Portal Alias URL Redirect
Hello,
i have a little problem to solve in my company. We have updated our SAP NetWeaver Portal 4 months ago. Bevore the update there was the possibility to use an alias in webbrowser to start the portal. When the alias typed in you got redirected to portal/domain/irj/portal. Today you get redirected to portal/irj/portal. When you type in portal.domain you get redirected to portal/domain/irj/portal
The problem ist that we get some problems with applications that requirred a full qualified dns name and the majority of our employees use the alias portal to start the portal.
The DNS Entries are:
portal --> server.domain
portal.domain -->server.domain
There is no Web-Dispatcher running.
I think there is/was some settings in the AS Java or the ISS of the Windows Server.
The question is: What is to do to get the full qualified dns name by typing "portal" at the webbrowser?
If there were problems in understanding i will do my best to support.
Many Thanks
Hello,
Please check the link on portal alieas http://help.sap.com/saphelp_nwce10/helpdata/en/6e/8590f1d6d349c9adc34c6a8085189b/content.htm
for web dispatcher is not running please check whether message server of central services up or not and check all the related parameters are properly set or not or some one might be changed them.
http://help.sap.com/saphelp_nw04/helpdata/EN/de/89023c59698908e10000000a11402f/content.htm
You can also check the configuration of the SAP Web Dispatcher from the command line using
sapwebdisp pf=<profil> -checkconfig out put will give you return code for 0 for errors, 1 for warnings,
also check the trace files for SAP Web Dispatcher dev_wdisp apart from this you can find details of the change history of the SAP Web dispatcher in SAP note 538405.
Thank you,
Shyam
Similar Messages
-
SSO is not working for an Alias URL but is working for original portal URL
Hello,
We have a BSP running inside the portal and expects authentication.
When I run this BSP using the portal regular address everything is working OK and SSO is working after logging into the portal.
At next step, we have configured an alias for the portal URL at the DNS Server.
When activating the BSP from the alias URL it asks for 2nd authentication. Meaning, SSO is not working after logging into the portal.
I have activated an HTTP trace in order to see why and it seems like when running it from the alias name it recognizes it as a different domain and I assume this is why the authentication is coming up.
I would like to suppress this for the alias URL but don't know how.
I found this UME property on the server:ume.logon.security.relax_domain.level
This UME property controls the amount of sub domains to remove from the server name to obtain the domain for which the logon ticket is valid.
I have changed this property from its default value 1 to 3 (and restarted the server of course) which, in our case, leaves only ourCompany.com for the ticket in the original server URL. Yet, the authentication pop up is still not supressed when browsing through the alias URL.
Any idea what can I do next?
Thanks,
RoyHi Dezso,
I found the 401 let me know if I look on it right:
I have an entry node with two subnodes: request and response.
The response has:
<responseStatus>HTTP/1.1 401 Unauthorized</responseStatus>
And the request before that doesn't have any MYSAPSSO2 in it, all it has which is related to cookies is this:
<header name="Cookie">UserUniqueIdentifier=1174345919524; alreadyLogged=1179560552416</header>
<cookies>
<cookie name="alreadyLogged">1179560552416</cookie>
<cookie name="UserUniqueIdentifier">1174345919524</cookie>
</cookies>
Can you advice what to do next? -
Cisco ISE guest portal redirect not working after successful authentiation and URL redirect.
Hi to all,
I am having difficulties with an ISE deployment which I am scratching my head over and can't fathom out why this isn't working.
I have an ISE 3315 doing a captive webportal for my guest users who are on an SSID. The users are successfully redirected by the WLC to the following URL:https://x.x.x.x:8443/guestportal/Login.action?portalname=XXX_Guest_Portal
Now when the user passes through the user authentication splash screen they get redirected to https://x.x.x.x:8443/guestportal/guest/redir.html and recieve the following error:
Error: Resource not found.
Resource: /guestportal/
Does anyone have any ideas why the portal is doing this?
Thanks
PaulHello,
As you are not able to get the guest portal, then you need to assure the following things:-
1) Ensure that the two Cisco av-pairs that are configured on the authorization profile should exactly match the example below. (Note: Do not replace the "IP" with the actual Cisco ISE IP address.)
–url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
–url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also defined on the access switch)
2) Ensure that the URL redirection portion of the ACL have been applied to the session by entering the show epm session ip command on the switch. (Where the session IP is the IP address that is passed to the client machine by the DHCP server.)
Admission feature : DOT1X
AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
URL Redirect ACL : ACL-WEBAUTH-REDIRECT
URL Redirect :
https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
0000A45A2444BFC2&action=cpp
3) Ensure that the preposture assessment DACL that is enforced from the Cisco ISE authorization profile contains the following command lines:
remark Allow DHCP
permit udp any eq bootpc any eq bootps
remark Allow DNS
permit udp any any eq domain
remark ping
permit icmp any any
permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
permit tcp any host 80.0.80.2 eq www --> Provides access to internet
permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
port
permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8905 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
permit udp any host 80.0.80.2 eq 8906 --> This is for posture
communication between NAC agent and ISE (Swiss ports)
deny ip any any
Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on the switch as follows:
ip access-list extended ACL-WEBAUTH-REDIRECT
deny ip any host 80.0.80.2
permit ip any any
5) Ensure that the http and https servers are running on the switch:
ip http server
ip http secure-server
6) Ensure that, if the client machine employs any kind of personal firewall, it is disabled.
7) Ensure that the client machine browser is not configured to use any proxies.
8) Verify connectivity between the client machine and the Cisco ISE IP address.
9) If Cisco ISE is deployed in a distributed environment, make sure that the client machines are aware of the Policy Service ISE node FQDN.
10) Ensure that the Cisco ISE FQDN is resolved and reachable from the client machine.
11) Or you need to do re-image again. -
hi,
in portal 6 is it possible to say redirect www.testdomain.com requests to the portal address of say www.myportalserver.com/amserver/Login?org=testdomain ?
i know there are various ways to acocmplish this, but the portal 6 product have this capability?
or do you specifically need srap to accomplish this?
thanksok. here's an easy solution I created and tested some minutes ago, seems to work fine with PS6.x WS based.
1 - copy your WS docs directory "../docs" to "../vdocs".
what you need here is the "index.html" file
2 - go to WS admin console , login and click on "Apply" to reload the portal installation changes to the server.xml, then reload and restart (see displayed options)
3 -create a new "virtual server class" with the above mentioned doc dir ../vdocs"
4 - in this new class create a new virtual server, e.g.
MyServer.domain.com
5 - test with a browser if you are able to contact the WS and get the index.html page
6 - go to the "vdoc" directory , copy index.html to index.html.orig, create a new index html with the following content and change the redirect path to whatever you want.
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<title>JavaScript Redirect</title>
</head>
<body bgcolor="white">
<script language="JavaScript">
<!--function redirect()
{ window.location = "http://PORTALServer.Domain:Port/portal/dt" } setTimeout("redirect();", 0)// -->
</script>
</body>
</html>�
It works fine for me with NS4.9, Mozilla 1.5, IE 5.x.
Whle testing be careful the browsers "like" to cache "old" pages which include the "old" redirections.
cheers,
Ulf -
Is Java Webdynpro Appl deployable in WAS6.20 or URL redirection frm EP6 to7
Hi All,
We have two portals, one ep 6 and another ep 7. we have developed a small webdynpro appl and it is working in ep 7, but we want it to be in EP6, our ep 6 is based on WAS 6.20. So, Can we deploy Webdynpro java application in EP 6 based on WAS 6.20. If not, can we provide a url redirect to that particular iview from EP 6 to EP 7.
Please help us, if anybody has any idea on this...
Thanks & Regards,
RaviThe system object can be created from system administration role in portal System_admin_role or assign your self super_admin_role in the portal EP6.
Then Go to System Configuration -->Portal Content and there create a system object of type "Sap system with load balancing" after that set Authentication Ticket Type as SAP Logon Ticket, Define Logon Method as SAPLOGONTICKET, Set Message Server of your Java Stack,Remote Host Type as 3,
Set Web AS Host Name with port no > = 50000 ie Java Stack .
System Object name for eacch env can be env specific/different ie DEV, QAL, PRD etc
but create the System alias for the system object created above and keep its name same accross all the env eg (JVA) and use this alias in your ivew for defining system.
Using URL Ivew will work too, but the problem with that is , you will have to do manual config (change server id or URL) in each env to reflect the application of the env in which ivew will be.
Where as using webdynpro Java ivew you will not hardcode the url , and define system as system alias in the iveiw and when ivew get transported to diff env , alias will connect it to the env specific system object.
Edited by: Saurabh Agrawal on Apr 2, 2009 2:27 AM -
Create a Alias URL for Intranet
Hi
How do I create an Alias URL for our Intranet on the Enterprise Portal.
The requirement is it should link directly to the intranet content under: portal Content
Thanks
Naziem MahomedUse any reverse proxy in achieving this.
Reverse proxy stands infront of the portal server where you can define your url which will redirect to the portal url.
Check the below wiki for more information
https://wiki.sdn.sap.com/wiki/display/EP/ChangePortalURL
also check the below help link
http://help.sap.com/saphelp_nw04s/helpdata/en/42/5cfd3b0e59774ee10000000a114084/frameset.htm
Raghu -
DNS Name to portal (short) URL
Hi folks,
we are going to integrate some webapplications via url-iview in our portal (2004s). The applications have there own dns-name within our domain-dns-server.
After the integration, my plan is that the dns will be resolved into a portal (short)URL. In IIS i can take the hostheader for this, but how is it possible in the portal?
best regards
FrankHi,
ok I finally got it
You will encounter the following problem:
If you configure your alias ABC to resolve to the IP Address of your portal there is no application associated with it (/xxx) so you will always call the index.html (J2EE Startpage of your J2EE)
What you can do here is modify the index.html to redirect to a specific destination using meta http-equiv="refresh"
e.g.
meta http-equiv="refresh" content="0;url=/irj/portal/
Since it is just HTML you cannot disinguish and you will always be redirected to this destination when accessing the startpage or just http://portalhost
Now you have several ways to solve this:
1. I think that you can define Virtual Hosts in the HTTP Provider Service (Visual Admin / HTTP Provider Service) and Application Aliases (I've never done that but it should work). This means that you define a virtual host (e.g ABC) and map it to any application e.g /myAPP1 on your J2EE
see the following doc:
http://help.sap.com/saphelp_nw70/helpdata/EN/e5/ac55423948b330e10000000a155106/frameset.htm
2. You can change the Directory Index of your Engine (HTTP Provider / Properties TAB / Infer Names Property) and add something like index.jsp to the list
Default Value is:
{index.html,index.htm,default.html,default.htm}
Then you rename your index.html to something like startpage.html and put the index.jsp in the directory instead. In your JSP you will then be able to parse the Request (e.g. parse the Request URL, Headers etc. and send an appropriate redirect that fits your needs.) In all other cases you just send a redirect to startpage.html so you will still be able to see the Startpage if necessary
You have to put this jsp in the following path:
/usr/sap/<SID>/JC<InstanceNo>/j2ee/cluster/serverN/apps/sap.com/irj/servlet_jsp/irj/root
Note that if you are just typing
http://ABC and ABC will be resolved to your portal IP you will have to bind your portal to port 80 in order to make this work (I would not do that because you will get into trouble when upgrading or patching) or you will have to provide the port e.g. http://ABC:50000
If you do not want to provide the port than you will have to put a Proxy (e.g. IIS on the portal host that listens on port 80 and does whatever you like (e.g. parses HTTP Header and sends redirect or whatever)
Hope this helps
Cheers -
URL redirection config in PI SOAP receiver communication channel
Hi,
I am working on a similar scenario where I my consuming an external web service using https protocol from PI.
I have configured a soap receiver channel to call the target url of this web service as https://portal.xyz.org.uk/webservice_alt.
I am getting an error HTTP 302 suggesting that PI is not able to follow the re-direction to the target URL as the service resides not on that URL but on https://portal1.xyz.org.uk/webservice_alt or https://portal2.xyz.org.uk/webservice_alt.
This is their server fail over handling mechanism which is very common. But PI 7.0 is not able to handle this.
So if I change the target URL on the SOAP receiver channel to https://portal1.xyz.org.uk/web service or https://portal2.xyz.org.uk/webservice_alt , PI works fine without errors . But this is not the right approach because, every time the web service provider takes one of these systems down for upgrade/patching etc, they inform us and then I manually go and change the target URL to the available server on my production PI system config.
My problem is I want to resolve this redirection error in PI. I have tried raising a call with SAP itself and they pointed out to use Axis adapter which is still not working.
So I am here asking for help. any suggestions please from the experts?
Thanks
Jhansi.Hi guys,
I am sorry if I have not been clear so far!!
What I am talking about is a URL redirection capability of PI. what i mean is , when you call any service in general using a browser/soap ui etc, it pings that url and follows the redirection.
For example when i try to test this external web service directly using soap ui tool, it also returns HTTP 302 error. But when I set the 'Follow redirect' property to 'true' , it follows the redirection and calls the service on 'portal1' or 'portal2' .
You assume PI is a test tool like SOAPUI. When the address or URL changed in WSDL and if you load the latest WSDL in soapUI it post the request to the latest URL. YOu import WSDL only in ESR not in IR. Dont forget it. Though WSDL has soap address location, it will not impact the wsdl changes directly in ID.
It makes no sense to complain regarding the behaviour of PI when the reason for the problem is outside (WS provider).
please note that the target url is fixed which is https://portal.xyz.org.uk/webservice_alt.
so we are not talking here about the service provider altering the service and sending us new wsdl's etc.
All users of this webservice have been non-sap users so far and consumers use java, .net etc platforms and are easily able to handle the redirection.because this redirection is a part of failover mechanism.
I hope i am able to picture my problem.
thanks
Jhansi. -
Hello,
say I want to have five ISE 1.3 nodes behind load balancer, I want only only G0 behind LB, and G1 interfaces will be dedicated for certain things. Specifically I want to use G1 interface for Redirected Web Portal access (could be CWA, device registration, NSP, etc). RADIUS auth will happen through LB on G0 of some specific PSN, and that PSN will url-redirect user to the CWA URL.
How do I tell ISE to use specifically Gig1's IP address or Gig2's IP address? When I check result authorization profile, there is no option there, it's just ip:port. Obviously, that's not the right place, because which PSN is used to processed the policy is unpredictable.
So then I go to guest portal, and specifically Self-Registered Guest Portal that I'm using. So here I see Gig0, Gig1, Gig2, and Gig3 listed. My guess is that if I only leave Gig1 selected then I will achieve my goal, is that correct?
But then, why does it let me choose multiple interfaces, what happens if I select all of them?
Am I missing another spot in ISE admin where I can control this?
Additional question. I know that in ISE 1.2 you could configure "ip host" in ISE's CLI, which would force URL-redirect response to be translated to FQDN:port. Is that still the right method in ISE 1.3?
Thanks!Take a look at the following document:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13.pdf
Towards the end of the document you will find a section called: "Cisco ISE Infrastructure" and there you will see the following:
• Cisco ISE management is restricted to Gigabit Ethernet 0.
• RADIUS listens on all network interface cards (NICs).
• All NICs can be configured with IP addresses.
So, you can take an interface, give it an IP address and then assign it to the web portal that you are working with.
I hope this helps!
Thank you for rating helpful posts! -
ISE & Switch URL redirect not working
Dear team,
I'm setting up Guest portal for Wired user. Everything seems to be okay, the PC is get MAB authz success, ISE push URL redirect to switch. The only problem is when I open browser, it is not redirected.
Here is some output from my 3560C:
Cisco IOS Software, C3560C Software (C3560c405-UNIVERSALK9-M), Version 12.2(55)EX3
SW3560C-LAB#sh auth sess int f0/3
Interface: FastEthernet0/3
MAC Address: f0de.f180.13b8
IP Address: 10.0.93.202
User-Name: F0-DE-F1-80-13-B8
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
URL Redirect ACL: redirect
URL Redirect: https://BYODISE.byod.com:8443/guestportal/gateway?sessionId=0A005DF40000000D0010E23A&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A005DF40000000D0010E23A
Acct Session ID: 0x00000011
Handle: 0xD700000D
Runnable methods list:
Method State
mab Authc Success
SW3560C-LAB#sh epm sess summary
EPM Session Information
Total sessions seen so far : 10
Total active sessions : 1
Interface IP Address MAC Address Audit Session Id:
FastEthernet0/3 10.0.93.202 f0de.f180.13b8 0A005DF40000000D0010E23A
Could you please help to explore the problem? Thank you very much.With switch IOS version later than 15.0 the default interface ACL is not required. For url redirection the dACL is not required as this ACL is part of traffic restrict for "guest" users.
In my experiece some users can not get the redirect correctly because anti-spoof ACL on management Vlan or stateful firewall blocks the TCP syn ack.
It is rare in campus network access layer switches have user SVI configured so the redirect traffic has to be sent from the netman SVI, but trickly the TCP SYN ACK from the HTTP server will be sent back from the netman Vlan without source IP changed. (The switch is spoofing the source IP in my understanding with changing only the MAC address of the packet). In most of the cases there should be a basic ACL resides on the netman SVI on the first hop router, where the TCP SYN ACK may be dropped by the ACL.
tips:
1. "debug epm redirect" can make sure your traffic matches the redirect url and will get intercepted by the switch
2. It will be an ACL or firewall issue if you can see epm is redirecting your http request but can not see the SYN ACK from the requested server.
Which can win the race: increasing bandwidth with new technologies VS QoS? -
Issues getting url-redirect working with Cisco ISE
Hi,
I am currently doing a Proof of Concept using Cisco's new ISE product. I am having issues getting the url-redirect raidus attribute working. I have read the troubleshooting document and everything in it points to it should be working. By debuging the radius information on the switch I can see that its passing the url-redirect to the switch which in my case is was https://DEVLABISE01.devlab.local:8443/guestportal/gateway?sessionId=0A00020A0000001604D3F5BE&action=cwa. Now to remove DNS issues etc from the equasion if I copy and paste this URL into the client browser it takes me to the correct place, and I can login and it changes VLAN's accordingly. Now as far as I know the client should automatticaly be redirected to this URL which is not working. Below I have included one of the debugs to show that the epm is in place.
DEVLABSW01#show epm session ip 10.0.1.104
Admission feature: DOT1X
ACS ACL: xACSACLx-IP-PRE-POSTURE-ACL-4de86e6c
URL Redirect ACL: ACL-WEBAUTH-REDIRECT
URL Redirect: https://DEVLABISE01.devlab.local:8443/guestportal/gateway?sessionId=0A00020A0000001604D3F5BE&action=cwa
I have also attached my switch config. Any help would be greatly appreciated.
DanSo im also doing ISE for the first time and i knew it may have been a bit tough however i didnt forsee my following issue.
everything is working as expected other than every now and then (intermittent) the ISE Central Portal does not display on any device -android, windows, etc..... i checked and checked the configs, had probably about 10 TAC cases open..... this weekend i ripped out the main components, setup in the offfice and tried to replicate the issue....i could...what i noticed is that without Internet the ISE Portal didnt actually display....it sounds weird but thats what im seeing.....As soon as i plug into Internet Link into the equation, the portal page comes up.....im able to replicate it every time... Currently, i placed back into the customer network and im now looking down at the routing/firewall......
my issue is that i cant really explain why the Internet affects the Central Auth Page.... In any event. im working backwards, tomorrow im bringing in a second link and doing NAT on a cisco router to bypass the checkpoint firewall....ill know if its checkpoint or if im barking up the wrong tree....
if anyone can explain why, it would help out a great deal..
My setup BTW is
1. WLC 5760 - Not latest code but latest stable (recommended by the TAC Engineer)
2. ISE 1.2 - Doing simple Wireless only implementation
3. 3650 - Just acting like a switch - no ACLs etc - just a switch
4. Integrated into AD
Ill post back with any findings if i make any headway - BTW, i didnt like this at all as other solutions are so much simpler, BUT, i can now see how powerful this could potentially be for the right type of customer...
thanks again how i can get some feedback -
How does ISE choose which IP to put in URL redirect response?
Hello,
does anyone know how does ISE choose which IP to put in URL redirect response if it has more than one interface with an IP address and all interfaces are enabled in the portal configuration?
I have a single ISE 1.3 PSN with all four interfaces configured, enabled, each on unique VLAN, and each with unique IP address.
In the CWA portal configuration, all four interfaces are enabled.
Wired clients connect to NAD, NAD sends RADIUS request to ISE, ISE responds with a RADIUS response including the URL-Redirect parameter which specifies the web redirect URL. ISE configuration uses "ip:port" in the URL.
My question is how does ISE choose which of its four interfaces to put in this URL? Is it always the same interface that RADIUS packets were received on? Or does it always choose the first portal enabled interface? Or is there another logic? Configurable or unconfigurable?
Thanks!ISE uses the first interface enabled for that portal, so if want to use a specific interface, then only enable that interface. If interface is GE0, then default behavior is to redirect with ip value set to node's FQDN. If interface other than GE0, then default behavior is to return the IP address of the associated interface.
Aliases can be configured for each interface using the CLI 'ip host' command to associate a hostname/FQDN to the IP address of a given interface. When configured, ISE will return that value rather than IP address in redirect. This is critical if want to avoid certificate trust warning on connecting clients.
Be sure that certificate assigned to interface includes the correct FQDN or optionally wilcard value in the CN or SAN fields to avoid cert warnings. -
URL redirect - how to switch from https to http
Hi, all.
We have some requirement that the portal session be switched to https on some iviews while the rest of the contents are in http. I am thinking of using url redirect on the web dispatcher.
What I found is that the url redirect from http to https works great. Now if I want to switch back to http, the redirect doesn't work. Note that the http port is 80 and https port is 443 on the web dispatcher. To test, here is the parameter I did to switch from http to https. This works and transforms the url from http://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxx to https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx
icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=http, PROT=https, HOST=ozonehomeep3.XXXXXX
If I flip it back the other way:
icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=https, PROT=http, HOST=ozonehomeep3.XXXXXX
When I connect using the url https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx, it ignores the parameter and the redirect to http did not happen.
What is wrong?
Thanks,
Jonathan.Hello,
I've had a similar problem for one of my customers.
I've tried to do it on a root level, just Https://FQDN:port_https/ to http://FQDN:Port_http/
I've used this parameter to solve it:
icm/HTTP/redirect_0 = PREFIX=/, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http
maby you should try:
icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http, TO=/irj/portal/zsap_
You should also verify that the standard http port (80) are open in the firewall from the outside, just take a telnet session to FQDN and port 80
to quickly determined if the firewall policy are right.
Good luck!
Kind Regards
Håvard Fjukstad. -
Hi ,
We have web dispatcher which is used for accessing portal and fiori using public url as below .
https://fiori.xyzcorp.com
https://portal.xyzcorp.com
But when they're trying to access via internet portal url goes to https://portal.xyzcorp.com/startPage by default it should route to irj/portal
Same for Fiori also I'm using the ICM redirect parameter still can't access
icm/HTTP/redirect_0 = PREFIX=/, FOR=portal.xyzcorp.com:*, TO=/irj/portal,
icm/HTTP/redirect_1 = PREFIX=/, FOR=Fiori.xyzcorp.com:*, TO=/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html?sap-client=800&sap-language=EN,
Could you please share you thoughts?Hi Krishna,
Please go through below doc
SAP webdispatcher and URL redirect?
icm/HTTP/redirect_<xx> (SAP Library - SAP Web Dispatcher)
BR
Atul -
SSL termination and URL redirection
Hi All,
I have configured application in cisco ACE module for which i got more requirement for URL redirection.
Application setup is as below.
VIP : 10.232.92.x/24 which is pointing to 2 Web server 10.232.94.x/24 range. In addition to that app team want APP server also need to be loadbalanced hence new VIP is configured for 10.232.92.x/24 which is pointing to 2 different app server 10.232.94.x/24.
Both Web and App servers are having different IP but in same broadcastdomain. SSL termination is done on ACE.
Issue : 1) After initiating connection i am getting login page but after login its again giveing login page. After 2 to 3 trial its giving me application page but with invalid session error.
2) How to do https connection redirecting to different path.
Ex. https://apps.xyz.com to https://apps.xyz.com/abc
configuration :
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
serverfarm host app_tcp
predictor leastconns
probe rem_app_tcp
rserver server1 2100
inservice
rserver server2 2100
inservice
serverfarm host rem_https
predictor leastconns
probe rem_itsm_https
rserver server3 80
inservice
rserver server4 80
inservice
action-list type modify http remurlrewrite
ssl url rewrite location "apps\.xyz\.com"
policy-map type loadbalance first-match app_tcp
class class-default
serverfarm app_tcp
policy-map type loadbalance first-match app_https
class class-default
serverfarm rem_https
action remurlrewrite
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map multi-match VIPS
class real_servers_vlan273
nat dynamic 1 vlan 273
class VIP_rem_app_tcp
loadbalance vip inservice
loadbalance policy rem_app_tcp
loadbalance vip icmp-reply
class VIP_rem_itsm_https
loadbalance vip inservice
loadbalance policy rem_itsm_https
loadbalance vip icmp-reply
ssl-proxy server Remedy-SSL-PROXYHi Kanwaljeet,
I have applied below config for HTTPS URL redirection. Seems it dint work for me. Redirect serverfarm and policy map was not hitted.
access-list ANY line 8 extended permit ip any any
probe tcp rem_app_tcp
port 2100
interval 5
passdetect interval 10
passdetect count 2
open 1
probe http rem_itsm_https
port 80
interval 5
passdetect interval 10
passdetect count 2
request method get url /keepalive/https.html
expect status 200 200
open 1
ip domain-name nls.jlrint.com
ip name-server 10.226.0.10
ip name-server 10.226.128.10
rserver redirect REDIRECT-TO-HTTPS
webhost-redirection https://%h/arsys 301
inservice
rserver host serv1
ip address 10.232.94.74
inservice
rserver host serv2
ip address 10.232.94.75
inservice
rserver host serv3
ip address 10.232.94.76
inservice
rserver host serv4
ip address 10.232.94.77
inservice
serverfarm redirect REDIRECT-SERVERFARM
predictor leastconns
rserver REDIRECT-TO-HTTPS
inservice
serverfarm host rem_app_tcp
predictor leastconns
probe rem_app_tcp
rserver serv1 2100
inservice
rserver serv2 2100
inservice
serverfarm host rem_itsm_https
predictor leastconns
probe rem_itsm_https
rserver serv3 80
inservice
rserver serv4 80
inservice
ssl-proxy service Remedy-SSL-PROXY
key Remkey.pem
cert Remcert.pem
class-map type management match-any MANAGEMENT_CLASS
3 match protocol ssh any
4 match protocol snmp any
5 match protocol icmp any
6 match protocol http any
7 match protocol https any
class-map match-all VIP_rem_app_tcp
2 match virtual-address 10.232.92.8 any
class-map match-all VIP_rem_itsm_http
2 match virtual-address 10.232.92.9 tcp eq www
class-map match-all VIP_rem_itsm_https
2 match virtual-address 10.232.92.9 tcp eq https
class-map match-all real_servers_vlan273
2 match source-address 10.232.94.0 255.255.255.0
policy-map type management first-match MANAGEMENT_POLICY
class MANAGEMENT_CLASS
permit
policy-map type loadbalance first-match REDIRECT-PM
class class-default
serverfarm REDIRECT-SERVERFARM
policy-map type loadbalance first-match rem_app_tcp
class class-default
serverfarm rem_app_tcp
policy-map type loadbalance first-match rem_itsm_https
class class-default
serverfarm rem_itsm_https
policy-map multi-match VIPS
class real_servers_vlan273
nat dynamic 1 vlan 273
class VIP_rem_itsm_http
loadbalance vip inservice
loadbalance policy REDIRECT-PM
class VIP_rem_itsm_https
loadbalance vip inservice
loadbalance policy rem_itsm_https
loadbalance vip icmp-reply
ssl-proxy server Remedy-SSL-PROXY
class VIP_rem_app_tcp
loadbalance vip inservice
loadbalance policy rem_app_tcp
loadbalance vip icmp-reply
interface vlan 270
description VIP
ip address 10.232.92.4 255.255.255.0
alias 10.232.92.6 255.255.255.0
peer ip address 10.232.92.5 255.255.255.0
access-group input ANY
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown
interface vlan 273
description Real server
ip address 10.232.94.66 255.255.255.192
alias 10.232.94.65 255.255.255.192
peer ip address 10.232.94.67 255.255.255.192
access-group input ANY
nat-pool 1 10.232.92.253 10.232.92.253 netmask 255.255.255.0 pat
service-policy input MANAGEMENT_POLICY
service-policy input VIPS
no shutdown
Maybe you are looking for
-
this is the issue I am having it keeps creashing, I have older mac pro 2x 2.8 quad-core, 24 gig ram 2.5TB storage on system drive, so should be no issues there, I updated to Mavricks just so I could get this update, I need for 5k redcore epic edit. I
-
Hi I'm wondering how to change the following code so that I get a listing of files in a folder called 'tester' that resides in the documentsDirectory? var directory:File = File.documentsDirectory; directory.getDirectoryListingAsync(); directory.addEv
-
How do you replicate KSB1 drilldown functionality in BW?
We would our finance infocubes to allow users to drill down to partner object (usually a PM work order) & description, Purchase Order & Description, Material Number & description as they can do in KSB1. Our developers are saying that: <i>* KSB1 is a
-
Insert into one table, update another with one form
Does anyone know how to do this? I'm writing a small system where I need to have a master project record in one table, and small little project events in a sub notes table. I want to be able to insert a record with notes into the sub table and update
-
Policy Store Error in Import Definitions In Oracle I/PM (11.1.1.6.0)
Hi All, At present I am trying to implement the imaging solution. When I try to import the definitions from I/PM it's giving me the following error. Policy Store Error: The User 100.weblogic does not exist in the policy store. Policy S