cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BSP-System-Login and 2 different DMZ

Former Member

on ‎09-14-2004 3:05 PM

0 Kudos

Hi all,

our current customer has installed an instance of SAP Web AS 6.20 in a DMZ. He has another DMZ where the reverse proxy is installed. So, SAP Web AS and reverse proxy are located in different domains.

When we call our BSP-App via Internet we first have to authenticate against the reverse proxy, then a rewrite rule leads us through two firewalls to the SAP Web AS in the other DMZ.

Actually we reach the system/login-page of our BSP. When we enter the logon credentials and press the logon button we are redirected every time not to our own start-page but again to our system/login-page. We are caught in a loop.

It seems that the SSO2 authentication is not valid for the domain of the SAP Web AS but for the reverse proxy.

Has anyone experience with this kind of system landscape or can give any comment?

Thanks, Bernd

Show replies
Show replies
naziem786
Explorer
‎02-25-2021 6:50 AM
0 Kudos

Hi Bernd

Did you manage to find a Solution on Looping

Best Regards

Naziem Mahomed

Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

naziem786
Explorer
‎02-24-2021 9:24 PM
0 Kudos

Hi

I have the identical issue. Did someone find a solution

All investigations points back to SAP.

As soon as we go on the internet link (DMZ) , its loops back to login screen

The end of URL string adds - ?sap-client=110&sap-language=EN on the loop

Inside the networks works perfectly. Its only on the DMZ (.com) thats the issue

Your assistance will be much appreciated

Regards

Naziem Mahomed

Show replies
Show replies
former_member181879
Active Contributor
‎09-16-2004 12:20 AM
0 Kudos

The SYSTEM application also have a sso2test.htm page. Use this page to first test whether the SSO2 cookies will work in your setup. Follow instructions on screen to run test.

Show replies
Show replies
Ulli_Hoffmann
Contributor
‎09-14-2004 7:33 PM
0 Kudos

Hi Bernd,

it seems to me that the sso2 cookie is getting eaten by the reverse proxy (they really do this sometimes But seriously, I assume:

1. initial request sent from browser to was

2. not authenticated - meaning redirect to system login

3. request with system login url sent to was

4. response with rendered login page sent back to browser

5. request with login credentials sent to was

6. authentication successful, redirect to your application

7. request with your application url sent to was

8. not authenticated - meaning redirect to system login

and so on ....

With system login and after succesfull authentication every request contains the sso2 cookie that keeps the authentication data and is verified at the was. This one seems to be missing in step 7. How can you prove this? Use one of the http tracing tools mentioned in Brian's weblog https://weblogs.sdn.sap.com/pub/wlg/180. [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]

Verify step 6. Make a hardcopy of the trace and present it to the reverse proxy admins. Otherwise they're not going to believe you.

Ulli

Show replies
Show replies
Ask a Question