order to get the correct URL's in the metadata export.

I now want to configure our other ABAP AS system to use SAML and this system is used over the same SAP Web Dispatcher. The problem now is that both ABAP AS servers are using the same relative paths for the SAML (SICF) services.

Below you can see the SAP Web Dispatcher config that we have in place. Using the URL prefix we can distinguish between EIC (crm_ui_start) and ERP (Fiori, Web GUI, HR Renewal).

wdisp/system_0 = SID=DHE, MSHOST=hostname_eic,
MSPORT=8150, SSL_ENCRYPT=0,
SRCURL=/sap/bc/bsp/sap/crm_ui_start;/sap(*)/bc/bsp/sap/crm_ui_start

wdisp/system_1 = SID=DHC, MSHOST=hostname_erp,
MSPORT=8120, SSL_ENCRYPT=0, SRCURL=/sap

wdisp/system_2 = SID=DHP, MSHOST=hostname_portal,
MSPORT=8131, SSL_ENCRYPT=0, SRCURL=/

First issue is I can't access the SAML2 config page (/sap/bc/webdynpro/sap/saml2) on the EIC system since the path /sap is leading to the ERP system. I could manually change all the hostnames in the exported metadata file, but I cannot see how we can get both systems to work with SAML since the Identity Provider will have the exact same SAML endpoints for both systems. e.g. https://hostname_webdisp/sap/saml2/sp/acs/010

10 |10000 characters needed characters left characters exceeded

Hi Pieter,

the easiest option would be to configure two different virtual hosts. One called:

dhc.company.local
and another
dhp.company.local

That way you have separate access URL's and remove all issues trying to access the same path on different backend system. Would that be a valid option?

Best regards
Gregor

2
Former Member
Gregor Wolf

Hi Gregor,

That sure sounds like a good option. The setup of the virtual host is done entirely in the Web Dispatcher config right?

And besides that I would only have to set the hostnames in HTTPURLLOC for each system and regenerate the metadata?

I quickly googled "web dispatcher virtual hosts" but looking at https://launchpad.support.sap.com/#/notes/2010948 it says something about "Requests with HTTP host headers". That part confuses me.

wdisp/system_0 = SID=DHE, MSHOST=hostname_eic,
MSPORT=8150, SSL_ENCRYPT=0,
SRCVHOST=dhe

wdisp/system_1 = SID=DHC, MSHOST=hostname_erp,
MSPORT=8120, SSL_ENCRYPT=0, SRCVHOST=dhc

wdisp/system_2 = SID=DHP, MSHOST=hostname_portal,
MSPORT=8131, SSL_ENCRYPT=0, SRCVHOST=dhp

Would this be the correct setup to reach the systems through dhe.webdisphost.local / dhc.webdisphost.local and dhp.webdisphost.local?

Best regards,

Pieter

0

Hi Pieter,

you found the right resources. In addition to the configuration in Web Dispatcher you have to talk to your DNS admin to get the names pointing to the Web Dispatcher IP. But together with what you described that should be it. I would only strongly recommend to switch to HTTPS.

CU
Gregor

0
* Please Login or Register to Answer, Follow or Comment.

0 Answers