Reverse Proxy and SLD on an Enterprise Portal 7.0

Similar Messages

• Apache reverse proxy and SSL termination

  Hi Guru's
      Can anyone tell me, how to do SSL termination at apache reverse proxy. I am using apache reverse proxy for accesing portal from internet. Apache is configured for SSL and portal is NON SSL.
  I am using header variable login module in portal. i wanted to terminate SSL at apache reverse proxy and then all traffic after that should be clear text.
  should i maitain any property. is there any documentation for it.
  Please help me
  Tom

  The majority of the work here is around configuring your Web Dispatcher and Apache Reverse proxy. The work on the portal is straight forward enabling of SSL.
  You can follow http://help.sap.com/saphelp_nw2004s/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm for setting this up.
  what level I need to configure SSL and how do I proceed in both scenarios?
  Your question itself says where you need SSL. SSL is required where ever you need HTTPS communication.
  how do I proceed in both scenarios?
  From a portal perspective, the configuration should remain the same.
  Do I have to install SSL at portal, web dispatcher or at Apache level?
  SSL needs to be configured at all the 3 levels if you are looking at end to end SSL implementation.
  See the following for possible SSL implementation options:
  http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
  https://cw.sdn.sap.com/cw/docs/DOC-115509
  Will SSL termination work for scenario 2?
  Yes this should work - see http://help.sap.com/saphelp_nw2004s/helpdata/en/36/fd39eacf4cde4a8fe32d7f29b3db16/frameset.htm
  However in case of SSL Termination, the request to your portal from the web dispatcher will be sent as HTTP.
  I would recommend you to take a step by step (backward approach).
  First, enable SSL on your portal and make sure it works - going directly to the server.
  Then, you can introduce the Web Dispatcher - and test if every thing works going through the web dispatcher.
  Finally - you can test the end to end flow - with your Reverse proxy involved.
  - Shanti

• Web Dispatcher - Reverse Proxy and Load Balancing

  I'm finding limited docs on Web Dispatcher with regard to reverse proxy and load balancing.  Are you aware of some recent presentations or docs in this area?  The info on help.sap.com is not what I'm looking for.
  Thanks.

  Hi,
  best thing is that you look at your scenarios and test the web dispatcher against each of it, like:
  - SSL
  - Portal only
  - Web Dynpro ABAP / Java
  - BSP
  - Different backend systems like SRM, MDM
  - Several backends with 1 Web Dispatcher
  After getting a list of use cases that you can test quite easily (installation of Web Dispatcher is done fast and can be done on a local PC), you can contact SAP Support and ask them about the specific problems and questions you encountered. This way, you'll get the official answer, sometimes they will even inform you about "secret" parameters and options.
  As of the reverse proxy functionality: there are several version of Web Dispatcher available that differ from the functionality offered. The latest version - 7.2 - is the one that offers the most, i.e. allows you to create rewrite rules like Apache.
  SAP Note 908097 - SAP Web Dispatcher: Released releases and applying patches
  br,
  Tobias

• Reverse Proxy and SAP NetWeaver 2004S

  Dear Gurus,
  I'd like to post a simple question.
  I know that we can put a Reverse Proxy in front of SAP WebAS.
  It can be Apache, SAP Web Dispatcher, etc.
  I know we can proxypass like this:
  http://reverse-proxy.abc.com/irj  -->  http://portal.abc.com/irj
  However, is there a way so that we can proxypass like this (both AS-ABAP and AS-JAVA):
  http://reverse-proxy.abc.com/xyz/irj  -->  http://portal.abc.com/irj
  So far I've not succeeded in doing so, because the response I've got from SAP is always in the form of /irj/..... and not /xyz/irj/....
  Is there any configuration in SAP to insert /xyz in front of /irj?
  Many thanks in advance.

  Hi Martin,
  we do not have the answer yet, either.
  I've read somewhere else, that it may be possible to do the proxy mapping, but we still can't change the root URI.
  I believe this is what SAP calls reverse-proxy filter.
  Example:
  http://www.abc.com/irj/entry  -->  http://portal.abc.com:50000/irj/portal
  So it's not really what we need.
  I hope a guru from SAP will read this post and give an answer to us.
  At the moment, we decide to dedicate another hostname for our portal.
  regards,
  Denny

• SSO Reverse Proxy and UWL error

  We have installed a portal on NW 7.01, which uses a custom SSO application and reverse proxy.  We are using the portal for an MSS application, using some standard functionality such as the MSS team viewer and the Universal Worklist.  Everything is working fine when I log in directly to the portal without the SSO application, connection to R3 (ECC 6.0) with the Team Viewer and the Universal Worklist.  When I use the Single Sign-On, I get in to the portal fine, the connection is good on our iViews including the MSS Team Viewer, but I get an error with the Universal Worklist.  I am first prompted if I want to display nonsecure items, if I click yes I get an error inside the UWL iView:
  Network Access Message: The page cannot be displayed
  Error Code: 502 Proxy Error. The host was not found.(11001)
  What settings do I need to change with UWL using SSO and reverse proxy - any ideas?
  Thanks,
  Jeff Mathieson

  We have installed a portal on NW 7.01, which uses a custom SSO application and reverse proxy.  We are using the portal for an MSS application, using some standard functionality such as the MSS team viewer and the Universal Worklist.  Everything is working fine when I log in directly to the portal without the SSO application, connection to R3 (ECC 6.0) with the Team Viewer and the Universal Worklist.  When I use the Single Sign-On, I get in to the portal fine, the connection is good on our iViews including the MSS Team Viewer, but I get an error with the Universal Worklist.  I am first prompted if I want to display nonsecure items, if I click yes I get an error inside the UWL iView:
  Network Access Message: The page cannot be displayed
  Error Code: 502 Proxy Error. The host was not found.(11001)
  What settings do I need to change with UWL using SSO and reverse proxy - any ideas?
  Thanks,
  Jeff Mathieson

• Webinar: Change Management and Transport in the Enterprise Portal

  <b>SAP NetWeaver Know-How Network Webinar: 
  Change Management and Transport in the Enterprise Portal
  Wednesday 21 July 2004
  11 a.m. EDT</b>
  On Wednesday 21 July, Scott Jones hosts the webinar titled <b>Change Management and Transport in the Enterprise Portal</b> as part of the ongoing SAP NetWeaver Know-How Network Webinar Series.
  Here’s how Scott describes his webinar presentation:
  “Change Management offers special challenges to administrators working in Enterprise Portal 6.0 SP2 environments.  This talk provides recommendations and tools, and defines best practices and methods for the effective transport of Enterprise Portal content, with special attention to content dependencies, tracking, and troubleshooting.   We'll also look forward to Change Management enhancements coming with Netweaver 04.”
  SDN invites you to post your questions to the presenter prior to the webinar and continue the online discussion afterward.
  <b>How to Participate</b>
  (Please go to the SDN Events page to see the article and download the PDF presentation)
  Dial-in Information:
  Date: Wednesday 21 July 2004
  Time: 11 a.m. EDT
  Within the U.S., call: +1.888.428.4473
  Outside the U.S., call: +1.651.291.0618
  Password: NetWeaver04
  WebEx Information:
  Topic: SAP NetWeaver Know-How Network
  Date: Wednesday 21 July 2004
  Time: 11 a.m. EDT
  Meeting Number: 742391500
  Meeting Password: netweaver04 (lowercase)
  WebEx Link: sap.webex.com
  Replay Information:
  A recorded replay of this call will be available for approximately three months after the webinar. Access this recording by dialing the appropriate number and using the replay access code TBD.
  Toll-free: +1.800.475.6701
  International: +1.320.365.3844
  <b>About the SAP NetWeaver Know-How Webinar Series</b>
  The SAP NetWeaver Know-How Webinar Series is driven by the SAP NetWeaver Regional Implementation Group (RIG), part of the SAP Development organization. The mission of the SAP NetWeaver RIG is to enable customers, employees, and partners to successfully implement the SAP NetWeaver solution. This SAP RIG has expertise in BI, EP, XI, and WebAS. They contribute their implementation expertise to the SDN implementation forums as well as to the SAP NetWeaver Know-How Webinar Series.
  <b>Disclaimer</b>
  SDN is not responsible for any changes to the webinar schedule. The webinar schedule may be changed or cancelled without prior notice.

  Hello,
  In the intresting document I read that for the deployement the version number mentionned in the MANIFEST.MF is very important in a clustered evironment.
  SAPnote 727180 - Version of PAR File in Manifest File
  denies this.
  Can you clear this out?
  Kind Regards
  Koen Van Loocke

• Sun Web Server Reverse Proxy and Weblogic HTTP to HTTPS redirection

  Hi,
  I am currently testing reverse-proxy from SJSW 7.0 update 5 to Weblogic server but I have encountered an issue.
  I have configured a context root to be forwarded to weblogic:
  Web Server: www.server.com
  URI: /path
  Reverse Proxy URL: wlserver:9000
  When I access https://www.server.com/path, I am getting the correct page. The issue is, the weblogic server is configured to redirect HTTP access to HTTPS, i.e., when I access http://www.server.com/path, it should be redirected to https://www.server.com/path. However, that is not the case. What happens is that I am being redirected instead to https://www.server.com/.
  If I don't use reverse proxy, that is, if I use the libproxy.so from weblogic, I get the correct redirection.
  Would appreciate it very much if someone can help me troubleshoot this issue.
  Thanks in advance!
  Edited by: agent_orange on Jul 29, 2010 2:30 AM
  Edited by: agent_orange on Jul 29, 2010 2:31 AM

  I am not sure, how you have configured your reverse proxy since you didn't attach / refer your current configuration file. this is how I would do it..
  - create a new configuration (using web server 7 admin gui , within configuration wizard, disable java option if you plan to use web server 7 only for reverse proxy)
  - select this new configuration and go to reverse proxy and try to reverse proxy / to the origin server.
  that is all it should need.
  your obj.conf or <hostname>-obj.conf depending on your configuration should look like following snippet
  <Object name="default">
  AuthTrans..
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </object>
  <Object name="reverse-proxy-/">
  Route fn=....
  Service ..
  </Object>
  this is all you should need..
  However, if you wanted to add complexity to your configuration, you could do some thing like
  <Object name="default">
  Auth..
  <If defined $security>
  NameTrans fn=map from="/" to="/path" name="reverse-proxy-/"
  </If>
  </Object>
  <Object name="reverse-proxy-/">
  Route...
  </Object>

• Reverse Proxy and Load Balancer for SMP 2.3 and Agentry Application

  Hi Expert,
  I'm putting in place a mobile solution composed by SMP 2.3 SPS 4 and SAP ECC 6.0. In the SMP 2.3 I created the agentry server and I have deployed my agentry application.
  My SMP/Agentry infrastructure is composed by two servers therefore I need a load balancer for balance the load into the several servers. Furthermore I need to use a reverse proxy in my DMZ zone.
  Based on what indicated in the SAP note "1904213 - SAP Mobile Platform Server Release Information" the Apache Reverse Proxy is not supported for Agentry clients. Agentry uses nginx for Reverse Proxy.
  I also found the following document How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x that explain how to set-up a reverse proxy and load balancer with nginx and apache.
  Both the SAP note and the HOW to document are refereed to SMP 3.0 and not to SMP 2.3.
  I would know if the NGINX must be used also for SMP 2.3.
  Any suggestion/information is appreciated.
  Thanks in advance
  g.

  Please see Agentry Network Landscapes

• Need in depth knowledge about Certficate request and install for Reverse proxy and CAS role

  Hi,
  I have few confusions about Exchange 2010/13 certificate request and install. As per my understanding best practise is to assign public CA certificate to Reverse proxy and Local CA certificate to CAS servers but need to know that what should be the format
  of certificate request? Do we need to order public certificate just for mail.domain.com and add SAN for other web services URLs and is it required to add CAS array and server names to this certificate ? In what case we will add server names and what will happen
  if we don't add in it ? How the outlook clients connecting from internet will be using this certificate? I have very limited knowledge in certificates and it always pisses me off. Please help me with explanations and articles. I tried to google and gone through
  many articles but didn't get a fair idea. Thanks in advacnce. :) 

  Hi,
  Here are my answers you can refer to:
  1. Use the New-ExchangeCertificate cmdlet to generate a new certificate request:
  New-Exchangecertificate -domainname mail.domain.com, autodiscover.domain.com -generaterequest:$true -keysize 1024 -path "c:\Certificates\xxxx.req” -privatekeyexportable:$true –subjectname "c=US o=domain.com, CN=server.domain.com"
  2. CAS array name doesn’t need to be added in the certificate:
  http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
  3. It depends on the situation that you configured to add the server name.
  4. Outlook clients use certificate for authentication.
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Reverse proxy and iWS 6.1 SP2?

  Hey all,
  i have 2 questions.
  Can i use reverse proxy (and pass proxy) with iWS 6.1 SP2?
  How must i configure the webserver to use this?
  I need the following thing:
  Client called https://server111.de/XXXXTruePassApp/ ---> Proxy get Data from https://server222.de/XXXXTruePassAppProxy/
  Under Apache looks like that with mod_proxy:
  ProxyPass /eCaSSTruePassApp/ https://server222.de/XXXXTruePassAppProxy/
  ProxyPassReverse /eCaSSTruePassApp/ https://server222.de/XXXXTruePassAppProxy/
  Thanks for help.
  Greets Chmeee-de

  Chmeee-de, I really don't think you should be using Sun ONE Web Server 6.1SP2. That version has known security vulnerabilities. Please consider applying the latest service pack, 6.1SP7.
  Have you downloaded the Reverse Proxy Plugin? Have you tried reading the Reverse Proxy Plugin release notes? The release notes for Reverse Proxy Plugin 6.1SP7 are at http://docs.sun.com/app/docs/doc/820-0262/6nc0vpnc2?a=view.
  Once you have the plugin installed and have edited the magnus.conf configuration file according to the release notes, you can add the following line immediately below the <Object name="default"> line in the obj.conf configuration file:NameTrans fn="assign-name" from="/XXXXTruePassApp/*" name="XXXXTruePassApp"This line indicates that requests for /XXXXTruePassApp/* should be serviced by an object named XXXXTruePassApp.
  You can then create an object named XXXXTruePassApp by adding the following to the bottom of the obj.conf configuration file:<Object name="XXXXTruePassApp">
  Service fn="service-passthrough" servers="https://server222.de"
  </Object>

• Arrowpoint Cookies, Reverse Proxy and Multiplexed Client Requests

  Hi,
  I have a reverse proxy which is performing SSL offload and making backend connections to two web servers. Between the reverse proxy and the two webservers, a CSS is in place to load balance between the web servers. There is a requirement for session stickiness on the web servers and since client IP details are lost through the reverse proxy I have used the arrowpoint-cookie method to load balance connections.
  However, the reverse proxy seems to make only a handful of connections to the servers compared to the number incoming client connections and we have noticed that stickiness is broken. Now, I would assume this is correct if arrowpoint-cookie makes a load balancing based on the first HTTP get in a tcp stream and not on a per transaction basis AND our reverse proxy is multiplexing client requests. However, I can not convince myself of how the arrowpoint-cookie method actually works.
  I wondered if anyone had any insight on this or had experienced similar issues with arrowpoint cookies?

  Hi Gilles,
  I have implemented this today, and we are still seeing issues with requests hitting the wrong server.
  A bit more info, the reverse proxy is an AXG Web Aopplication Firewall. I have been looking at this and am considering disabling connection re-use on here.
  However I am also wondering if this might be to do with the flow timeout multiplier I am using which is 5 (80 seconds). Perhaps this is too low?
  Thanks, David.

• Simple Two Server Reverse Proxy and Portal Config?

  Hi, I would like to create a very simple two box configuration to access Oracle Portal from the internet.
  Web Cache would run as a reverse proxy for login.mycompany.com and portal.mycompany.com with two IP addresses in the DMZ.
  The second server would run the Portal Mid tier, the Infrastructure tier and the oracle database.
  Is this configuration possible? The enterprise deployment guide uses 6 servers to do this. Can this be done with 2?

  in the Enterprise Deployment Guide in section 9.2.3.4 Updating the httpd.conf file:
  NameVirtualHost idmhost1.mycompany.com:7777
  <VirtualHost idmhost1.mycompany.com:7777>
  ServerName login.mycompany.com
  Port 443
  RewriteEngine On
  RewriteOptions inherit
  SimulateHttps On
  </VirtualHost>
  In Section 9.2.6.1 ensuring Validity of Self-Referential URLs Rendered on OracleAS Portal Pages is updates the portal's http fil
  <VirtualHost apphost1.mycompany.com:7778>
  ServerName apphost1.mycompany.com
  Port 7777
  RewriteEngine On
  RewriteOptions inherit
  </VirtualHost>
  I don't understand how all the ports map to different services when the infrastructure and portal tier are installed on the same server. But is the port 7777 in confllict? Is the Guide in section 9.2.6.1 using Port 7777 to connect to the web cache listening port?

• Ask the Experts: Single Sign-On with Cisco WebEx Meetings Server, Internet Reverse Proxy, and Enterprise License Manager Solutions

  With Arun Kumar
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single Sign-On (SSO) with Cisco WebEx Meetings Server (Cisco WMS), Internet Reverse Proxy (IRP), and Enterprise License Manager (ELM) solutions.
  SSO standards such as Security Assertion Markup Language (SAML) 2.0 provide secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. SSO enables simplified user authentication and management.
  IRP provides public access, enabling users to host or attend meetings from the Internet and mobile devices. Although IRP is optional, Cisco encourages its use because it provides a better user experience for your mobile workforce.
  Example question topics include:
  SSO profiles and SAML 2.0 Identity providers (IdPs) supported in Cisco WMS
  Basic configuration of IdPs
  Interaction between IdPs and Cisco WMS
  Difference between the cloud client implementation and Cisco WMS
  Meeting access behavior in a split-horizon network topology with SSO
  How to enable public access to Cisco WMS
  Cisco WMS ELM operations
  Cisco WMS ELM compared to other unified communications ELM or standalone ELM and compatibility/inoperability between them
  Arun Kumar is a team lead in the San Jose Conferencing Technical Assistance Center. He has over eight years of experience in conferencing technology and specializes in Cisco Unified Meeting Place Express and Cisco WebEx Meeting Server. He joined Cisco in 2010 as an escalation engineer for the Cisco Telepresence group. Before joining Cisco he worked for the UK's third-largest internet service provider Supanet on VoIP technology and the *Nix domain. Kumar holds a master of science degree in computer science from Sikkim Manipal University in India, and he holds CCIE (Voice) and VMware Certified Professional certifications.
  Remember to use the rating system to let Arun know if you have received an adequate response.
  Arun might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice, and Video community Other Subjects subcommunity shortly after the event. This event lasts through Monday May 17, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Mobile Service,
  CWMS and Jabber integrations:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_01.html#JABW_TK_SF2ED5E1_00
  In above link start from section: Set Up Cisco WebEx Meetings Server on Cisco Unified Presence
  then move to section: Add Cisco WebEx Meetings Server to a Profile
  Once done, move to section: Specify Conferencing Credentials in the Client side. You will see above server already listed there, just go ahead and enter your username and password (pleae make sure this user already exists on your CWMS) and accept any certificate/s if presented. Jabber Integration is done and you can start testing the same.
  Attached CWMS - AFDS integration doc.
  Please let me know if any furhter question.
  Thanks, Arun

• No technical system in sld configuration in Enterprise portals

  Dear All,
  while configuring sld in Enterprise portal , iam getting web as java and and iam not getting web as Abap technical system, where im doing wrong, i have passed parameters in Data Supplier Bridge, but not getting Abap technical system in sld, please help in this regard,
  thanks & Regards,
  Balakrishna.

  i am trying to setup sld for newly installed sap system in my lab
  http://help.sap.com/saphelp_nw04/helpdata/en/23/b557422d095542e10000000a1550b0/content.htm
  i think my system is scenario-2 .
  as i have ep sneak preview system installed on my single stem with good configuration .
  it was running good for enterprise portal.
  and i have r/3 system in the network .
  i like to setup sld. so as to make connection between ep and r/3
  in the above link it says.
  first step go and run where sap netweaver administration system
  1. i did that on the ep system
  2. choose service ->sld services->http service (i did that)
  3.but when ??? it comes to host and port of the (     Enter the Host and the HTTP port of the system to which your system will report the data..)
  i am not sure about the host and port where do i need to look for that
  and even what host name and port number i am supposed to get at the R/3 system end .
  it would of great help if some one can throw some light r help me to walk through that
  https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/2167- [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken]
  i hope even this link helps as i followed all these steps
  but in that i am unable to see the R/3 system in web as abap( R/3 system is up and running good
  thanking you prattipati

• IIS Reverse Proxy and Basic Authentication

  Hi,
  we've currently put a WebAS 6.40 serving a BSP Application in our Appl-DMZ. For the access via Web the IIS Reverse Proxy is used, which works fine as long as you use a service for which a user is provided (in SICF). But if you don't provide a user in the service (in order to debug the BSP Application) you have to authenticate yourself using Basic Authentication (Browser Popup) which does not work (the popup returns and returns ...)
  I' ve browsed the forums and it seems that the IIS Reverse Proxy does not support (the forwarding) of Basic Authentication "requests".
  So my question, does someone exactly know if the IIS Reverse proxy supports Basic Authentication or not ?
  Thanks,
  Markus

  Hello Markus,
  1. have you checked out Alon Weinstein's Weblog <a href="/people/sap.user72/blog/2005/02/23/the-reverse-proxy-series--part-2-iis-as-a-reverse-proxy">The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</a>?
  2. Is the IIS a must? Can you give Apache or SAP Web Dispatcher a try. Prakash Singh wrote a Weblog <a href="/people/prakash.singh4/blog/2005/08/16/how-to-setup-webdispatcher-to-load-balance-portal-in-a-clustered-environment">How to setup webdispatcher to load balance portal in a clustered environment</a>.
  Regards
  Gregor