BI FPN using Reverse proxy

Hi,
We are integrating BI reports using FPN to main portal that is accesed using WebSeal. We have BI, Portal running on same box. There is a junction " /irj " defined in webseal for portal and another junction "/sapbi"for BI system. when we access the reports directly using portal url, we are able to see report and it works fine. When we access portal through webseal url then we are able to see the report but when we click on any button it comes up with exception.
does anybody got any idea, why we are facing this issue with reverse proxy access.
we are on BI7 and EP7.
Regards
Ravindra

Hi,
Which SP you are on?
Consumer and producer portals must reside in the same domain.
FIXED with SAP NetWeaver 7.0 SPS 09: This can be achieved using reverse proxies that support portals in multiple domains. A detailed document that describes how to implement a federated portal network whereby the producer and the consumer are not in the same domain, is available at https://www.sdn.sap.com/irj/sdn/howtoguides SAP NetWeaver 2004s, User Productivity Enablement, Running an Enterprise Portal.
Reverse proxy is not supported: Despite being documented in the release notes as supported, usage of a reverse proxy in FPN scenario has not been validated. Reverse proxy as part of the FPN environment is not supported when using remote role assignment.
FIXED with SAP NetWeaver 7.0 SPS 09: A configuration guide provides instructions on how to implement a federated portal network with reverse proxy as part of the environment (can be found at: https://www.sdn.sap.com/irj/sdn/howtoguides SAP NetWeaver 2004s, User Productivity Enablement, Running an Enterprise Portal, "How to Set up Federated Portal Network Scenarios with Reverse Proxies").
Refer SAP Note: 880482 - Central Note: Federated Portal Network (SAP NetWeaver 7.0)
Regards,
Anagha

Similar Messages

Why do we use reverse proxy for Oracle RAC Cluster setup

Hello All,
I got this question lately.. "why do we use reverse proxy for Oracle RAC Cluster setup". I know we use the reverse proxy at Middleware level for multiple security reasons.
Thanks..

"why do we use reverse proxy for Oracle RAC Cluster setup".
I wouldn't. I wouldn't use a proxy of any sort for the Cluster Interconnect for sure.
Cheers,
Brian

Unable to set session in Oracle Portal useing reverse proxy

I have deployed a reverse proxy (using Oracle HTTP Server) in front of a Oracle Portal Install (version 10.1.2.0.2). The steps followed to set this up came from the following documents:
Steps mentioned in Section 9.2 Configuring a Reverse Proxy for OracleAS Portal and OracleAS Single Sign-On for a reverse proxy on a Oracle HTTP Server.
http://download-west.oracle.com/docs/cd/B14099_15/core.1012/b13998/variants.htm#ASTED005
Also performed steps mentioned in -> Section 5.3.7 - Step 7: Enable Session Binding on OracleAS Web Cache of the Oracle® Application Server Portal Configuration Guide 10g Release 2 (10.1.2) -- B14037-03.
My current (example names shown only)setup details are as follows:
Reverse Proxy for SSO server (running on internal.oracle.com:7777): proxy.oracle.com:7777
Reverse Proxy for Portal server (running on internal.oracle.com:7778): proxy.oracle.com:7778
With the above steps completed, I can successfully use the http://proxy.oracle.com:7777/pls/orasso for login into SSO without any issues.
Users get authenticated successfully.
I can also use http://proxy.oracle.com:7778/pls/portal for viewing pages on the portal fine . All self referencing links have also been successfully modified to point to proxy.oracle.com:7778.
However, an attempt to login in the portal is not successful. Clicking on the 'Login' link successfully redirects to the SSO login page (http://proxy.oracle.com:7777/<login-page>). However, after successful authentication, the success page fails to show up and the user gets shown the initial login portal home page again.
There are no error messages shown on the screen.But it seems that user session is failing to be initiated/set correctly, as shown by the log file (in $PORTAL_ORACLE_HOME/j2ee/OC4J_Portal/application-deployments/portal/OC4J_Portal_default_island_1/application.log ):
06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] Repository Gateway: LWUser: PUBLIC, Cookie: oracle.uix=0^^GMT+10:00;
portal=9.0.3+en-au+us+AUSTRALIA+22BC75924EEAD8A2E040007F010019F7+8DAC5E3559C95F5E0090A6F56FFA58192CB0F437CA57A9102A6394F1EB7FAB5DEE3BFA12C65
91C0C009B6......
06/11/21 16:49:31 portal: [module=RepositoryServlet, ecid=83928411196,1] ERROR: Repository Gateway error: Database Error: ORA=20001 ORA-20001:
Unable to obtain session information from the cookie. Please close your browser and reconnect.
ORA-06512: at "PORTAL.WPG_SESSION", line 149
ORA-06512: at line 22
Any help with this will be appreciated.
Thanks.

Hi Chris,
The begin of the expection stack gives you the reason:
06/11/03 09:13:59 java.sql.SQLException: The method 'setSavepoint' cant be called when a global transaction is active
The reason is, that either the whole global transaction must be commited or rollbacked.
I don't know your actual configuration, but between the methods begin() and commit()/rollback() of the UserTransaction instance, OC4J/OracleAS uses a global transaction (= XA transaction) in your configuration. The state of a global transactions is completely under the control of the application server and several restrictions must be considered. One of them is, that you can't use the method setSavePoint/. E.g. you can't also call the method setAutoCommit(true) in this state, or change the transaction isolation level via setTransactionIsolation(newLevel).
This is NOT a limitation of the OC4J/OracleAS but is true for ALL application servers.
P.S. I can successfully set savepoints and rollback to savepoints in weblogic 9.0This means, that WebLogic 9.0 doesn't use a global transaction in this case.
Because I don't know your configurations (Oracle and WebLogic) I can't say, why the behave different in this situation.
Best,
Manfred

Enterprise portal access using reverse proxy using Apache and webdispatcher

Hi Guys,
As requirement, we need to give solution to customer about Reverse proxy scenario. I am new to this part.
What we have think of to use Apache and Web dispatcher.
I tried to search documents and found some sdn links also but still i am not comfortable to go about.
Need suggestion and document if anyone has used so far.reverse proxy.
As basis person, we need to do all ( Apache installation, Apache configuration, Web dispatcher installation and configuration, integration with EP.)
It will helpful to me if i can get Apache installation, Apache configuration part and integration with EP, or web dispatcher, configuration etc.
Thanks,
Deepak

We used Netscaler for Reverse Proxy implementation and can assure you that network team performed most of the set ups. This was on EP 7.01.
From BASIS stand point it would be primarily Web Dispatcher Configuration.
Also refer the links I specified in another thread. There are several scenarios discussed there -
Re: Post values for userid and passowrd fields in logon page
http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies
~ Dhanz

Problems with apex and anychart (using reverse proxy)

Hi,
Im using 2 Servers. The first with Apache2 and the /i/ directory and the second with a Oracle XE Database.
The imagedirectory is at the first server.
Heres my Apache Setup:
<Location /apex>
Options None
Order allow,deny
allow from all
ProxyPass http://..(remote_ip)..:8080/apex
ProxyPassReverse http://..(remote_ip)..:8080/apex
</Location>
Alias /i/ /var/i/
<Directory "/var/i/">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
if I open a page with a anychart chart I get this error:
"Flash Security Error
Anychart can not be launched due to Flash Security Settings violation.
Please refer to Security error Article in Anychart Documentation..."
http://www.anychart.com/products/anychart/docs/users-guide/index.html?security-error.html
I think I have to place a crossdomain.xml
Placing the crossdomain.xml in example.com/ root-directory doesn't work?
thanks for any help

Hi Christoph,
Yes, the APEX Listener works with Oracle XE. The APEX Listener is currently an Early Adopters release, and is available for download from here: http://www.oracle.com/technology/products/database/application_express/html/apex_listener_download.html. I would recommend reviewing the accompanying Installation Guide before proceeding. There's an 'APEX Listener Feedback' thread - APEX Listener Feedback - which may also proof useful to you. There's also another related thread on this topic: Re: #HOST# Substituin incorrect for charts via Reverse Proxy which discusses the replacement of the #HOST# substitution string.
Regards,
Hilary

Using reverse proxy for load balancing

Hello,
i have succesfully configured a reverse proxy ( Sun Web Server 7 ) to balance load between two application servers ( Sun Application Server 9.1), however i do not want randon assignment of requests using a round robin algorithm ( default option in Sun Web Server 7) but rather i want to apply a 80/20 rule so that one application server will receive 80% of the requests and the other will receive 20%.
Is there a way of performarming such a task.
your help is really appreciated.
thank you

thank you for the reply,
actually i tried it yesterday and it seems to work.
in my reverse proxy settings i added one server two times and the other once and 66% of the requests were forwarded to the first server.
now i have enabled the scenario that you are mentioning above and i so far requests seem to be proceced using the 80% 20% scenario.

Issues in ssl configuration with apache server (using reverse proxy)

Hi,
I am able to use apache server as a reverse proxy to connect to Portal. When I enter the web server url as https://mywebserver.com, I am able to connect to the http url of the Portal. But the moment I try to connect to the https url of Portal with this https url, I am not able to connect to the Portal. Thus I am not able to use apache as a proxy server for https connections it makes. What must I do. I read that mod_proxy_connect needs to be used, but how do I use this?
The second problem is that I need to use more than one kind of mapping.
For example I must be redirected to the Portal even if I use http://webserver.com , or even if I use https://webserver.com or even if I use http://webserver.com/irj or https://webserver.com/irj or http://ipaddress-websserver/irj etc

I have SSLCertificateFile and
and SSLCertificateKeyFile .
My problem is with regard to ssl/CertificateChainFile?
what is this? Also how do I upload my J2EE Certificate into apache.
The problem is with Apache handshake is not happening.
I am forwarding the entire log during . I have put what I consider important in bold.Please have a look.
<b>----
</b>
Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1769): OpenSSL: Handshake: start
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: before/connect initialization
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv2/v3 write client hello A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 7/7 bytes from BIO#629160 [mem: 47855a8] (BIO dump follows)
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 16 03 01 04 1a 02                                ......           |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1488): | 0007 - <SPACES/NULS>
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 1048/1048 bytes from BIO#629160 [mem: 47855af] (BIO dump follows)
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 00 36 03 01 44 74 67 cb-38 b5 8e 42 3b 59 c3 6c .6..Dtg.8..B;Y.l |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0010: 23 5c 07 d0 8b 24 89 89-11 2e 0d 80 ed 1a 06 ea #
...$.......... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0020: 1d 10 b0 59 10 28 7c b4-02 cb d6 08 a8 e4 ea 5a ...Y.(|........Z |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0030: e5 88 5c 5d 90 00 39 00-0b 00 01 cc 00 01 c9 00 ..
]..9......... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0040: 01 c6 30 82 01 c2 30 82-01 2b a0 03 02 01 02 02 ..0...0..+...... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0050: 04 36 0b 23 72 30 0d 06-09 2a 86 48 86 f7 0d 01 .6.#r0...*.H.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0060: 01 04 05 00 30 14 31 12-30 10 06 03 55 04 03 13 ....0.1.0...U... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0070: 09 6c 6f 63 61 6c 68 6f-73 74 30 1e 17 0d 30 33 .localhost0...03 |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0080: 31 30 30 32 30 37 32 35-30 30 5a 17 0d 30 35 31 1002072500Z..051 |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0090: 30 30 32 30 37 32 35 30-30 5a 30 14 31 12 30 10 002072500Z0.1.0. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00a0: 06 03 55 04 03 13 09 6c-6f 63 61 6c 68 6f 73 74 ..U....localhost |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00b0: 30 81 9f 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01 0..0...*.H...... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00c0: 05 00 03 81 8d 00 30 81-89 02 81 81 00 ef d6 ff ......0......... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00d0: a6 39 e1 64 a5 d3 fb 16-de 4e ee 1d 81 84 31 bc .9.d.....N....1. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00e0: e6 b7 96 07 3e 81 b9 94-d1 c1 e0 f9 00 3a 84 e8 ....>........:.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 00f0: 7a 30 11 cd 41 26 d6 6c-95 90 93 95 17 e0 1a b7 z0..A&.l........ |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0100: 00 0f 59 33 7d 1d f3 a0-83 17 c5 f3 7e b3 ad ed ..Y3}.......~... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0110: c9 60 ac af 9e 31 d2 ec-42 71 f9 c3 98 2e 93 f9 .`...1..Bq...... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0120: 9d c3 c4 3d b3 7d 9b 97-83 1c 6b bd c0 75 cc 96 ...=.}....k..u.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0130: dc b9 a0 1b 00 79 85 e4-19 1f 61 42 54 db 91 94 .....y....aBT... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0140: d8 1d 72 13 08 36 22 49-3b fb 05 dc 33 02 03 01 ..r..6"I;...3... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0150: 00 01 a3 21 30 1f 30 1d-06 03 55 1d 0e 04 16 04 ...!0.0...U..... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0160: 14 ed ed 02 af 94 13 59-1c 42 e6 69 40 e5 80 dd .......Y.B.i@... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0170: a4 e9 33 91 02 30 0d 06-09 2a 86 48 86 f7 0d 01 ..3..0...*.H.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0180: 01 04 05 00 03 81 81 00-2c 22 08 bd 71 b6 80 43 ........,"..q..C |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0190: 5a 2a 8b e8 62 34 b4 b4-84 8a 47 4b 97 5e bf dd Z*..b4....GK.^.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01a0: 17 4c 0a 1c b7 0e cd c5-d1 cc d8 77 cd 38 10 ef .L.........w.8.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01b0: 22 02 f0 02 7f a2 39 2b-53 eb 31 b6 18 49 37 a0 ".....9+S.1..I7. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01c0: 50 47 f2 34 ab 33 eb 5f-ec 5a f9 f7 53 5f 27 eb PG.4.3._.Z..S_'. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01d0: 02 7f b4 28 3e e8 b1 c7-59 df 2c 93 25 c5 34 14 ...(>...Y.,.%.4. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01e0: 7a 34 7c 45 b4 eb 6b 34-93 26 98 51 37 d3 e6 b0 z4|E..k4.&.Q7... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 01f0: 7f 83 e3 a9 04 d3 47 b3-3d de 43 57 27 45 82 c0 ......G.=.CW'E.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0200: 4d 48 bf c0 a7 2f 66 0c-0c 00 02 08 00 80 af 76 MH.../f........v |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0210: 1f f5 f6 48 a0 01 0f ed-55 4c 53 9a 7c 07 7a ba ...H....ULS.|.z. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0220: c7 9d 77 e8 8b c7 66 8f-80 03 18 c5 1f 4f 2a a0 ..w...f......O*. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0230: 08 6f 9f e3 13 94 30 56-e7 2f 96 7c 26 97 ba 12 .o....0V./.|&... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0240: aa fd 3e 43 e1 46 c2 d1-32 94 56 45 52 c0 24 6f ..>C.F..2.VER.$o |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0250: 38 e0 93 0f 3a f8 0a 7c-41 0e 4c 54 4f 5a 7e d4 8...:..|A.LTOZ~. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0260: 62 e6 71 cd a0 dc 1e 9b-17 e5 10 71 3c 9d c6 39 b.q........q<..9 |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0270: 05 50 b6 15 37 0b 68 4f-24 50 74 47 13 1c 74 d8 .P..7.hO$PtG..t. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0280: 81 27 81 71 3a 4a c5 26-7d b8 e6 21 b3 d9 00 80 .'.q:J.&}..!.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0290: 4f 6f 5d e6 2d dc 77 46-e6 77 b1 94 3d 65 5b b0 Oo].-.wF.w..=e[. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02a0: 3d 39 7a 6c a2 c7 0b e3-27 08 fa 48 8d 75 1a fe =9zl....'..H.u.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02b0: 32 e6 13 d1 31 65 7d d5-11 34 21 78 38 d1 11 fb 2...1e}..4!x8... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02c0: ea 59 8e 24 79 5a 4b c2-f7 98 22 51 9f a7 4d 2b .Y.$yZK..."Q..M+ |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02d0: 15 98 fe d4 43 4b 34 25-b3 9b b3 ae 57 d1 ea 69 ....CK4%....W..i |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02e0: 6e 02 7e 61 d7 80 b6 73-6a 3e ac eb 69 38 67 8f n.~a...sj>..i8g. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 02f0: a9 2a dc 93 3d 22 f3 6e-6a 5d 51 1f b1 b1 10 5e .*..=".nj]Q....^ |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0300: 82 28 48 0d 5a 78 f8 17-61 e0 c5 43 61 7a 42 6a .(H.Zx..a..CazBj |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0310: 00 80 42 fa 7e 11 b2 77-3a 8c de f1 52 5a e1 18 ..B.~..w:...RZ.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0320: d4 e7 8f ee 2c e0 06 ef-d5 37 87 62 07 14 d1 5a ....,....7.b...Z |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0330: ca 30 be fd dd 76 47 8f-ed f4 5f f3 64 6c 32 a9 .0...vG..._.dl2. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0340: d5 07 e2 9b f1 29 a3 bf-33 4a ed 72 6b 2e c3 0f .....)..3J.rk... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0350: 30 bd 13 a1 42 d8 f7 1d-58 8a 1c 53 d6 c3 c8 6e 0...B...X..S...n |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0360: 0e 51 e3 f5 a0 37 68 0d-04 c6 0e c4 4d cc ed 7c .Q...7h.....M..| |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0370: ef 8f 81 b3 52 34 0c 60-eb f8 01 19 cc 95 31 55 ....R4.`......1U |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0380: 7d 16 bf 0c df b8 e0 3d-8f 7c 7a 4a 64 98 93 59 }......=.|zJd..Y |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0390: eb ae 00 80 ef cb bc 38-ab 16 0e a2 b2 2d fa 0f .......8.....-.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03a0: da 55 2d 67 a8 b8 34 1b-bf 39 d9 d6 da 65 f2 8f .U-g..4..9...e.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03b0: 6f a2 b1 1d db bb d5 dd-ab cf 9e 63 00 e4 57 a5 o..........c..W. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03c0: 18 4a dc 60 b0 97 5d 67-34 96 bf a2 43 2b 7d 70 .J.`..]g4...C+}p |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03d0: d6 99 d2 31 d2 11 f4 f2-19 b8 0c 41 7d bf b1 7c ...1.......A}..| |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03e0: fb 31 cb 3e c2 0a e2 26-1a 7e 63 50 9b 62 c3 82 .1.>...&.~cP.b.. |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 03f0: ca cd 36 82 0c 56 5f 26-f6 cc c6 6f 03 92 cc f5 ..6..V_&...o.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0400: 6b 55 1a d6 92 f9 5b 59-18 c2 62 21 eb d8 a4 ea kU....[Y..b!.... |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0410: fd b6 3e f7 0e                                   ..>..            |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1488): | 1048 - <SPACES/NULS>
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server hello A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1207): Certificate Verification: depth: 0, subject: /CN=localhost, issuer: /CN=localhost
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server certificate A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server key exchange A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 read server done A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write client key exchange A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write change cipher spec A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 write finished A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1777): OpenSSL: Loop: SSLv3 flush data
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 5/5 bytes from BIO#629160 [mem: 47855a8] (BIO dump follows)
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 15 03 01 00 02                                   .....            |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1512): OpenSSL: read 2/2 bytes from BIO#629160 [mem: 47855ad] (BIO dump follows)
Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1459): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1484): | 0000: 02 28                                            .(               |
[Wed May 24 07:03:54 2006] [debug] ssl_engine_io.c(1490): ----
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1782): OpenSSL: Read: SSLv3 read finished A
[Wed May 24 07:03:54 2006] [debug] ssl_engine_kernel.c(1801): OpenSSL: Exit: failed in SSLv3 read finished A
[Wed May 24 07:03:54 2006] [info] SSL Proxy connect failed
[Wed May 24 07:03:54 2006] [info] SSL Library Error: 336151568 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Wed May 24 07:03:54 2006] [info] Connection to child 249 closed with abortive shutdown(server apacheserver:443, client j2eeserver)
[Wed May 24 07:03:54 2006] [error] (20014)Error string not specified yet: proxy: pass request body failed to j2eeserver:50001 (j2eeserver)
[<b>Wed May 24 07:03:54 2006] [error] (20014)Error string not specified yet: proxy: pass request body failed to j2eeserver:50001 (j2eeserve) from apacheserver ()
[Wed May 24 07:04:10 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O error, 5 bytes expected to read on BIO#612610 [mem: 62ac80]
[Wed May 24 07:04:10 2006] [info] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : SSL input filter read failed.
[Wed May 24 07:04:10 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Write: SSL negotiation finished successfully
[Wed May 24 07:04:10 2006] [info] Connection to child 249 closed with standard shutdown(server apacheserver:443, client apacheserver)
</b>

Using reverse proxy and terminating ssl on them

Hello
I am trying to set up IAS 9.03 on 2 machines one holding the infrastructure and one holding the midtier.
We want to terminate the ssl traffic on reverse proxys on apache. I am not very good at this so i am looking for a solution i read that you can do this in the whitepapers on the subject IAS.
Much thanks for any answer.
Boris

1) So initially we had the following:
<Object name="reverse-proxy-/">
Route fn="set-origin-server" server="http://server-backend"
</Object>
... and when getting a 401 from the back-end server it would seem that entering credentials in the dialog prompt does not work as is OOB; had it worked we would not have attempted anything further and hence this post would not exist... if we directly access the back-end server our credentials work so that is not the issue.
2) I agree that the "set-basic-auth" directive should be removed - as it is clearly to supply a user id and password - what was provided was a far fetched attempt to get this to work and will clearly remove it as well as the "forward-proxy-agent" and "forward-proxy-auth"
When you configure Web Server 7.0 as a reverse proxy, basic auth should work out of the box. If it doesn't, I recommend looking at the HTTP messages to figure out what's gone wrong. If you don't know how to do that and you have a support contract, Sun support should be able to help you.That is interesting - is this OOB feature documented anywhere?
I'll turn up the log level on the RP and see what happens - if I turn it high enough should I be able to see the request headers being forwarded; I'll also try to look at the backend server logs. Is there anything else you suggest - i.e. should be trying to snoop the traffic....

Problems with ESS when using reverse proxy

Hello, we are using an F5 Local Traffic Manager to load balance traffic to a SAP ERP portal. Everything works just fine, until you click on the Employee Self Service tab. By default, it should just take you into the employee self service page, but instead it give's you another log in page. If you try and log in, the server will not let you, because it thinks you are already logged in. I believe this might be a redirect problem on the ESS side, but wanted to get other opinions first, and work form there to a resolution.
Thanks,
-GW

Hi Timo,
I'm also facing the exact problem, did you find a fix for this? If yes could you please share that with me.
Regards
Vaib

Problem using Reverse Proxy Filter

Hi,
there was a topic like this, just one month ago. But nobody answers to that thread anymore. The solution in that thread was an error in the web.xml.
Can anybody post or send to me a correct web.xml configuration?
Marko

See below. But really the documention provided with the filter is sufficent! This is merely a copy and past which has hardly been changed.
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE web-app [
<!ELEMENT web-app (icon?, display-name?, description?, distributable?,
context-param, filter, filter-mapping, listener, servlet, servlet-mapping, session-config?,
mime-mapping, welcome-file-list?, error-page, taglib*,
resource-ref, security-constraint, login-config?, security-role, env-entry, ejb-ref, response-status,
max-sessions?, cookie-config?)>
<!ELEMENT icon (small-icon?, large-icon?)>
<!ELEMENT small-icon (#PCDATA)>
<!ELEMENT large-icon (#PCDATA)>
<!ELEMENT display-name (#PCDATA)>
<!ELEMENT description (#PCDATA)>
<!ELEMENT distributable EMPTY>
<!ELEMENT context-param (param-name, param-value, description?)>
<!ELEMENT param-name (#PCDATA)>
<!ELEMENT param-value (#PCDATA)>
<!ELEMENT filter (icon?, filter-name, display-name?, description?, filter-class, init-param*)>
<!ELEMENT filter-name (#PCDATA)>
<!ELEMENT filter-class (#PCDATA)>
<!ELEMENT filter-mapping (filter-name, (url-pattern | servlet-name))>
<!ELEMENT listener (listener-class)>
<!ELEMENT listener-class (#PCDATA)>
<!ELEMENT servlet (icon?, servlet-name, display-name?, description?,
(servlet-class|jsp-file), init-param, load-on-startup?, security-role-ref)>
<!ELEMENT servlet-name (#PCDATA)>
<!ELEMENT servlet-class (#PCDATA)>
<!ELEMENT jsp-file (#PCDATA)>
<!ELEMENT init-param (param-name, param-value, description?)>
<!ELEMENT load-on-startup (#PCDATA)>
<!ELEMENT servlet-mapping (servlet-name, url-pattern)>
<!ELEMENT url-pattern (#PCDATA)>
<!ELEMENT session-config (session-timeout?)>
<!ELEMENT session-timeout (#PCDATA)>
<!ELEMENT mime-mapping (extension, mime-type)>
<!ELEMENT extension (#PCDATA)>
<!ELEMENT mime-type (#PCDATA)>
<!ELEMENT welcome-file-list (welcome-file+)>
<!ELEMENT welcome-file (#PCDATA)>
<!ELEMENT taglib (taglib-uri, taglib-location)>
<!ELEMENT taglib-uri (#PCDATA)>
<!ELEMENT taglib-location (#PCDATA)>
<!ELEMENT error-page ((error-code | exception-type), location)>
<!ELEMENT error-code (#PCDATA)>
<!ELEMENT exception-type (#PCDATA)>
<!ELEMENT location (#PCDATA)>
<!ELEMENT resource-ref (description?, res-ref-name, res-type, res-auth, res-link, user-name, password)>
<!ELEMENT res-ref-name (#PCDATA)>
<!ELEMENT res-type (#PCDATA)>
<!ELEMENT res-auth (#PCDATA)>
<!ELEMENT res-link (#PCDATA)>
<!ELEMENT user-name (#PCDATA)>
<!ELEMENT password (#PCDATA)>
<!ELEMENT security-constraint (web-resource-collection+, auth-constraint?, user-data-constraint?)>
<!ELEMENT web-resource-collection (web-resource-name, description?, url-pattern, http-method)>
<!ELEMENT web-resource-name (#PCDATA)>
<!ELEMENT http-method (#PCDATA)>
<!ELEMENT user-data-constraint (description?, transport-guarantee)>
<!ELEMENT transport-guarantee (#PCDATA)>
<!ELEMENT auth-constraint (description?, role-name*)>
<!ELEMENT role-name (#PCDATA)>
<!ELEMENT login-config (auth-method?, realm-name?, form-login-config?)>
<!ELEMENT realm-name (#PCDATA)>
<!ELEMENT form-login-config (form-login-page, form-error-page)>
<!ELEMENT form-login-page (#PCDATA)>
<!ELEMENT form-error-page (#PCDATA)>
<!ELEMENT auth-method (#PCDATA)>
<!ELEMENT security-role (description?, role-name, group-id, user-id, user-name, group-name)>
<!ELEMENT group-id (#PCDATA)>
<!ELEMENT user-id (#PCDATA)>
<!ELEMENT group-name (#PCDATA)>
<!ELEMENT security-role-ref (description?, role-name, role-link?)>
<!ELEMENT role-link (#PCDATA)>
<!ELEMENT env-entry (description?, env-entry-name, env-entry-value?, env-entry-type)>
<!ELEMENT env-entry-name (#PCDATA)>
<!ELEMENT env-entry-value (#PCDATA)>
<!ELEMENT env-entry-type (#PCDATA)>
<!ELEMENT ejb-ref (description?, ejb-ref-name, ejb-ref-type, home, remote,ejb-link?)>
<!ELEMENT ejb-ref-name (#PCDATA)>
<!ELEMENT ejb-ref-type (#PCDATA)>
<!ELEMENT home (#PCDATA)>
<!ELEMENT remote (#PCDATA)>
<!ELEMENT ejb-link (#PCDATA)>
<!ELEMENT response-status (code, description)>
<!ELEMENT code (#PCDATA)>
<!ELEMENT max-sessions (#PCDATA)>
<!ELEMENT cookie-config (cookie+)>
<!ELEMENT cookie (type?, path?, domain?)>
<!ELEMENT type (#PCDATA)>
<!ELEMENT path (#PCDATA)>
<!ELEMENT domain (#PCDATA)>
]>
<web-app>
    <display-name>
      The Java iView Runtime
    </display-name>
    <listener>
      <listener-class>
        com.sapportals.portal.prt.session.HttpSessionHandler
      </listener-class>
    </listener>
    <servlet>
      <servlet-name>
        gateway
      </servlet-name>
      <servlet-class>
        com.sap.portal.navigation.Gateway
      </servlet-class>
      <init-param>
        <param-name>
          portal_entry_point
        </param-name>
        <param-value>
          /servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default
        </param-value>
      </init-param>
      <init-param>
        <param-name>
          low_bandwidth
        </param-name>
        <param-value>
          light
        </param-value>
      </init-param>
      <load-on-startup>
        0
      </load-on-startup>
    </servlet>
    <servlet>
      <servlet-name>
        prt
      </servlet-name>
      <servlet-class>
        com.sapportals.portal.prt.dispatcher.Dispatcher
      </servlet-class>
      <load-on-startup>
        1
      </load-on-startup>
    </servlet>
    <servlet-mapping>
      <servlet-name>
        gateway
      </servlet-name>
      <url-pattern>
        /portal/*
      </url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>
        prt
      </servlet-name>
      <url-pattern>
        /irj/*
      </url-pattern>
    </servlet-mapping>
    <session-config>
      <session-timeout>
        30
      </session-timeout>
    </session-config>
    <welcome-file-list>
      <welcome-file>
        index.html
      </welcome-file>
      <welcome-file>
        index.jsp
      </welcome-file>
    </welcome-file-list>
    <ejb-ref>
      <ejb-ref-name>
        com.metamatrix.platform.security.api.LogonAPIHome
      </ejb-ref-name>
      <ejb-ref-type>
        Session
      </ejb-ref-type>
      <home>
        com.metamatrix.platform.security.api.LogonAPIHome
      </home>
      <remote>
        com.metamatrix.platform.security.api.LogonAPI
      </remote>
      <ejb-link>
        com.metamatrix.platform.security.api.LogonAPIHome
      </ejb-link>
    </ejb-ref>
    <ejb-ref>
      <ejb-ref-name>
        com.metamatrix.server.serverapi.ClientAPIHome
      </ejb-ref-name>
      <ejb-ref-type>
        Session
      </ejb-ref-type>
      <home>
        com.metamatrix.server.serverapi.ClientAPIHome
      </home>
      <remote>
        com.metamatrix.server.serverapi.ClientAPI
      </remote>
      <ejb-link>
        com.metamatrix.server.serverapi.ClientAPIHome
      </ejb-link>
    </ejb-ref>
     <filter>
          <filter-name>
               ReverseProxyFilter
          </filter-name>
          <filter-class>
               com.sapportals.portal.crosstopics.reverseproxyfilter.ReverseProxyFilter
          </filter-class>
          <load-on-startup>
          1
          </load-on-startup>
          <init-param>
               <param-name>
                    scheme
               </param-name>
               <param-value>
                    https
               </param-value>
          </init-param>
          <init-param>
               <param-name>
                    proxy-host-name
               </param-name>
               <param-value>
                    <...type your proxy hostname here. eg: portal.company.com...>
               </param-value>
          </init-param>
          <init-param>
               <param-name>
                    proxy-port-http
               </param-name>
               <param-value>
                    80
               </param-value>
          </init-param>
          <init-param>
               <param-name>
                    proxy-port-https
               </param-name>
               <param-value>
                    443
               </param-value>
          </init-param>
               <init-param>
               <param-name>
                    filter-header-name
               </param-name>
               <param-value>
                    Host
               </param-value>
          </init-param>
          <init-param>
               <param-name>
                    filter-header-value
               </param-name>
               <param-value>
                    <...type your proxy hostname here. eg: portal.company.com...>
               </param-value>
          </init-param>
          <init-param>
               <param-name>
                    debug
               </param-name>
               <param-value>
                    true
               </param-value>
          </init-param>
     </filter>
     <filter-mapping>
          <filter-name>
               ReverseProxyFilter
          </filter-name>
          <servlet-name>
               prt
          </servlet-name>
     </filter-mapping>
     <filter-mapping>
          <filter-name>
               ReverseProxyFilter
          </filter-name>
          <url-pattern>
               /servlet/*
          </url-pattern>
     </filter-mapping>
     <filter-mapping>
          <filter-name>
               ReverseProxyFilter
          </filter-name>
          <url-pattern>
               *.jsp
          </url-pattern>
     </filter-mapping>
</web-app>

Reverse proxy to applications on a server by just domain names possible?

Hi All
I am looking for a solution to set up a single server, that hosts four J2EE web applications running on a Glassfish application server with just only one IP address.
When a user wants to use an application, he/she can just type URL without specifing port and path, and the corresponding web application will be displayed accordingly as shown below
http://sub1.domain1.com -- > webapp1 at port 9100
https://sub2.domain1.com -- > webapp2 at port 9200
http://sub1.domain2.com -- > webapp3 at port 9300
https://sub2.domain2.com -- > webapp4 at port 9400
I am wandering whether I could use reverse proxy of Sun Java System Web Server 7 to route the traffic from the domain names to their own application on Glassfish as shown above? I tried by creating two HTTP listeners to listen at port 80, and 443 respectively, but I could not access different applications based on domain names without specifying specifix path or port.
Is there any recommended resources or example of the mapping, or any other suggested solution?

Thank you for your reply nsegura. I created 4 different virtual servers as you suggested and it worked :)
However, I have a problem in reverse proxy base on path.
The scenario is below
I have an J2EE application that needs to be deployed in three different environment (production, training, testing). It
is the same application for three environments, so I want them to have the same context-root. I want to use Sun Web Server 7.0 to reverse proxy to the application in each environment based on path, not URL redirect. Example of URL are shown below
https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /app)
https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /app)
So far, it works if I set context-root of the application in each environment differently
https://sub.domain3.com/app -- > http://localhost:9500 (with context-root /app)
https://sub.domain3.com/training/app -- > http://localhost:9600 (with context-root /training/app)
https://sub.domain3.com/testing/app -- > http://localhost:9700 (with context-root /testing/app)
I am wandering whether there is a solution with Sun Web Server 7 that I can use to achieve reverse proxy of the same application in different environments without having to modifying context-root for each environment and use URL redirect?
I was thinking about using rewriting path with reverse proxy, but I did not see this function under reverse proxy tab.
Any ideas?

Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

Hi,
I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
I have configured a context root to be forwarded to weblogic:
Web Server: www.server.com
URI: /path
Reverse Proxy URL: wlserver:9000
When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
Would appreciate it very much if someone can help me troubleshoot this issue.
Thanks in advance!
Edited by: agent_orange on Jul 29, 2010 2:30 AM
Edited by: agent_orange on Jul 29, 2010 2:31 AM

I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
- create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
- select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
that is all it should need.
your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
<Object name="default">
AuthTrans..
NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
</object>
<Object name="reverse-proxy-/">
Route fn=....
Service ..
</Object>
this is all you should need..
However, if you wanted to add complexity to your configuration, you could do some thing like
<Object name="default">
Auth..
<If defined $security>
NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
</If>
</Object>
<Object name="reverse-proxy-/">
Route...
</Object>

Access Mac Mini Server (profile management) through reverse proxy

Hi,
Newbie in Mac's world and yet trying to make it more complicated as it is.
As we recently (last month) decided to equip our sales force with iPads, they were configured through Apple Configurator tool running on a dedicated Mac Mini Mountain Lion.
Now, I'd be keen in moving this configuration to the Profile Manager, part of the OSx Server plugin. So far so good.
Problem is the following : another web server is already on the LAN using both 80 and 443 ports. So all incoming traffic on those ports was routed to this other server. As Mac Mini Server default http/s ports may not be altered, I installed a reverse proxy server (Oracle VM - Ubuntu 12.04LTS - pound), configured to deal differently traffic on those ports according to the domain name (host) of the web request (header). Each 'local' server has been allocated a domain name. Just to be clear, traffic is now routed by the WAN/LAN router, for those ports, towards the reverse proxy, configured to reroute the traffic to the correct destination.
So far so good, it works like a charm, except... as soon as we enter https protocol on Mac Mini Server Profile Manager.
Access from an iDevice to the Mac Mini Server Profile Manager login page is fine, but as soon as password is confirmed, safari is pending and finally a message 'An internal serer error occured. Please try later again' appears.
Looking to both reverse proxy system log and Mac Mini profilemanager.log files to trace the problem, the following lines are produced at this particular moment :
reverse proxy system.log
Jan 15 14:44:03 reverseproxy pound: 91.... GET /devicemanagement/console/apple_theme_v2/en/da56af0a69e733b259dac3991419fa928b4 94a56/resources/images/sprites/me_controls.png HTTP/1.1 - HTTP/1.1 200 OK
Jan 15 14:44:03 reverseproxy pound: 91.... GET /auth?redirect=http://osxsrv.fiks.net/devicemanagement/api/authentication/callback HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
Jan 15 14:44:04 reverseproxy pound: 91.... GET /devicemanagement/api/authentication/callback?auth_token=336952DE-BDDE-4390-82F 7-8475B79FB2D3 HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 can't read header
Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 response error read from 192.168....:443/GET /profilemanager/ HTTP/1.1: Success (0.007 secs)
Jan 15 14:44:08 reverseproxy pound: 91.... POST /devicemanagement/api/magic/get_updated HTTP/1.1 - HTTP/1.1 200 OK
OSx Server profilemanager.log
Jan 15 14:44:05 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]Jan 15 14:44:05 osxsrv ProfileManager[1749] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]
Jan 15 14:44:06 osxsrv ProfileManager[1748] <Info>: Completed in 492ms (View: 0, DB: 6) | 200 OK [http://osxsrv.../magic/do_magic]
Jan 15 14:44:06 osxsrv ProfileManager[1749] <Info>: Completed in 687ms (View: 0, DB: 5) | 200 OK [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Completed in 4ms (View: 1, DB: 14) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Completed in 45ms (View: 1, DB: 43) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Completed in 55ms (View: 0, DB: 1) | 403 Forbidden [http://osxsrv..../magic/do_magic]
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Processing AuthenticationController#callback (for 91.... at 2013-01-15 14:44:08) [GET]
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Redirected to https://osxsrv..../profilemanager/
Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Completed in 149ms (DB: 5) | 302 Found [http://osxsrv..../authentication/callback?auth_token=[FILTERED]]
I guess the '302 Found' is causing or explaining the problem.
I agree this might not be a Mac issue, so I still knock your doors hoping some of you could at least give a hint for what to search for !
If the pound configuration file is of interest, just ask, but this is pretty trivial, saying basically listen these protocols (http/https) on these ports (80/443) and according to Header content (check destination host) and reroute packet to LAN device (with given LAN IP address).
As the default port(s) of the Mac Mini Web Services may not be altered (so far I know), I guess I am stuck using 80 and 443 anyway.
Maybe should I invest time in changing my other apache server ports to some more exotic 8080 or 88 or whatever so Mac Mini Server Profile Manager default ports 80 and 443 are maintained and can be easily and directly rerouted to my Mac server without any reverse proxy along the way.
Thanks in advance for your help
Alx

HI All,
i'm also using reverse proxy technique to publish my server to the internet. The ip is used by twice domains. The problem is by using the profile manager
after login it redirects the url to the Local Area network addresse instead to the domain.
How to configure this on OS X Server and the Profile Manager Service?
Kind Regards
Oemer

Reverse Proxy More than one webgui?

To: Nick and all who use reverse proxy clients
Thanks for the hints so far.
I am stuck when trying reverse proxy more then one backend webgui. We have
a portal that takes an iview and sends all the request for backend webgui to
the reverse proxy address. This fulfills the requirement to only open up one domain address and support and manage on SSL key later on.
The /sap Rewrite tag works great for this and we pointed successfully to the EB system.
The sticky point:
How do we distinguish from one webgui server EB from another i.e BW.
We need to distinguish one incoming /sap from another.
We started with leveraging the SICF and the external URL alias that would serve up the /sap URL as /sapebd. Unfortunately the /sapebd external alias did work some but the contents of the generated page continues to reference the /sap instead of /sapebd. (Manually change it to /sapebd from a browser and the gif,.css.js etc will be served up) .
Looking for some good suggestions. (Below included sample statements)
Thanks,
Mich
</VirtualHost>
#This host is used for the meta refresh redirect page.
<VirtualHost my.domain.com:80>
ReWriteEngine On
ServerName my.domain.com:80
ProxyPreserveHost on
DocumentRoot "/var/www/html/qaroot"
DirectoryIndex index.php index.html index.htm index.shtml
ErrorLog logs/qaroot-error_log
TransferLog logs/qaroot-access_log
Portal proxy statements - one proxy all works fine
ProxyPass /irj http://portal.domain.com:50000/irj
ProxyPassReverse /irj http://portal.domain.com:50000/irj
ProxyPass /webdynpro http://portal.domain.com:50000/webdynpro
ProxyPassReverse /webdynpro http://portal.domain.com:50000/webdynpro
ProxyPass /useradmin http://portal.domain.com:50000/useradmin
ProxyPassReverse /useradmin http://portal.domain.com:50000/useradmin
ProxyPass /logon http://portal.domain.com:50000/logon
ProxyPassReverse /logon http://portal.domain.com:50000/logon
#EBD proxy statements
Try number 1 leaving it at sap and it works well to one back end system
#RewriteRule ^/sap(.*) http://ebd.domain.com:8000/sapebd/$1 [P,L,NE,QSA,R]
#ProxyPassReverse /sap http://ebd.domain.com:8000/sap
Try number 2 defined an external alias using SCIF - works a litlle
but then the webgui responds with the a lot of "/sap" references
RewriteRule ^/sapebd(.*) http://ebd.domain.com:8000/sapebd/$1 [P,L,NE,QSA,R]
ProxyPassReverse /sapebd http://ebd.domain.com:8000/sapebd
</VirtualHost>
Message was edited by: Mich Wilhelmi

hi,
>I know that is not possible to connect two different XI system to the same R/3; so, how can I manage this situation without affect the other XI?
this is not true...
there is way to use SPROXSET table for that reason
but it has to be done in a very carefull way
Regards,
Michal Krawczyk
http://mypigenie.com XI/PI FAQ

Jdbc and fire walls (reverse proxy)

Can jdbc use reverse proxy to get through the corporate firewall? This is to provide access to other companies outside the corporate firewall. How?
Are there any other secure ways of providing jdbc thru the firewall?

Only a type 3 driver that can use port 80 or 443. In addition the driver needs to wrap the data in HTTP to get thru the firewall. These ports are about the only guaranteed to be open.
This is why a type 4 will not work since the middleware is required to pull off the HTTP wrappers.
See JDataConnect at www.j-netdirect.com
null

BI FPN using Reverse proxy

Similar Messages

Maybe you are looking for