cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STS: Portal HTTPS to BSP HTTP transfer issue

Former Member

on ‎01-29-2007 10:03 PM

0 Kudos

Hi Experts,

We have the following issue.

We use portal with SSL, and we put SSL on out BW backend system. We also use STS, and we created a BSP iView in the portal to use STS inside portal.

The problem occurs when a link to the iView is clicked. What happens is that when the iView is being loaded, all the session cookies are getting blocked for some reason, so that clicking on any link in STS results in timeout error.

My observation is that STS only uses SSL for the login page. So when a request comes through the portal that uses SSL it goes to a BSP iView without an SSL (you get the warning that you are about to display non-secure items).

A workaround solution is to goo to IE properties, security/privacy and click the "Allow all session cookies" checkbox. This a bad solution because it involves telling users to configure their browser. I am wondering if anybody had the same or similar issue, and if there is any other resolution then just explicitly allowing cookies in the browser.

We have another environment setup in QA that does NOT use SSL for either portal or a backend BW, and this problem with cookies does not happen there. I am guessing it has something to do with a switch from HTTPS to an HTTP request when it comes through the portal.

Please let me know if you know how to resolve this.

Thank you,

AG

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member93896
Active Contributor
‎02-09-2007 4:12 AM
0 Kudos

Hello AG,

please see SAP note <a href="http://service.sap.com/sap/support/notes/984708">984708</a>.

Regards,

Marc

SAP NetWeaver RIG

Show replies
Show replies
Former Member
‎02-10-2007 11:20 PM
0 Kudos

Hi Marc,

Thank you very much. The note helped us ensure that all the STS pages are using HTTPS protocol. There is still one issue remaining though.

When STS generates its start URL, for some reason it starts with HTTP, not HTTPS. It is evident when you go to BPS_TC tcode and try to execute option "Test call with display of URL". The URL that gets displayed is for example:

http://test.somedomain.com:8000/sap/bc/bsp/sap/tunguska/start_sts2.htm?teilplan=ZBUDGET&version=002&...

When pasting this link in the browser, STS automatically redirects you to the https protocol, which is fine if you are using STS BSP application stand alone.

This represents a problem however, if the application is integrated into portal BSP iView. If portal is running under HTTPS, then clicking on the STS iView causes a warning message to be displayed saying that you are about to be redirected to the page that is not secure because for some reason the very first page STS generates uses http protocol disregarding the fact that HTTPS has been setup for STS. This warning message creates a false assumption that the pages are not secured, while in fact right after the warning message is displayed a redirect to https occurs making sure STS pages are protected.

My question is there some sort of global setting where you can control the generation of STS start URL? I made changes for every page making sure Transfer Options set to HTTPS, and also made sure Logon page is using HTTPS in the SICF transaction for tunguska and tunguska_detail services.

At this point we are stuck and do not know what to do to eliminate that warning and how to control the generation of start URL in STS. Any help would be greatly appreciated.

Thank you,

Andrei

Former Member
‎02-10-2007 11:35 PM
0 Kudos

There is one more thing that I've noticed. We had to add the following parameter to the list of params in the iView properties in the portal:

sap-urlscheme=https

If I execute STS application as stand alone it does redirect to HTTPS, but at the end of the URL there is a parameter sap-urlscheme=http, so it says http instead of https. We had to change it to https in the stand alone application manually for it to work, and in the properties of iView in the portal. I do not know if that has anything to do with how the 1st URL gets generated, but thought I would point this out.

Thank you,

AG

Former Member
‎02-11-2007 5:44 PM
0 Kudos

I found a Note that I think might help resolve the start URL issue.

Note 871377 - STS: https generation for URL fails

AG

Former Member
‎02-12-2007 1:01 PM
0 Kudos

Note 871377 - STS: https generation for URL fails

cannot be implemented in our system since we already have newer code.

So the issue is still not fixed.

Former Member
‎03-13-2007 8:09 PM
0 Kudos

Hi, I've set to tunguska and tunguska_detail with security standar (NO SSL)

but I've the same problem as you.

when I want to test the URL subplan an error in my IE appears.

https generation for URL fails

cannot be implemented in our system since we already have newer code.

Can I use STS with HTTP only???? without HTTPS???

Best Regards.

Costa Gustavo.

Former Member
‎03-14-2007 12:21 AM
0 Kudos

Hi Gustavo,

Yes, you certainly can use STS without HTTPS, just with HTTP. I believe you do not need to do anything for it to happen. By default it uses HTTP. I think if you already have SSL certificate installed and HTTPS enabled, try to ask Basis to disable the HTTPS service. Hope this helps.

Please award points if helpful.

Thank you

Ask a Question