on 09-14-2004 3:05 PM
Hi all,
our current customer has installed an instance of SAP Web AS 6.20 in a DMZ. He has another DMZ where the reverse proxy is installed. So, SAP Web AS and reverse proxy are located in different domains.
When we call our BSP-App via Internet we first have to authenticate against the reverse proxy, then a rewrite rule leads us through two firewalls to the SAP Web AS in the other DMZ.
Actually we reach the system/login-page of our BSP. When we enter the logon credentials and press the logon button we are redirected every time not to our own start-page but again to our system/login-page. We are caught in a loop.
It seems that the SSO2 authentication is not valid for the domain of the SAP Web AS but for the reverse proxy.
Has anyone experience with this kind of system landscape or can give any comment?
Thanks, Bernd
Hi
I have the identical issue. Did someone find a solution
All investigations points back to SAP.
As soon as we go on the internet link (DMZ) , its loops back to login screen
The end of URL string adds - ?sap-client=110&sap-language=EN on the loop
Inside the networks works perfectly. Its only on the DMZ (.com) thats the issue
Your assistance will be much appreciated
Regards
Naziem Mahomed
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The SYSTEM application also have a sso2test.htm page. Use this page to first test whether the SSO2 cookies will work in your setup. Follow instructions on screen to run test.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bernd,
it seems to me that the sso2 cookie is getting eaten by the reverse proxy (they really do this sometimes But seriously, I assume:
1. initial request sent from browser to was
2. not authenticated - meaning redirect to system login
3. request with system login url sent to was
4. response with rendered login page sent back to browser
5. request with login credentials sent to was
6. authentication successful, redirect to your application
7. request with your application url sent to was
8. not authenticated - meaning redirect to system login
and so on ....
With system login and after succesfull authentication every request contains the sso2 cookie that keeps the authentication data and is verified at the was. This one seems to be missing in step 7. How can you prove this? Use one of the http tracing tools mentioned in Brian's weblog https://weblogs.sdn.sap.com/pub/wlg/180. [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]
Verify step 6. Make a hardcopy of the trace and present it to the reverse proxy admins. Otherwise they're not going to believe you.
Ulli
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.