cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Proxy server-EP-SSO to BW System

Former Member

on ‎03-14-2005 11:57 PM

0 Kudos

Hi,

Here's the scenario.

I have SSO implemented with SAPLOGONTICKET to the BW system. if i login to the portal url http://abcd.myportal.com:50000/irj, the BW SSO works fine.

Also i have a Apache webserver configured as reverse proxy for this portal. The webserver address say http://www.everybodysportal.com

The reverse proxy cotains proxy mapings for both portal as well as BW system.

/irj mapped to http://abcd.myportal.com:50000/irj

and

/bw mapped to http://efgh.myportal.com:8000/

Also the firewall rules were modified to accomodate the required ports on EP and BW system.

The problem is

1. When i connect from within the intranet using the URL http://www.everybodysportal.com, it still asks me for a username and password for BW System. But after i enter them i can see the BW data on the portal.

2. When i connect from outside the company network, it asks me for username and pwd, i enter them but still i cannot see the data. it says page cannot be displayed.

Is it a problem with login ticket when accesing through a proxy? Can anybody tell me where am i going wrong.

Thanks in advance.

Regards,

Hassan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-17-2005 1:55 PM
0 Kudos

There are several notes regarding URL generation for reverse proxy configurations. FIrst, check out 561885 - which is specifically for BW systems. There you will find information about the HTTPURLLOC table where you input proxy details so URLs are generated with the right host:port.

Also, check 750292 for the attached document which more fully describes how to maintain the HTTPURLLOC table using se16.

Finally, this solution works well whether the proxy is a third party product such as Apache or SAPs own Web Dispatcher.

Plus, this isn't just for BW - works great for other backend applications (CRM/SRM/EBP etc...) delivered by the internal ITS of 6.40 kernels.

Nick

Show replies
Show replies
Former Member
‎05-09-2005 11:30 PM
0 Kudos

Nicholas,

Thank you for your references. I am having some difficulty trying to construct HTTPURLLOC entries that will support access to Apache proxy access to Portal (which currently has a transactional iView defined to perform Single Sign-On to a Backend BW system).

Direct login to Portal allows errorless execution of the iView to do SSO to BW. But when I go through the proxy server...the iView presents a Login screen saying "SSO2 is not active in system", leaving me with the option of logging into BW using Basic Authentication.

Can you suggest where my error might be? Is this something that HTTPURLLOC entries can fix, or should I be looking somewhere else?

Kind Regards,

- Mike

Former Member
‎05-09-2005 11:41 PM
0 Kudos

Nicholas,

Thank you for your references. I am having some difficulty trying to construct HTTPURLLOC entries that will support access to Apache proxy access to Portal (which currently has a transactional iView defined to perform Single Sign-On to a Backend BW system).

Direct login to Portal allows errorless execution of the iView to do SSO to BW. But when I go through the proxy server...the iView presents a Login screen saying "SSO2 is not active in system", leaving me with the option of logging into BW using Basic Authentication.

Can you suggest where my error might be? Is this something that HTTPURLLOC entries can fix, or should I be looking somewhere else?

Kind Regards,

- Mike

Former Member
‎03-15-2005 8:24 AM
0 Kudos

Hi,

do you connect from outside to HTTPS? Then you must use mod_header and inject "set ClientProtocol HTTPS".

I´m not sure regarding your authentication problem, anyway look at your URLs to see if it really use only www.everybodysportal.com. You could change your /etc/hosts of your client to make sure that abcd.myportal.com and efgh.myportal.com are not reachable anymore.

Maybe this helps, anyway there are so much possible problems...:) Good Luck

Show replies
Show replies
Former Member
‎03-15-2005 5:19 PM
0 Kudos

Hi christian,

The portal proxy is configured to make sure that the external users are always on https protocol. Http requests are redirected to Https connection.

The boxes abcd.myportal.com and efgh.myportal.com are accesible inside the network if we are not going through proxy. But the external conections always use www.everybodysportal.com.

The portal certificate contains the myportal.com domain ticket, and proxy server has its everybodysportal.com domain. Do you think its a domain issue?

Regards,

Hassan

Former Member
‎03-17-2005 12:15 PM
0 Kudos

Hi Hassan,

I´m not very involved in SSO on Portal. All I know about is the Reverseproxy part. We had this issue when you link to a different location rather to www.everybodysportal.com and this happens most of the time when the reverse-proxy is not configured completely or there are some absolute links inside the content. If you are sure that this is not the case I´m sorry, I can´t help more.

Regards

Christian

Former Member
‎05-10-2005 5:31 AM
0 Kudos

Hi Mohammad,

I have configured Apache Proxy, and it is working fine with BW, SRM and R/3.

I suggest you use httpwatch from url tracing, I had the same problem but with IIS Proxy, Problem was "Header Length". It was mising in the content of log file, ideally which should not be the case.It was happening with the proxy only.

Please check once with httpwatch!!!

Sanjeev

Ask a Question