cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PI711: JNLP call is using HTTP instead of HTTPS when using reverse-proxy

CBasis
Participant

on ‎04-18-2011 7:54 AM

0 Kudos

Hello,

we are running the PI 7.11 in the internal network while the developers are outside of the network.

Scenario:

- SAPGUI is routed via saprouter and working fine.

SAPGUI -> SAPROUTER -> ABAP

- WebAccess (HTTPS) is done via a reverse proxy that is forwarding every request internally to the HTTP-Port of the PI-system

(we are not using HTTPS for the SAP-system internally)

Browser(Client) -> HTTPs -> ReverseProxy(F5) -> HTTP -> ABAP (BSP/WebDynpro)

We added the "clientprotocol=https" parameter in the ReverseProxy to force ABAP-Stack to generate HTTPS-URLs instead of just answering the HTTP-call from the reverse-proxy with HTTP-URLs again.

We maintained the HTTPURLLOC table to get the correct FQDN in the URL.

Thatu2019s working fine.

Problem:

We are calling the IntegrationBuilder via URL https://<fqdn>:<https-port>/dir /start/directory.jnlp

but the first JavaWebStart-Screen shows that the HTTP (not HTTPS) is used inside the JNLP-file for all further steps.

Does anyone know how the jnlp-generation is working and how to force the system to use HTTPS instead of HTTP.

(By the way it would be good to know if anyone out there is running a scenario with PI-developers outside a firewall and routing everything PI-related over reverse-proxies and firewalls.

Till now I had all the developers connected via VPN and close to the server)

Best regards

Christian

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

sufw
Active Participant
‎04-18-2011 9:03 AM
0 Kudos

Hi Christian,

unfortunately I don't know how JNLP generation works but I will hazard a guess

Try setting the following parameters in the Exchange Profile (under 'Connections'):

com.sap.aii.connect.rmi.protocol (try either 'P4S' or 'P4HTTP')

com.sap.aii.connect.repository.rmiport.ssl (this may not be needed if the PI system itself isn't aware that it needs to use SSL because the reverse proxy provides it)

Hope this helps at least somewhat, if only to know what doesn't work

Good luck!

Sascha

Show replies
Show replies
CBasis
Participant
‎04-18-2011 1:42 PM
0 Kudos

Hi Sascha,

thank your for pointing out these parameters.

Your hint was good.

Checking/updating the values for

com.sap.aii.connect.rmi.protocol 
com.sap.aii.connect.repository.rmiport.ssl

didn't solved the problem but next to them i found the 

com.sap.aii.connect.secure_connections

Setting this one to "all" forced the JNLP to use the https:// for loading the WebStartApplication (IntegrationDesigner)

The LoginScreen appears and now i get back to your recommended parameters:

The next communication is using the p4-port and it looks like 

com.sap.aii.connect.rmi.protocol

is the one that is influencing the protocol the JNLP is using for communication.

I'll update this thread when i'll get it up & running.

Best regards and thanks so far

Christian

Ask a Question