Yes everything works normal without redirection (it has been running for some years actualy , but only recently the redirection is requested by the customer.

We have he same problem in 3 different architectures so i think it is more the way i try to redirect that is the culprit.

All systems run on AIX with oracle as DB and have a J2EE engine either exclusively (the NW2004s portal) or as an addin into an abap based system (SRM5.0 and an standard R/3 4.7 system).

All systems when adressed on their normal URL (either http or https ) work perfectly well.

The moment we adress an alternate URL which via DNS ends up at the same server it works for services where no login is required, others throw back the same logon screen.

The portal (since it always requires logon ) does not work either unless adressed on the real URL of the fysical server. This is just a standard portal install without any specific logon configuration , which strengthens my suspicion that the way we approach the redirection (just DNS based) may not work at all. But then again the funny thing is that with all 3 servers mentioned some logon based services work fine, like <....>/nwa or the j2ee system info page.

The sapwebdispatcher was just a test whereby the webdispatcher ran on the same server as the WAS, so maybe not the best test looking at the last reply.

But i feel i miss something very fundamental , which maybe because I am too involved and focused .

Was steared for a while towards ssl tickets related things until i tried for the fun of it http , and had the same issue. So only logon ticket issues somehow come to mind, but have no idea anymore where to check and test.

Now the problem is aggrevated because we just setup SSL tickets for the required URLs we want yo use, but untill we get the redirection working IE and firefox complain about the domain of the ticket not matching with the domain of the fysical server. (Not even sure if redirection will solve this , but we need the redirection solved first anyway) and users being hindered by an strange url of the real server.

One alternative that came to mind is build one webpage ,adress it with the new URL and have it load the entire site in one frame, thereby keeping the wanted URL , but this feels messy and unneeded and will probably still give problems with popup windows etc..

Hi Glenn,

Is you DNS alias in the same domain as your physical hostname ?

There MAY be an issue for authentication if not in the same domain...

Regards,

Olivier

No, that is the whole idea. The physical domain of the server (is the domain from a hardware hosting company) is different then the domain of the customer url required.

Is that possible ? Should it be possible ? How to do it ??

Which kind of authentication do you use ?

X.509 certificates ?

Basic authentication ?

Spnego ?

Did you activate Sap logon tickets ?

Basic authentication and logon tickets are activated.

No SPnego stuff or X.509 stuff so very standard

I also checked the ICM logs etc to see if some error message pops up while logging on using the redirected URL, but it looks like it is not registered as an error (login seems to work somehow , since if you type the wrong credentials it shows on the login page), but just trows you back somehow to the login url.

Well, Saplogon tickets are only valid in one single domain, that may be your problem.

A saplogon ticket would be issued to the browser from the DNS alias domain and then checked against the physical domain...

Maybe you should try to use the parameter

icm/host_name_full = alias FQHN

Regards,

Olivier

Interesting. Seems like you adressed the core of the problem.

The parameter I had already tested during the last downtime last week, but did not work.

Is there no way to force the system to give/accept coockies from the alias domain instead of the physical domain ?

I did read some posts here about cross domain coockies etc but requeres actualy putting a webserver in the alias domain. Feels ok if you actualy want to grant access to servers in both domains , but not for what i need it for to just change the web url to something other then the physical server location. Also the sollutions decribed are for EP6 only and not for web_as.

You could try to configure a virtual server with the alias on the ICM but it may need a different IP address.

I've never tried so I'm not sure.

You could also re try the web dispatcher because I'm using it with a DNS alias to acces a BSP application with a login page and saplogon tickets.

I'm also not sure it would work because, in my case, the alias and the physical hostname are in the same domain.

Your problem is weird...

Good luck !

Olivier

I think I got a god hint on where to look, but still not working.

I found out that instead of redirecting i just needed to define a virtual host with the new http alias. (via NWA or Visual admin on the http provider service.)

I tested it on an test portal on windows2003 EE and it works flawlessly . I can use whatever http alias on whatever domain i want and it simply works out of the box.

When i try the same on the same elease portal on a unix host it does not work. It gives the strange behaviour i mentioned before where it throws you back to the logon page.

So why does it work with a windows hosted portal but not with a unix hosted portal ? Waht do I need to do extra (if anything ) to get it to work there as well.

Hello Glenn,

I'm sorry but I've no experience of SAP products on Unix.

All our servers are running Windows 32 or 64 bit.

Regards,

Olivier