SAP Web AS - SAP Webdispatcher - RSA
Hello,
I am new to this forum. So please let me know if my question is off topic and give me a hint where to post the question.
I like to setup RSA authentication together with SAP Web AS and SAP Webdispatcher. Idea: The User is connecting via http or https to the SAP Webdispatcher. Before dispatched to the SAP Web AS the user has to perform an authentication by RSA token. I know that there are solutions available for e.g. IIS or Apache, but I don´t know if it possible with SAP Web AS and SAP Webdispatcher.
Any help is appreciated.
Best regards,
Marcus
Hi Marcus
I've moved your question to the Netweaver Security forum.
Regards,
Désiré
Similar Messages
-
HTTPs connection from SAP WebAS
Hello,
I have to establish a connection from SAP WebAS to an iSaSiLk server via HTTPS.
The iSaSiLk authentication is based on client certificates.
I've created a SSL client PSE, generated the Certificate Request, imported the certificate response and the chain of certificates associated with no errors. When testing the connection we're getting the following error message:
SAP icm log:
[Thr 1087400256] ->> SapSSLSessionInit(&sssl_hdl=0x2aaaba679980, role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT))
[Thr 1087400256] <<- SapSSLSessionInit()==SAP_O_K
[Thr 1087400256] in: args = "role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT)"
[Thr 1087400256] out: sssl_hdl = 0x1a3310c0
[Thr 1087400256] ->> SapSSLSetNiHdl(sssl_hdl=0x1a3310c0, ni_hdl=22)
[Thr 1087400256] NiIBlockMode: set blockmode for hdl 22 TRUE
[Thr 1087400256] <<- SapSSLSetNiHdl(sssl_hdl=0x1a3310c0, ni_hdl=22)==SAP_O_K
[Thr 1087400256] ->> SapSSLSetSessionCredential(sssl_hdl=0x1a3310c0, &cred_name=0x1a49e4e0)
[Thr 1087400256] SapISSLComposeFilename(): Filename = "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] <<- SapSSLSetSessionCredential(sssl_hdl=0x1a3310c0)==SAP_O_K
[Thr 1087400256] in: cred_name = "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] ->> SapSSLSetTargetHostname(sssl_hdl=0x1a3310c0, &hostname=0x1a4a09e0)
[Thr 1087400256] <<- SapSSLSetTargetHostname(sssl_hdl=0x1a3310c0)==SAP_O_K
[Thr 1087400256] in: hostname = "<remoteServer_to_be_accessed>"
[Thr 1087400256] ->> SapSSLSessionStart(sssl_hdl=0x1a3310c0)
[Thr 1087400256] SapISSLUseSessionCache(): Creating NEW session (0 cached)
[Thr 1087400256] Tue Jan 13 10:10:22 2009
*[Thr 1087400256] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL*
[Thr 1087400256] session uses PSE file "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 536871693 (0x2000030d) = "none of the PSEs registered with hSsl can suffice the negotiated SSL cipher suite"
[Thr 1087400256] >> Begin of Secude-SSL Errorstack >>
[Thr 1087400256] ERROR in ssl3_get_certificate_request: (536871693/0x2000030d) none of the PSEs registered with hSsl can suffice
[Thr 1087400256] << End of Secude-SSL Errorstack
[Thr 1087400256] SSL_get_state() returned 0x00002150 "SSLv3 read server certificate request A"
[Thr 1087400256] No certificate request received from Server
[Thr 1087400256] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x1a3310c0)==SSSLERR_SSL_CONNECT
[Thr 1087400256] ->> SapSSLErrorName(rc=-57)
[Thr 1087400256] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT
[Thr 1087400256] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt
On the iSaSiLk server we're getting:
ssl_debug(2): Starting handshake (iSaSiLk 3.06)...
ssl_debug(2): Received v3 client_hello handshake message.
ssl_debug(2): Client requested SSL version 3.0, selecting version 3.0.
ssl_debug(2): Creating new session 11:5F:04:C9:0D:32:15:B9...
ssl_debug(2): CipherSuites supported by the client:
ssl_debug(2): SSL_RSA_WITH_RC4_128_SHA
ssl_debug(2): SSL_RSA_WITH_RC4_128_MD5
ssl_debug(2): SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): SSL_RSA_WITH_DES_CBC_SHA
ssl_debug(2): SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
ssl_debug(2): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
ssl_debug(2): SSL_RSA_EXPORT_WITH_RC4_40_MD5
ssl_debug(2): CompressionMethods supported by the client:
ssl_debug(2): NULL
ssl_debug(2): Sending server_hello handshake message.
ssl_debug(2): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_SHA
ssl_debug(2): Selecting CompressionMethod: NULL
ssl_debug(2): Sending certificate handshake message with server certificate...
ssl_debug(2): Sending certificate_request handshake message...
ssl_debug(2): Sending server_hello_done handshake message...
ssl_debug(2): IOException while handshaking: Connection closed by remote host.
ssl_debug(2): Sending alert: Alert Fatal: handshake failure
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): Closing transport...
From the iSaSiLk everything seems to be OK, but on the SAP WebAS the error "none of the PSEs registered with hSsl can suffice the negotiated SSL cipher suite" is really unclear, since the cipher chosen by the iSaSiLk is one of the ciphers sent by SAP WebAS...
Can anyone give me any suggestion?Hello Olivier,
Thanks for your answer.
I've implemented note 800240 which facilitates the PSE analysis by implementing the report ZSSF_TEST_PSE. With this report I'm able to check all the PSE content, which are:
Filename SAPSSLSPHTID.pse
PIN <no>
Signature X
Encryption X
Profile Parameter
DIR_INSTANCE /usr/sap/XID/DVEBMGS00 /usr/sap/XID/D00
sec/dsakeylengthdefault 1024
sec/libsapsecu /usr/sap/XID/SYS/exe/run/libsapcrypto.so
sec/rsakeylengthdefault 1024
ssf/name SAPSECULIB
ssf/ssf_md_alg SHA1
ssf/ssf_symencr_alg DES-CBC
ssf/ssfapi_lib /usr/sap/XID/SYS/exe/run/libsapcrypto.so
ssf2/name
ssf2/ssf_md_alg SHA1
ssf2/ssf_symencr_alg DES-CBC
ssf2/ssfapi_lib
ssf3/name
ssf3/ssf_md_alg SHA1
ssf3/ssf_symencr_alg DES-CBC
ssf3/ssfapi_lib
Environment variables
USER xidadm
SECUDIR /usr/sap/XID/DVEBMGS00/sec
PSE
Validity 18.12.2008 19:47:04 18.12.2009 19:47:04
Algorithm RSA (OID 1.2.840.113549.1.1.1)
Test signature
Signature OK
Verification OK
Test encryption
Encryption OK
Decryption OK
As you can see, the cipher algorithm used is RSA. Any suggestion... ?
An iSaSiLk server "is a Java programming language implementation of the SSLv2 (client-side), SSLv3, TLS 1.0 and TLS 1.1 protocols. It supports all defined cipher suites (except for Fortezza), including all AES and PSK cipher suites. iSaSiLk implements all standard TLS extensions, comes with an easy to use API and operates on top of the IAIK-JCE Javau2122 Cryptography Extension. iSaSiLk is highly configurable and will work with any alternative JCE implementation supported by a proper provider for supplying the required cryptographic algorithms".
Once again thanks for your answer. -
Reverse Proxy - Apache vs SAP Web Dispatcher
Hi,
my config consists in a portal (EP7.0 - DB/CI + AS) and an ECC system (ECC 6.0 - DB/CI + AS).
Web developments are based on Abap Web Dynpro and are also located on ECC.
To ensure load balancing there are 2 web dispatchers : one on EP DB/CI, one on ECC DB/CI.
Those 2 systems are located in intranet. Intranet access are realized via http.
Moreover I need to open this solution to internet. I need a component to filter access in DMZ and ensure reverse proxy + https functions.
Technical target chain links are depicted below.
internet access : browser (https) -
> (https) reverse proxy in DMZ (http) -
> IS (Portal/ECC)
intranet access : browser (http) -
> IS (portal/ECC)
At the moment two application gateway solutions have been identified :
Apache (MOD_PROXY + MOD_HTTPS) - My configuration is based on Linux
SAP Web Dispatcher ("cascading" implementation as described in OSS note 740234)
I'm looking for PROs and CONs of those 2 solutions and I'm also seeking for the impact of ensuring https encryption/decryption at the application gateway level ("a priori" this usage is not transparent in term of server sizing - CPU/memory, do I require to implement an SSL accelerator ?).
Regards.
Frederic.Hi,
PRO Webdispatcher:
- Supports SAP Java + ABAP
- Loadbalancing of SAP applications (stateful)
- Supports load balancing (saplb_* cookie)
- Free of costs
- easy to set up (up & running in 2 minutes)
- Supports HA solutions out-of-the-box (process HA)
- Filter + Rules to modify the requests
CONS Webdispatcher
- not a full reverse proxy
- Limited functionality
- one more server/solution (normaly, a company already does have a reverse proxy solution in place)
- limited user base (only SAP customers)
PRO Apache
- free
- widly in use
- full reverse proxy
- allows more complex filtering / rewriting
- can be used for more web solutions, reuse of existing apache reverse proxy
CONS Apache
- does not support SAP load balancing (connection to the message server port for load distribution)
- can be more complex to set up
- SAP specific technology / problems are more harder to fix (ABAP, Stateful connections, sap_lb*)
Short: both will server well as a reverse proxy.
Rule of thumb: If you go for Apache or Web Dispatcher should mainly depend on you current IT landscape. If you already do have an apache in use, use Apache. You already have the people / knowledge, try to foster it .
If you start from scratch and have SAP Logon Groups or many WebDynpro ABAP applications, go for the Web Dispatcher.
br,
Tobias -
SAP WEB Dispatcher for Two systems
Hi experts,
i want to configuration SAP web dispatcher for two hosts
web dispatcher has installed on saprate host( host are accessible via public ally) and other host contains two ABAP system are in same host.
i have configure two HTTP ports in the Web Dispatcher profile
icm/server_port_0 = PROT=HTTP, PORT=8888
icm/server_port_1 = PROT=HTTP, PORT=7777
In addition, you define the system assignments, as follows:
wdisp/system_0 = SID=ERP, MSHOST=ms_erp, MSPORT=8082, SRCSRV=*:8888
wdisp/system_1 = SID=CE1, MSHOST=ms_erp, MSPORT=8127, SRCSRV=*:7777
but i want to know how can do the url mapping i want to open WEBGUI for both ABAP systems.
and how can access?
Please suggest.
Regards,Hi Vivek,
Check the below link, I think it would help you with the configuration.
One Web Dispatcher, Multi Systems with URL Prefixes
And also read the below document for the Mapping of one SAP Webdispatcher to Multiple Systems.
http://help.sap.com/saphelp_nw73ehp1/helpdata/en/b0/ebfa88e9164d26bdf1d21a7ef6fc25/content.htm
Regards,
Sushil -
Issue in Installing Sap Web Dispatcher
Hi Experts,
We have Installed Sap Web Dispatcher in our landscape for https connection and we have generated the pse certificate .We were stuck in the next step as we have to forward this request to a certification authority such as Verisign or Thawte.
Can you please let us know the process on how we have to forward this request to Certification Authority.
Thanks in Advance..
Regards,
Krishna.MHi,
You are right ... It does NOT matter.
Here is no unicode/non-unicode version available for the webdispatcher.There is only one version available, and this use the non-unicode kernelpackage. You can carry on with the installation without any problem.
Rgds,
Sheikh Saggaf -
Buenas tardes estimados,
Configure el web dispatcher con solman pero el webdispatcher solo me permite acceder a los servicios del stack de java que corren en el puerto 50000 pero no me deja ver los servicios abap de la SICF que corren en el puerto 8000 alguno tendra una idea de porque ocurre esto? y como puedo solucionarlo?Hola Diego,
Te comento si estan corriendo perfectamente mis servicios de la sicf por el puerto 8000 y los de java por el 50000 mi ms/http_port es el 8101 lo que pasa es que el web dispatcher solo me detecta el stack de java no me detecta el stack de abap por ende puedo acceder a cualquier servicio que corra en el puerto 50000 pero a los que corren en el puerto 8000 que son los de abap no le llego por el webdisp porque el mismo no me esta detectando el stack de abap.
Pude observar que al introducir esta url http://ServidorDeSolman:8101/msgserver/text/logon obtengo este resultado:
version 1.0
J2EE4070400
J2EE ServidorDeSolman 50000 LB=1
J2EES ServidorDeSolman 50001 LB=1
P4 ServidorDeSolman 50004 LB=1
P4S ServidorDeSolman 50006 LB=1
P4HTTP ServidorDeSolman 50005 LB=1
JC_MIASRV00_LCS_00
ServidorDeSolman 50018
Como podemos observar solo arroja info del stack de java y los puertos java pero no arroja la info del stack de ABAP.
Tambien por el webdisp realice esta prueba via linea de comandos en el cmd:
C:\usr\sap\WEB\SYS\profile>sapwebdisp -checkconfig pf=WEB_W02_MIASRV00
Checking SAP Web Dispatcher Configuration
=========================================
maximum number of sockets supported on this host: 8192
Server info will be retrieved from host: ServidorDeSolman:8101 with protocol: http
Checking connection to message server...OK
Retrieving server info from message server...OK
Message Server instance list
------++--
+
instance name
hostname
HTTP port
HTTPS port
------++--
+
J2EE4070400 ServidorDeSolman
50000
50001
------++--
+
Checking ABAP servers with URL "/sap/public/icman/ping":
No server group "!DIAG" defined
Checking J2EE servers with URL "/index.html":
Checking J2EE server http://ServidorDeSolman:50000...OK
Web Dispatcher configuration for J2EE only system: No server group !DIAG defined
On double stack systems, configure Web Dispatcher to access Message Server of SAP Web AS ABAP
Pareciera que debo agregar algun parametro en el webdisp que indique que el sistema es dual stack pero de verdad no tengo idea si sea ese el problema y cual seria el parametro.
Alguna idea de que se puede hacer?
Muchas gracias por la ayuda
Saludos Cordiales -
SAP Web Dispatcher for Portal reverse proxy
Hi Experts,
I am on EP6.0 SP20 and trying to use SAP web dispatcher as reverse proxy.
I followed the below web log to configure the web dispatcher.
[How to...Configure SAP Webdispatcher as a reverse proxy|How to...Configure SAP Webdispatcher as a reverse proxy]
I still have some problems logging into the Portal through the web dispatcher.
Web Dispatcher is in the DMZ not behind the firewall. We opened the port 80 only for Web dispatcher server.
We are getting an error in the browser,
http://<host of portal>.<domain name>:50000/irj/portal can not be recognized.
I have no clue to how to get rid of this error. any help will be greatly appreciated.
Regards,Hi,
I do not know the exact ESS WebDynpro you are using but it may be possible that these WebDynpros use absolute URLs which of course do not point to the hostname and port of the Web Dispatcher.
There are several ways to circumvent this:
Please check http://help.sap.com/saphelp_nw04s/helpdata/en/62/5f374ff72c40478fcba2bb4fa79ddf/frameset.htm and add the parameters wdisp/add_client_protocol_header and (more important for you: wdisp/handle_webdisp_ap_header) to the WebDynpro configuration.
(A nice explenation why we have to use this can be found here: https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bsp/using+proxies&)
another way would be to tell the J2EE engine directly that it is behind a WebDispatcher, by setting the ProxyMappings (http://help.sap.com/saphelp_nw70/helpdata/en/b8/437d46d4451e4c9ab756e272a1581d/frameset.htm)
Regards,
Holger. -
Remote Connection to SAP with SAP Web Dispatcher
Dear Experts,
i have installed a SAP Router + SAP ECC 6.0 IDES + SAP Portal 7.0 + SAP Solution Manager 7.0. The remote connection works.
SAP Router is in a DMZ
SAP ECC 6.0 IDES + SAP Portal 7.0 + SAP Solution Manager 7.0 are in another network only for SAP Systems
Fo security reason, i would like to install a SAP Webdispatcher with the SAP Router's Server.
I already:
have extracted the icmadmin.sar file
have executed the sapwebdisp -bootstrap command
have started the web dispatcher with sapwebdisp pf=sapwebdisp.pfl
have activated /sap/public/icman and /sap/public/icf_info/* services inthe SAP Solution Manager
As the saprouttab file for the saprouter, i would like to establish the connection to SAP withe the SAP WebDispatcher.
My questions are:
What are the parameters i have to put in the sapwebdisp.pfl file?
Do i have to create the PERMFILE and the AUTHFILE?
Any example of profil file? (another than the SAP Library example)
Thank you very much for your help in advance.
Best regards.
Pascal Tran.
PS: Here is the sapwebdisp.pfl file
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 50
add default directory settings
DIR_EXECUTABLE = .
DIR_INSTANCE = .
Accessibility of Message Servers
rdisp/mshost = <Solution_Manager_hostanme>
rdisp/msserv = sapms<Solution_Manager_SID>
ms/http_port = 81<Solution_Manager_Instance_Number>
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration for default scenario (medium size)
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500
wdisp/HTTPS/max_pooled_con = 500
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=8050
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
Hostname per default
icm/host_name_full = <SAP_Router_Hostname>Hello,
The two important paramters are covered in your profile.
Accessibility of Message Servers
rdisp/mshost = <Solution_Manager_hostanme>
rdisp/msserv = sapms<Solution_Manager_SID>
ms/http_port = 81<Solution_Manager_Instance_Number>
And the port on which your webdispatcher listens from outside world.
icm/server_port_0 = PROT=HTTP,PORT=8050
For additional security you can use the https port also.
I dont think you need to maintain any other file manually.
I had configured web dispatcher but for 640 stack. It should be more or less the same.
An example file sapwebdisp.pfl
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 1
Accessibility of Message Servers
rdisp/mshost = <hostname>
ms/http_port = 8101
ms/https_port = 8005
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration for default scenario (medium size)
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500
wdisp/HTTPS/max_pooled_con = 500
wdisp/shm_attach_mode = 6
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTPS,PORT=1443
icm/server_port_1 = PROT=HTTP,PORT=1081
icm/HTTPS/verify_client = 0
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin
DIR_INSTANCE = C:\Secudir
ssl/ssl_lib = C:\Secudir\sapcrypto.dll
ssl/server_pse= C:\Secudir\SAPSSLS.pse
wdisp/ssl_cred = SAPSSLS.pse -
SAP Web Dispatcher - Object Cert doesn't exist.....?
Has anyone ever experienced this error before? This error came about when I created a "Verification PSE" in STRUST to move over onto the webdispatcher.
[Thr 3516] *** ERROR => secudessl_Create_SSL_CTX(): PSE "C:\Program Files\SAP\SAPWebDisp\DEV\<domain folder>\sec\SAPSSLC.PSE" not found! [ssslsecu.c 1354]
[Thr 3516] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 4130 (0x00001022) = "Object Cert doesn't exist"
[Thr 3516] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 3516] ERROR in SSL_CTX_set_default_pse_by_name: (4130/0x1022) Object Cert doesn't exist
ERROR in ssl_set_pse: (4130/0x1022) Object Cert doesn't exist
ERROR in af_pse_get_Certificate_static: (4130/0x1022) Object Cert doesn't exist
[Thr 3516] << -
End of Secude-SSL Errorstack -
[Thr 3516] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create CLIENT Credential
for "C:\Program Files\SAP\SAPWebDisp\DEV\<domain folder>\sec\SAPSSLC.PSE" [ssslxxi.c 2278]
[Thr 3516] *** ERROR => Initialization of SSL library failed -- NO SSL available!
Also this error occurs when I tried to "export certificate" from STRUST.
[Thr 3384] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 3384] ERROR in SSL_CTX_set_default_pse_by_name: (4356/0x1104) PSEFile
ERROR in ssl_set_pse: (4356/0x1104) PSEFile
ERROR in af_open: (4356/0x1104) PSEFile
ERROR in secsw_open: (4356/0x1104) PSEFile
ERROR in sec_parse_PSEInfo_cont: (4356/0x1104) PSEFile
ERROR in d_PSEFile: (18/0x0012) decoding error for : "PSEFile"
[Thr 3384] << -
End of Secude-SSL Errorstack -
[Thr 3384] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create CLIENT Credential
for "C:\Program Files\SAP\SAPWebDisp\DEV\<domain folder>\sec\SAPSSLC.PSE" [ssslxxi.c 2278]
[Thr 3384] *** ERROR => Initialization of SSL library failed -- NO SSL available!
What I'm trying to do is create the SSL connection between the dispatcher and the SAP Web AS.Hi,
From the error it is clear that it is unable to access the SAPGENPSE.
Go the fallowing location c:\programfiles\sap\sapwebdisp\dev\domain\sec and see if there is sapsslc.pse file if this dosent exist fallow the below procedure.
go the c:\programfiles\sap\sapwebdis\ and execute the fallowing command
sapgenpse get_pse -p "c:\programfiles\sap\sapwebdisp\dev\domain\sec\SAPSSLS.pse" -noreq "CN=<FQDN>, OU=<InstallationNumber>, OU=SAP Web As, O=SAP Trust Community, C=DE
Please revert back if you have troubles.
Kind Regards,
vamsi. -
Hello all,
I would like to get the host and port of the current Web Dispatcher.
There is a method IF_HTTP_SERVER~GET_LOCATION to get the current server instance, however I need the dispatcher.
Is there any method to get this information?
Thank you for your assistance.
Best regards,
Kurt.Hello Kurt,
I've never done it my self but of course it is possible because SAP standard code does it.
My suggestion : Enable the it00 standard BSP application.
Then call the following URL :
https://webdispatcher/sap/bc/bsp/sap/it00/misc_echo.htm
All header fields will be displayed including the ones I told you.
Then look at the source code of this page. I am not an abaper but it seems that the interesting code is :
DATA: ffs TYPE TIHTTPNVP,
ff TYPE IHTTPNVP.
request->GET_HEADER_FIELDS( CHANGING fields = ffs ).
LOOP AT ffs INTO ff.
So I think my mistake was to tell you GET_FORM_FIELDS instead of GET_HEADER_FIELDS.
Hope this helps.
Olivier -
Upgrade from SAP Webas 6.40 to SAP Netweaver 2004s
Do we have to change the virtual host name used for high availability clustering environment to local host name before we conduct the upgrade from SAP WebAS 6.40 to SAP NetWeaver 2004's ?
Do we have to change the virtual host name used for high availability clustering environment to local host name before we conduct the upgrade from SAP WebAS 6.40 to SAP NetWeaver 2004's ?
-
"SSO" for non-sap web application using SAPGUI to browse?
I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
To strengthen the authentication in the web app, I wanted to implement SSO
authentication as we pity the users for having to remember so many strong pw's and I
dont like LDAP based pw sync or other technology I dont understand, because then we are
just yet another application with the same pw...
We are having technical problems implementing SSO on the web app side, and are anyway a
bit sceptical about the user admin / role admin assignment if we get it to work.
So I have created a transaction in SAP which browses the web app and the intention is to
send the SAP sy-uname as the web app user. We can control this using s_tcode, and
an own auth object on the WAS side and a check on the session type before the connection is
established. In this sense we are dependent on the SAP concept implemented, but even so:
The role assignment is controlled in the web app itself -> so assume that I am not overly
worried about unauthorized access to the web application, as they would not have any
system role for it as their sy-uname does not exist. (Infact we can monitor this)
The browser on the front end is the SAPGUI with html controls on the SAP side.
I would be interested in knowing whether anyone else has experience with this approach, and
whether there are any areas to be carefull of?
I would also like to know whether this is a strategic error?
Kind regards,
JuliusHi Julius,
well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
But for non-SAP web applications that does not help.
In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
Cheers, Wolfgang -
How to change the default operators in sap web ui Search screen?
How to change the default operators in sap web ui Search screen?
For eg. Using advance search option , I have some fields with default operators like equals, contains,is between, is less than and is greater than. I don't need all these operators for this field.
I need only "equals" operator. How do i remove the rest of the operators?There is a view cluster crmvc_dq where all the standard setting is present related to you r issue. Please try if you can modify that, that way you will avoid the code.
Incase you are not able to make any changes there then in that case you have to redefine the method GET_DQUERY_DEFINITION () of the IMPL class to delete the operators for a particular serach field.
Regards,
Harshit -
Communication problem between external web server and SAP WebAS
Hello Experts,
We are having a serious problem over here where we had one external server is pushing XML string using a HTTP-POST request to our SAP WebAS server (a BSP application is handling this request). We are not able to see the request coming to SAP i.e. SAP-BSP is not receiving XML.
Also we found that, if request is routed through another proxy server (apache tomcat server redireting the request) connected through VPN to our network, it works but if the the same server is inside our network it doesn't. Rather in that case it never hits the Apache-Tomcat server itself.
We tried to identify the network issue but it seems it is not the network or any firewall issue. When we had a small Echo server (itu2019s a small Java server) running on our SAP machine, we could see the request coming in. So it is definitely reaching the SAP server but the SAP Web AS is not picking up. Rather what we found that if the URL is simple e.g. http://<hostname>:<port> it works but if the URL is complex like something generated by SAP incase of BSP application it doesn't.
Any idea what is causing this issue?
I tried to look at SMICM trace files but got nothing. Any idea where would find the trace of incoming HTTP requests to SAP WebAS?
Thanks in advance.
regards
rajeevHi Rajeev,
Pelase find the below link. i am not sure this is the exactly one for you. But i hope it'll help you.
http://www.sdn.sap.com/irj/scn/weblogs;jsessionid=(J2EE3417800)ID0350917650DB11174011760851503410End?blog=/pub/wlg/10285
http://www.sap-img.com/basis/basis-faq.htm
Regards,
CSK. -
Hello Guru's,
we are creating sales order in SAP from a quote created in .NET, through Web Service created in SAP, and consumed in .NET.
When ever a order is created in SAP for a given quote, SAP returns the sales order number to .NET.
Orders are getting created as expected, but once in a while we are getting the following error from webservice :
Web service processing error; more details in the web service error log on provider side (UTC timestamp 20140609173429; Transaction ID 4DFCEFE33301F1EBB5CE00155D0B4530)
But the problem is order is getting created in SAP for the perticular quote for which we are getting the above error and this order number is not getting returned to .NET.
Upon analysis in TCODE SRT_UTIL for the above transaction ID, has the following details , which are hardly help full to resolve the error.
----TYPE CX_SY_OPEN_SQL_DB
----ERROR_TEXT The database returned a value containing an error
----CX_SY_NO_HANDLER
-----CLASSNAME CX_SY_OPEN_SQL_DB
This Exception raised by Web Service application
Could you please help in resolving this issue or alteast provide an approach for the same.
Thank you,
Suresh.Thank you Bhaskar,
How can we clarify whether the error is from SAP or Web part.
I have checked ST22, but there is not entry for the perticular exception transaction ID
My exception time stamp is
-------------------START-------------6/9/2014 1:34:33 PM
Error :Web service processing error; more details in the web service error log on provider side (UTC timestamp 20140609173429; Transaction ID 4DFCEFE33301F1EBB5CE00155D0B4530)
-------------------END-------------6/9/2014 1:34:33 PM
In al11, i found the following for the perticular exception time stamp
**** Trace file opened at 20140609 133431 Eastern Daylight Time, by disp+work
**** Versions SAP-REL 720,0,500 RFC-VER U 3 1442251 MT-SL
XRFC> Begin of user trace
XRFC> ---------------------------------------------------------------------
XRFC> <
XRFC> TRACE SOAP RUNTIME - header <
XRFC> <
XRFC> ------------------------------------------------------------------ <
XRFC> REQ_SIZE : 2685 <
XRFC> RESP_SIZE : 0 <
XRFC> PARENT_ID : ROOT_CALL_ID <
XRFC> TRC_KEY : 40FCEFE3BD6EF184B5CE00155D0B4530 <
XRFC> REQ_BASED : <
XRFC> SESSION_ID : 0003925540FCEFE3BD6EF17DB5CE00155D0B4530 <
XRFC> TS_CALL : 20140609173408.2880000 <
XRFC> SY_UNAME : <
XRFC> HOSTNAME : <
XRFC> SY_SID : PRD <
XRFC> SY_MANDT : 300 <
XRFC> SYS_NR : 19 <
XRFC> APPLSERVER : <
XRFC> ISPRESCHED : X <
XRFC> DURATION : 21810 <
XRFC> NETHDRTIME : 21810 <
XRFC> CALL_STATE : 2 <
XRFC> ERRORTYPE : APPLFAIL <
XRFC> ERRORAREA : APPL <
XRFC> CTXDP_TYPE : SOAP_RUNTIME <
XRFC> SYNC_ASYNC : S <
XRFC> LOCATION : P <
XRFC> DIRECTION : I <
XRFC> REQ_ID : 91C57815916E421CA9F3D652FFACE9C7 <
XRFC> RESP_ID : 00155D0B45301EE3BBFF89A0267EB5CE <
XRFC> MSG_STATE : 114 <
XRFC> IF_NAME_I : ZSD_CS_CREATE_SALESORDER_SERVI <
XRFC> IF_NS_E : urn:sap-com:document:sap:soap:functions:mc-style <
XRFC> IF_NAME_E : ZSD_CS_CREATE_SALESORDER_SERVI <
XRFC> ISSHORTCUT : <
XRFC> TRC_PATT : WSTEST <
XRFC> TRC_SSID : PRD_19 <
XRFC> TRC_USER : <
XRFC> TRC_TS : 20140609173409 <
XRFC> TRC_COUNT : 99 <
XRFC> TRC_EXT : <
XRFC> COMPLETE : OK <
XRFC> CALLEDPROG : ZSD_CS_CREATE_SALESORDER_SERVI <
XRFC> SOAP_APPLI : urn:sap-com:soap:runtime:application:rfc:710 <
XRFC> CONF_ID : 00155D0B45301EE3AEFDAD78756555CE <
XRFC> BIND_ID : 00155D0B45301EE3AEFDAD787565B5CE <
XRFC> OP_NAME : ZsdCsCreateSalesorder <
XRFC> COMM_PATRN : Method:ZsdCsCreateSalesorder <
XRFC> OP_NS : urn:sap-com:document:sap:soap:functions:mc-style <
XRFC> REMADDRESS : 172.16.11.43 <
XRFC> DT_OBJ : ZSD_CS_CREATE_SALESORDER_SERVI <
XRFC> MEMCONSUMP : 296291 <
XRFC> WSHOST : <
XRFC> WSPORT : <
XRFC> WSPROT : <
XRFC> WSCLIENT : <
XRFC> WSPATH : <
XRFC> PXYHOST : <
XRFC> PXYPORT : <
XRFC> USEDRFCDES : <
XRFC> BONAME : <
XRFC> PROCCOMP : <
XRFC> DEPLOYUNIT : <
XRFC> ------------------------------------------------------------------ <
XRFC> <
XRFC> TRACE SOAP RUNTIME - trace records <
XRFC> <
XRFC> ------------------------------------------------------------------ <
XRFC> E SOAP_RUNTIME 20140609173429.7400000 : CL_SOAP_RUNTIME_SERVER <
XRFC> ->EXECUTE_PROCESSING Exception handling for IF "ZSD_CS_CREATE <
XRFC> _SALESORDER_SERVI" OP name "ZsdCsCreateSalesorder" MSG ID <
XRFC> "91C57815916E421CA9F3D652FFACE9C7" user "STULZWEBSERV" <
XRFC> <
XRFC> <
XRFC> E SOAP_RUNTIME 20140609173429.7240000 : CL_SOAP_RUNTIME_SERVER <
XRFC> ->EXECUTE_PROCESSING CX_SOAP_ROOT : An exception has occurred. | <
XRFC> program: CL_SOAP_RUNTIME_ROOT==========CP include: CL_SOAP <
XRFC> _RUNTIME_ROOT==========CM004 line: 120 <
XRFC> <
XRFC> <
XRFC> E SOAP_RUNTIME 20140609173429.7400000 : CL_SOAP_RUNTIME_SERVER <
XRFC> ->EXECUTE_PROCESSING CX_SY_NO_HANDLER : An exception with the type <
XRFC> CX_SY_OPEN_SQL_DB occurred, but was neither handled locally, nor <
XRFC> declared in a RAISING clause | program: SAPLSTXD include: LSTXDFDB <
XRFC> line: 200 <
XRFC> <
XRFC> <
XRFC> E SOAP_RUNTIME 20140609173429.7400000 : CL_SOAP_RUNTIME_SERVER <
XRFC> ->EXECUTE_PROCESSING CX_SY_OPEN_SQL_DB : The database returned a <
XRFC> value containing an error | program: SAPLSTXD include: LSTXDFDB <
XRFC> line: 227 <
XRFC> <
XRFC> ---------------------------------------------------------------------
XRFC> End of user trace
Maybe you are looking for
-
I have had a update on my mini ipad and its asking for a code could you help me out please
I have got a iPad mini a update has come though and its asking me for a code when i click update could you help me out please
-
Which table stores program names?
Hi, Which table stores the program names. Suppose i have a program with name ZTEST. And the program ZTEST has 2 more include programs ZTEST_TOP and ZTEST_MAIN. Now the requirement is that i'll have the program name (Say ZTEST), I need to fectch the i
-
Why is the student version just for a year?
I have found the reduced version of the Creative Cloud for 19,99€/Month. I really like that price. I don't eran much money, but this is (for me) a really fair price for the programs. But after a year I have to pay the full price? I don't think that i
-
Ability to Change Data Manager Messages
Hi Experts, I would like to know if anyone has successfully changed the Data Manager (DM) messages. We have a DM package that runs a BAdI calculation. We successfully linked the BAdI message to the DM so that on the detailed section of the DM resu
-
What does this error message mean? Keynote to html to Homepage
Trying to "add page" in homepage of my Keynote 3 exported html slideshow. However, after various attempts I keep getting this error from the .Mac server HomePage found the following issues with the HTML page you chose. Please fix these issues and try