Portal login : switch http - https - http

Our customer has the following requirement :
- users navigates to the portal using http.
-> The protocol needs to be switchted to https, so that when he submits his password, the communication between browser and WAS is secured.
-> Next, the protocol needs to be switched back to http
Currently, this has been done by a previous developer on the project in a copy of the com.sapportals.logon.par, and in the masthead. This is not a 'clean' solution, and we wish to do this the proper way.
I did some research, and this seems likely to be achieved via the webdispatcher. Anybody already tried this?
http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies
SAP Web Dispatcher Configuration
The Web Dispatcher will always preserve the Host header, and no further configuration is required for this aspect.
For HTTPS to HTTP protocol switching, the Web Dispatcher must be configured to also set the ClientProtocol HTTP header. This is done with the option in profile:
wdisp/add_clientprotocol_header = 1
For more information about wdisp/add_clientprotocol_header, see the corresponding section of the table in Parameterization of the SAP Web Dispatcher, and see also Setting the SSL Profile Parameters for the SAP Web Dispatcher.
Recommended is to also activate Access Points, as this is the best and simplest way to get a consistent configuration complete(starting 620>=SP57, 640>=SP16 and 700>=SP06). This is achieved with the following profile option:
wdisp/handle_webdisp_ap_header = 1

Hi - Benjamin - Long time ... and all that!
This is indeed not easy to do. In one customer installation I used an Apache as reverse proxy before the web dispatcher but that was mainly to serve up some static content as well as handle SSL before. You could perhaps come up with some complex re-writing and stuff in Apache, but in the end our solution was basically the same as outlined here - a custom coded logon function.
You could investigate the [redirect parameter|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/3d993fb08c72d1e10000000a42189c/content.htm] in the web dispatcher, it has some possibilities to arrange that only certain URL's get redirected to HTTPS. If you can organise that the logon screen has a unique URL then I think that could work for you - but I dont know if that URL arrangement is possible.
One thing though, make sure that you configure the web dispatcher as the SSL termination point, if you send volumes of SSL through to J2EE, basically it will die.

Similar Messages

  • Web clipping proxy error oracle.portal.wcs.transport.http.HttpTransportException WCS-519

    When I am trying to change the url it is coming following error .
    An exception has occurred : oracle.portal.wcs.transport.http.HttpTransportException WCS-519 -- HTTP Proxy Authentication failed for  int.domain.co.in:8080 with authentication of type "Basic" at realm "realm1". Update your proxy login information in the Edit Defaults / Personalize page to
    authenticate.
    Can anybody please help me regarding this issue it is very urgent.so please

    I have a similar setup on Linux boxes (MT and Infra) and having the same problem. I can add external application, also able to register Web clipping provider successfully using the external application ID.
    But when I try to clip the external application. It shows me on the page "User authentication failed. Please use the following link to update the information."
    And, The application.log shows in addition to WCS-514 error code 404
    Raising SOAP fault code: AuthenticationFailure
    I get provider Test page without any error. http://xyz.abc.com:7778/portalTools/webClipping/providers/webClipping
    Your help is highly appreciated.
    Thanks,
    -Dhiren Desai
    [email protected]

  • Oracle.portal.wcs.transport.http.HttpTransportException WCS-514 WebClipping

    Hi!,
    I have Mid Tier installed on one of the Linux box and Infrastructure installed on a separate Linux box. Both of these boxes are behind firewall. I have successfully compeleted portal configuration for Reverse Proxy. I can access portal via internet. Users don't have to put port numbers (7777 or 7778) to access the portal. Users just enters http://www.abc.com, which takes them to portal builder page.
    However, Both of my Web providers are not working. As described by the document to configure seeded provider. I changed to port in the URL from 80 to 777. http://www.abc.com:7777/portalTools/webClipping/providers/webClipping. I can access these two web provider applications from the internet, with both the ports 80 as well as 7777. I also edited the provider.xml to use proxy.
    When I try to personalize web clipping portlet. and provide URL Location. It is giving me following error.
    An exception has occurred : oracle.portal.wcs.transport.http.HttpTransportException WCS-514 -- Get status code 400 to URL http://www.xyz.com by method get
    It seems to me I may be missing one of the configuration step, don't know which?
    I appreciate your help in advance.
    Thanks

    I have a similar setup on Linux boxes (MT and Infra) and having the same problem. I can add external application, also able to register Web clipping provider successfully using the external application ID.
    But when I try to clip the external application. It shows me on the page "User authentication failed. Please use the following link to update the information."
    And, The application.log shows in addition to WCS-514 error code 404
    Raising SOAP fault code: AuthenticationFailure
    I get provider Test page without any error. http://xyz.abc.com:7778/portalTools/webClipping/providers/webClipping
    Your help is highly appreciated.
    Thanks,
    -Dhiren Desai
    [email protected]

  • Redirect to Portal Login page from portlet

    We have lots of applications on the portal and many of them need the logged in user information to provide the right display context. For example, "My Notes" where notes are stamped with the user's login id. Our portlet applications show exception messages when the user id is unavailable. Pressing a refresh button takes them to the portal login page.
    Does anyone know how to redirect to the portal login page? Here is how I would like it to work: A user has the application up beyond the session timeout period and does something that causes the page to submit. At the application server we look for the logged in user ID which is missing due to session timeout and we send them to the portal login page.
    Thanks! Mike

    Hi James,
    <br />
    <br />I fear this isn´t possible to do with ADDT, as it will - when using its Restrict Access To Page behaviour - always redirect to the page you specified in the Control Panel.
    <br />
    <br />However you can help yourself with a simple custom PHP redirect script
    <i>(place it @ @ line 1 of your document)</i> which checks whether the "kt_login_id" Session Variable is set, and if it´s not set, redirect to a different login page:
    <br />
    <br /><?php<br />if (!isset($_SESSION['kt_login_id'])) {<br />header('Location: http://www.example.com/directory/login.php') ;<br />}<br />?>
    <br />
    <br />Hint: users who login via a different login page will still be redirected to ADDT´s default login page when logging out
    <br />
    <br />Cheers,
    <br />Günter Schenk
    <br />Adobe Community Expert, Dreamweaver

  • Not able to pass portal login page with valid credentials using WebDispatch

    Hi,
    We are implementing SAP BillerDirect Portal. To make BillerDirect Portal available over the internet, we Configured SAP WebDispatcher with SSL termination.  We followed the steps mentioned in SAP Help Documentaion for SAP WebDispatcher with SSL termination.
    http://help.sap.com/saphelp_nw2004s/helpdata/en/76/6d4fa247d0d647b5bd40745400d873/frameset.htm
    We created certificate  and send it to CA (TrustCenter CA). We received the CA response and we imported the certificate.
    AS mentioned in the help document, we configured the SAP Web Dispatcher profile to support SSL termination
    We tried to access our BillerDirect Portal over the internet using below link
    https://company.com/bd
    We are getting login page, once we enter correct user ID and Password, portal is not loading (not going to next page) portal remains on same login page.
    If we enter invalid credentials portal login page is giving u201CUser Authentication Failedu201D error.
    If we try to access any portal login pages which brings a pop-up for login, login gets succeeded and we are able to see next pages
    Examples
    1)     https://company.com/bd/admin/xcm/init.do
    2)     https://company.com/monitoring/SystemInfo
    All pages which bring up portal login page without pop-up, not able to pass through portal login screen.
    We Tried the ProxyMapping option on Dispatcher using Visual admin. This option also didnu2019t work for us.
    Here is the WebDispatcher Profile
    SAPSYSTEMNAME = xxx
    SAPGLOBALHOST = xxxxx
    SAPSYSTEM = 00
    INSTANCE_NAME = W00
    DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386
    DIR_EXECUTABLE = $(DIR_CT_RUN)
    Accesssability of Message Server
    rdisp/mshost = hostnameofportalserver with FQDN
    ms/http_port = 8101
    Configuration for medium scenario
    icm/max_conn = 500
    icm/max_sockets = 1024
    icm/req_queue_len = 500
    icm/min_threads = 10
    icm/max_threads = 50
    mpi/total_size_MB = 80
    SAP Web Dispatcher Ports
    icm/server_port_0 = PROT=HTTPS,PORT=443
    icm/server_port_1 = PROT=HTTP,PORT=80
    icm/HTTPS/verify_client = 0
    SAP Web Dispatcher Web Administration
    icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=D:\usr\sap\xxx\W00\data\icmanroot\admin,AUTHFILE= D:\usr\sap\xxx\SYS\global\security\data\icmauth.txt
    Parameters for the SAP Cryptographic Library
    ssl/ssl_lib = D:\usr\sap\xxxW00\sapcrypto.dll
    ssl/server_pse = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
    ssf/name = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
    ssf/ssfapi_lib =  D:\usr\sap\xxx\W00\sapcrypto.dll
    sec/libsapsecu =  D:\usr\sap\xxx\W00\sapcrypto.dll
    wdisp/ssl_cred = D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
    Parameters for Using SSL to the backend server
    wdisp/ssl_encrypt = 1
    wdisp/ssl_auth = 1
    wdisp/ssl_cred = D:\usr\sap\xxxW00\sec\SAPSSLC.pse
    wdisp/ssl_certhost = hostnameofportalserver with FQDN
    wdisp/ssl_ignore_host_mismatch = true
    #ICM Parameters
    icm/HTTP/j2ee_0 = PREFIX=/, HOST =hostnameofportalserver with FQDN PORT=50000,SPORT=50001, SSLENC=1,TYPE=1, CRED =D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
    We also tried below options in WebDispatcher profile but we are getting same problem.
    wdisp/add_client_protocol_header = true
    wdisp/add_clientprotocol_header = 1
    wdisp/ssl_ignore_host_mismatch = true
    #ICM Parameters
    icm/HTTPS/forward_ccert_as_header = true
    icm/HTTPS/trust_client_with_issuer = *
    icm/HTTPS/trust_client_with_subject = *
    we also tried
    wdisp/ssl_encrypt = 0
    wdisp/ssl_auth = 0
    we also tried
    wdisp/ssl_encrypt = 2
    wdisp/ssl_auth = 2
    We are not able to resolve issue. Please help us on resolving this issue.
    Thanks
    Praveen

    ' in Host Names is not allowed. Our hosname has '_'.
    http://help.sap.com/saphelp_nw70ehp1/helpdata/en/67/be9442572e1231e10000000a1550b0/frameset.htm

  • Publishing a site through UAG without using the Portal login

    Good Day -
     I'd like to ask if there is a way to publish access to an internal site through UAG without users having to use the Portal login - say by providing a link -

    Hello,
    The portal app is mandatory even if you not use it, indeed if you delete this app UAG stop to work as expected.
    In order to publish your internal site without going through the portal, in select application select the following options:
    Type: Web
    Web: Other Web Application (application specific hostname)
    With this you could bind a direct DNS name to your publication without using the portal in order to access to it.
    Regards,
    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) :
    http://security.sakuranohana.fr/

  • Portal theme switcher generates scroll error in RTL

    Portal theme switcher using standard objects generates scroll error in RTL
    Following the Blog for Switching Themes by Topic - A Color Code System for the Portal [https://www.sdn.sap.com/irj/sdn/weblogs?
    blog=/pub/wlg/2053]
    I developed a portal application and placed it in the page framework.
    It works fine using Left To Right (LTR) languages but when using a Right To Left (RTL) languages like Hebrew and Arabic a long scroll appears in the lower part of the portal window and the masthead is moved a bit with no relation to the position of the other sections (iViews) of the screen.
    I know it’s a custom development but it uses a standard SAP API.
    The system version of the portal is NW 7 SP 14

    Hi Yolanda,
    it´s as you already figured out - 0FISCPER is the problem.
    When you want to create new lines, there can not be a dynamic characteristic in the columns. Each column has to be defined with single values.
    Try to create restricted key figures for the periods you need to show.
    regards
    Cornelia

  • Custom portal login application...?

    Hi Experts..
    Can any one tell me how to create a custom login application so that a user can change his portal login password.......
    Pls give me details......

    Hi Sumit,
    please check this blog
    Portal Customizations Intro - Login Part 1
    http://help.sap.com/saphelp_nw04/helpdata/en/23/c0e240beb0702ae10000000a155106/frameset.htm
    Thanks n Regards
    Santosh
    Reward if helpful !!!

  • Portal Login id and Credatinal pass to dot net application

    Hi Experts,
    I want to know is it possible to pass the portal login id and other details like Name and organization to an dotnet application.
    If it is then how can we do it.
    Please do the needfull. Important
    Regards,
    Swapnil

    Hi Sarbjeet,
    I first thought of creating URL Iview and passing the user id and other required details as parameter to that URL Iview.
    Then reading your mail i thought of creating a web dynpro java application and then pass all the required values to the url in the application only but i am confussed how i will call the dot net application.
    If you have a better suggestion please let me know how to do it.
    Regards
    Swapnil

  • ADF Application and Oracle Portal Login Page

    We have developed ADF application and deployed it in Oracle AS 10.1.2 along with the custom JAAS module, which is working fine with the application custom login page. As a next page, I want to use Oracle Portal login page for the authentication and authorization.
    How can I accomplished it? Any idea?
    Thanks,
    AP

    Shay,
    1. I created blank ADF project
    2. I copied myreport.jsp file (this one was generated by Oracle Report Builder) under ..ViewController/public_html directory
    3. Created directory 'lib' under ViewController/public_html/WEB-INF/lib
    4. Copied reports_tld.jar file under the directory created in 3.
    5. Created simple jspx page with the af:link (btw af:goLink does not exists in JDev 12c), set 'destination' to myreport.jsp
    After the steps above I could not even compile the application, many problems too many to list here, Basically JDev is trying to build the project with .jsp file generated in Report Builder and is unable to.
    So to be sure we are on the same page: I am trying to embed JSP report files generated by Report Builder into ADF project, then create EAR file and deploy on standalone WLS. Finally execute JSP web only report.

  • How to access Sap portal login user in ejb web service

    Hi,
    I wnt to access SAP Portal login user in my ejb application which resides on the same server.
    I am using following code
    try {
         IUser user =null;                         IWDClientUser wdUser = WDClientUser.getCurrentUser();
                                  user = wdUser.getSAPUser();
                             } catch (WDUMException e) {
                                  // TODO Auto-generated catch block
                                  e.printStackTrace();
    Some additional jar files are required for this?
    The same code works fine with webDynpro but not with ejb.
    Thanks in advance     
    Best regards,
    Nilesh

    Thanks for reply.
    I have already added com.sap.security.api in my EJB module project classpath. How to add the same in EJB application Project (application-j2ee-engine.xml)?
    Best regards,
    Nilesh

  • Dynamic Text in SAP portal login page

    Hi All,
    I want to display some text information in the SAP Portal login page.Is it possible to display dynamic text in the login page?
    Can anybody help in this?
    Regards,
    V Karthi

    Check the following links as well.
    [Customizing Portal Login Page;
    [Portal Login Page Customization;
    Check all 3 weblogs.
    Regards
    Puneet

  • Portal Login Broke after Db Upgrade to 9.0.1.3

    Hi -- My portal web page login doesn't work after upgrading my portal database version from 8.1.7.1 to 9.0.1.3. All the scripts I ran (Note 159657.1 and Chap. 7 of 9i Database Migration Manual) ran ok. I also applied whatever patches/fixes required to get Oracle 9iAS 1.0.2.2.2 working with database version 9 per the certification matrix pages. I am still using Oracle 9iAS 1.0.2.2.2 on the middle tier and have only upgraded the database version. Also, I am not using LDAP for authentication.
    After the database upgrade, the portal web login page comes up fine, but after I execute a login attempt I get a "Page Not Found" in my browser. This error shows up in apache's error_log:
    [Mon Oct 7 03:54:41 2002] [error] mod_plsql: /pls/ssodad/portal30_sso.wwsso_app_admin.ls_login ORA-1403
    ORA-01403: no data found
    ORA-06512: at "PORTAL30_SSO.WWSSO_APP_ADMIN", line 391
    ORA-06512: at "PORTAL30_SSO.WWSSO_APP_ADMIN", line 669
    ORA-06510: PL/SQL: unhandled user-defined exception
    ORA-06512: at "PORTAL30_SSO.WWSSO_LS_PRIVATE", line 358
    ORA-06510: PL/SQL: unhandled user-defined exception
    ORA-06512: at line 8
    [Mon Oct 7 03:56:07 2002] [warn] mod_plsql: Stale Connection due to Oracle error 1400
    [Mon Oct 7 03:56:07 2002] [error] mod_plsql: /pls/ssodad/portal30_sso.wwsso_home.home ORA-1400
    ORA-01400: cannot insert NULL into ("PORTAL30_SSO"."WWCTX_SSO_SESSION$"."SUBSCRIBER_ID")
    ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 2215
    ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 1053
    ORA-06510: PL/SQL: unhandled user-defined exception
    ORA-06512: at "PORTAL30_SSO.WWCTX_SSO", line 1261
    ORA-06512: at "PORTAL30_SSO.WWCTX_API", line 179
    ORA-06512: at "PORTAL30_SSO.WWSEC_APP_PRIV", line 529
    ORA-06512: at "PORTAL30_SSO.WWSSO_HOME", line 322
    ORA-06512: at line 8
    Everything worked fine prior to the upgrade. There are no invalid objects causing this and I can log into the portal database fine through a sqlplus session. Does anyone know why portal login is broke after database upgrade? Has anyone upgraded their portal database versions in place with this issue afterwards?
    Thanks for any help anyone can offer...!
    Kate

    Hi Benjamin,
    Thanks for your reply. I already had a working 9iAS Release 1 with a 8.1.7.1.0 database. All I did was upgrade the database from 8i to 9i on the database server. I also applied the jdbc patch on the 9iAS app server so a connection with the 9i database could be established. As far as I know, there's no portal configuration assistant step here because I already had a complete fully-functioning portal install before the database upgrade to 9i. Is there something I'm missing about your suggestion?
    Thanks.

  • SAP HR ID has SAP Login ID / Portal Login ID

    Hi ,
    We are thinking of using the SAP HR ID has the SAP Login ID and the Portal Login ID, ... Did anyone had the same approach ? Any feedback will be welcome .
    If my HR ID is 1234567 , my user ID will be 1234567 .
    Or, (I'm a HR guy), what is SAP recommended approach and User ID ( How to generated the SAP User ID ) .
    Regard's

    Hi,
    While creating the logon id instead of creating the user id via tcode su01 try creating it via tcode HRUSER.
    Select the HR ids for which u want to create users and create the users. U can define the initial password there and even assign roles there too.
    Other wise if u want to assign different roles to different users then only create the users via tcode HRUSER and assign the roles via SU01.
    If users are created via tcode HRUSER the user name will be P<hr id> ie like P99003114.
    First name and last name will be picked form hr
    master data automatically.
    Hope this will solve your purpose.
    Pl dont forget to award points if resolved
    Regards

  • Portal Login ID in ABAP

    Hi,
    consider a scenario.
    I am login into Enterprise portal using - admin_it.
    I want to know by which user has login into portal.
    By which method or function can i read this login id into abap.
    Regards,
    Priya

    Hi,
    I am getting the SAP login name not portal login name.
    Consider,
    Portal Login : priya
    ABAP Login : amitd (In connection string written username = amitd and password, IP,Client etc in J2EE).
    I want priya not amitd.
    Regards,

Maybe you are looking for

  • Lenovo G550 Windows 7 Professional Upgrade

    This Notice refers to 2958-A5U and 2958-A4U models of the Lenovo G550 notebook PC’s only. The 2958-A5U and 2958-A4U G550 systems ship preloaded with Windows XP Professional, and include a Windows 7 Professional upgrade disk.   Issue: When upgrading f

  • Set Firefox to open a new tab without selecting it from the context menu by two-finger tapping in Lion

    In Snow Leopard, I had somehow set the two finger tap to open a new tab either from a link on a page or from my bookmarks bar, without having to select "Open a new tab" from the context menu. I recently upgraded to Lion and I can't remember how I set

  • Deltas in changing Classic scenarios to Extended Classic Scenario

    Hi All,    Currently my client has Classic scenario partially implemented and work in progress. Now a idea of changing to ECS is proposed because in the first place Classic/ECS for Pre-Encumberance is not  standard SAP 5.0 unless applying OSS which i

  • Launch a PDF

    I need my CD-based Flash presentation to launch PDF files. I have a link to launch the file, but for some reason it always defaults to the browser rather than the stand-alone Adobe Reader. How can I change this? From another user I now know I can get

  • /usr/local/bin

    Hello everyone, Whenever i am installing any s/w from source by compiling,its executable is getting stored in /usr/local/bin.Now im unable to use the s/w by just typing its executable name in the terminal,its giving me an error as "command not found"