Switching from HTTP to HTTPS - adverse side effects???

Similar Messages

• URL redirect - how to switch from https to http

  Hi, all.
  We have some requirement that the portal session be switched to https on some iviews while the rest of the contents are in http. I am thinking of using url redirect on the web dispatcher.
  What I found is that the url redirect from http to https works great. Now if I want to switch back to http, the redirect doesn't work. Note that the http port is 80 and https port is 443 on the web dispatcher. To test, here is the parameter I did to switch from http to https. This works and transforms the url from http://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxx to https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=http, PROT=https, HOST=ozonehomeep3.XXXXXX
  If I flip it back the other way:
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=https, PROT=http, HOST=ozonehomeep3.XXXXXX
  When I connect using the url https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx, it ignores the parameter and the redirect to http did not happen.
  What is wrong?
  Thanks,
  Jonathan.

  Hello,
  I've had a similar problem for one of my customers.
  I've tried to do it on a root level, just Https://FQDN:port_https/ to http://FQDN:Port_http/
  I've used this parameter to solve it:
  icm/HTTP/redirect_0 = PREFIX=/, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http
  maby you should try:
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http, TO=/irj/portal/zsap_
  You should also verify that the standard http port (80) are open in the firewall from the outside, just take a telnet session to FQDN and port 80
  to quickly determined if the firewall policy are right.
  Good luck!
  Kind Regards
  Håvard Fjukstad.

• Problem when switching from https to http on Safari

  I am using a Safari browser and try to switch from https to http within the same web application.
  The Safari browser is configured so that on Safari->Preferences->Security the check box "Ask before sending a non-secure form to a secure website" is checked.
  When using the Safari browser in my web application and going from an https page to an http page, the browser shows an (expected) dialog box asking the user whether he wants to send a non secure form. Clicking Ok (twice) causes the following problematic dialog box to appear :
  Safari can't open the specified address;
  Safari can't open "(null)" because Mac OS X doesn't
  recognise Internet addresses starting with "(null)"
  How can I avoid this problem without having to uncheck the above mentioned check box in Safari->Preferences->security.

  I have somehow a similar problem,too. My site is in https upon login which maintains some session data. One of the features of my site is the file upload (servlet) which does some batch processing. Since my https session terminates(timeout)upon uploading, I resorted to switching the link to an http session using
  File Upload
  When I do "session.getAttribute('data')" in my servlet after being called by the "upload.jsp", a NullPointerException is thrown at that particular line.
  My question:
  1. Upon uploading of file/data via https, is there a maximum bytes that it can only process? My file is just less than 1MB and it terminates the session. How do I go about it? Should I switch it then to an http?
  2. If I switch from https to an http session, SSL session data can not be retrieved from an http session?
  Thanks!

• Would it be possible that saved passwords would work on both http and https version of the same site as some pages are switching from http to https?

  Some sites are switching from http to https protocols and some sites run both. This creates some duality when you have saved passwords. You either save passwords for both versions of the site. And if you visit the https version for the first time you just have to go and look up the password as (personally) I don't remember all of my passwords.
  Would it be possible that unless there are different passwords for different version of the site that firefox would use the one that it has already saved?

  You will have to save the password again in case the submit URL and possibly other parameters change.
  You can try this extension:
  * Saved Password Editor: https://addons.mozilla.org/firefox/addon/saved-password-editor/

• Switching between https and http requests

  Hi,
  Our application is built using ADF 10.1.3
  This application need to be integrated with an in house built single sign on system. ( SSO system is built in C# and .NET)
  This single sign on system only understand https request. Once user is validated against single sign on system, our application's authorization page is called in HTTPS mode. Once the user is authorized, he is forwarded to home page. While forwarding to home page, we want to convert the HTTPS request to HTTP.
  Currently once the user is authenticated, all requests are happening in HTTPS mode.
  We do not know how to make http request from existing https requested page.
  Any help is appreciated.
  Thanks
  Ranajit

  Hi,
  the way to do this is by redirecting the call from a PhaseListener or command button. The solution Avrom refers to is a PhaseListener that uses XML configuration file to determine whether or not the page you are navigating to requires https or http. The code that handles the protocol switch is printed below
    * Determines if the requested page requires SSL and if the current protocol
    * meets this need. If not the protocol is switched between http and https
    * @param viewId
    * @param pageRequiresSSL
    public void handleProtocolSwitch(String viewId, boolean pageRequiresSSL)
      ExternalContext exctx = FacesContext.getCurrentInstance().getExternalContext();
      boolean isSecureSSLChannel = ((HttpServletRequest)exctx.getRequest()).isSecure();
      // pages that require SSL and SSL is on, or pages that don't require
      // SSL but SSL is on and should be kept
      if (pageRequiresSSL && isSecureSSLChannel || !pageRequiresSSL && isSecureSSLChannel && isKeepSSLMode) {
      printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel+", is keep SSL = "+isKeepSSLMode);
      printDebugMessage("No protocol change required");
      // page requires SSL and SSL is not active. Switch to SSL.
      if (pageRequiresSSL && !isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel);
        printDebugMessage("Protocol change required to use https");
        switchToHttps(viewId);
      // switch to HTTP is page doesn't require SSL and channel isn't secure
      // and isKeepSSLMode is false
      if (!pageRequiresSSL && !isKeepSSLMode && isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel+", is keep SSL = "+isKeepSSLMode);
        printDebugMessage("Protocol change required to use http");
        switchToHttp(viewId);
      if (!pageRequiresSSL && !isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel);
        printDebugMessage("No protocol change required");
    * Switches from https to http using a redirect call
    * @param viewId
    private void switchToHttp(String viewId) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext exctx = facesContext.getExternalContext();
        ViewHandler vh = facesContext.getApplication().getViewHandler();
        String pageURI = vh.getActionURL(FacesContext.getCurrentInstance(), viewId);
        //redirect to http URL
        String remoteHost = getHostNameFromRequest();
        printDebugMessage("Switch to http on host "+ remoteHost);
        try {
            String port = httpPort.equalsIgnoreCase("80") ? "" : ":" + httpPort;
            String url = "http://" + remoteHost + port + pageURI;
            printDebugMessage("Redirecting to http URL "+ url); 
            //TODO check request Map
             this.printDebugMessage(" Content size of RequestMap before redirect "+exctx.getRequestMap().size());
            exctx.redirect(url);         
        } catch (IOException e) {
            printDebugMessage("Redirect to http port failed "+ e.getMessage());
    * switches to https using a redirect call
    * @param viewId
    private void switchToHttps(String viewId) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext exctx = facesContext.getExternalContext();
        ViewHandler vh = facesContext.getApplication().getViewHandler();
        String pageURI = vh.getActionURL(FacesContext.getCurrentInstance(), viewId);
        //redirect to https URL
        String remoteHost = getHostNameFromRequest();
        printDebugMessage("Switch to SLL/https on host "+ remoteHost);
        try {
            String port = httpsPort.equalsIgnoreCase("443") ? "" : ":" + httpsPort;
            String url = "https://" + remoteHost + port + pageURI;
            printDebugMessage("Redirecting to https URL "+ url);       
            //TODO check request Map
            this.printDebugMessage(" Content of RequestMap before redirect "+exctx.getRequestMap().size());
            exctx.redirect(url);         
        } catch (Exception e) {
            printDebugMessage("Redirect to http port failed "+ e.getMessage());
    * @return the hostname of the page request
    private String getHostNameFromRequest() {
        ExternalContext exctx = FacesContext.getCurrentInstance().getExternalContext();
        String requestUrlString = ((HttpServletRequest)exctx.getRequest()).getRequestURL().toString();
        URL requestUrl = null;
        try {
            requestUrl = new URL(requestUrlString);
        } catch (MalformedURLException e) {
            e.printStackTrace();
        String remoteHost = requestUrl.getHost();
        return remoteHost;
    }If your container doesn't support session sharing between http and https then the session is renewed. In OC4J you will have to configure this.
  Frank

• Switch to HTTPS

  Hello,
  I am trying to submit a paragraph of code which has been working on other computers. On my system, I receive the error:
  E_COSMOS_GENERIC: Could not get stream info for http://cosmos08.osdinfra.net:88/cosmos/bingads.business.fastjobs/shares/adCenter.BICore.SubjectArea/SubjectArea/resources/PROD/MonetizationFacts.view
  [HttpStatusCode = Forbidden; ErrorCode = 0x80004005(The operation failed); Description = HTTP(http://cosmos08.osdinfra.net:88/cosmos/bingads.business.fastjobs/shares/adCenter.BICore.SubjectArea/SubjectArea/resources/PROD/MonetizationFacts.view?view=xml&property=info)
  is not allowed. Please switch to HTTPS instead. For more detailed instruction, please check (https://microsoft.sharepoint.com/teams/Cosmos/Documents/SecurityAndCompliance/Security%20Updates%20to%20VcClient.docx).
  Essentially it seems that Visual Studio is telling me that this location is not within communication, because I have to switch to HTTPS. However, because I don't explicitly reference this location in my code, I deduce that it is embedded somewhere in my
  system. Does anybody know how to make the switch from HTTP to HTTPS within the Visual Studio system?
  Thanks,
  Rohit

  Hi Rohit,
  From your description, could you please tell me how you submit a paragraph of code which has been working on other computers and then get the error message?
  If possible, I suggest you can provide me the detail steps or screen shot about how to submit a paragraph of code which has been working on other computers.
  What application you are developing?
  To further help you support this issue, please tell me more information about your issue.
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• What are the non-obvious side-effects of using $psdefaultparametervalues.add("ft:wrap",$True) ?

  I'm thinking about dropping these two lines into my profile.ps1 script:
  $psdefaultparametervalues.add("ft:wrap",$True)
  $psdefaultparametervalues.add("ft:auto",$True)
  Are there any adverse side-effects that I will suffer after I do that?
  I know that I'll have to do explicit overrides to those switch values to Format-Table if I don't want those defaults.

  One thing I can think of is if you use -Property * to list everything, it has the potential to leave out columns if the properties are too long.
  Try this first:
  gci | Select -first 1 | FT *
  Then this:
  gci | Select -first 1 | FT * -auto -wrap
  Besides that , I can't really think of anything else; perhaps others can think of things.
  Boe Prox
  Blog |
  Twitter
  PoshWSUS |
  PoshPAIG | PoshChat |
  PoshEventUI
  PowerShell Deep Dives Book

• Would like to disable HTTP and use only HTTPS yet I get side effects

  Hello,
  I have established a secure connection between the AS ABAP and AS Java.
  I would like assure that all communication between the servers is using https and for that, as a test, I have deactivated the http service using SMICM transaction.
  The only side effect I could recognize so far is that the Web Dynpro for ABAP stuff doesn't work through transaction SE80, the working area simply doesn't come up. If I activate HTTP again it is working.
  Am I doing the right thing by disabling HTTP completely and if yes, what else do I need to do in order to prevent this side effect from happening?
  Roy

  humuhumunukunukuapuaa wrote:
  If I get some nice approvals on my app spree in 10 days, I would like to close Talbots and Abercrombie and Fitch store cards. Total CL for the 2 is $2,700 ($1,350 each)  but I can make up for that closure and utilization loss by getting quite a bit more than those amounts on majors during my app spree. Talbots has only been open 4 months, A&F one year. I have other cards that are the same age or older so should not majorly affect AaoA. Thoughts? I know some will say don't close cards, but they're store cards and I don't need to be responsible for store cards I don't use.If you have no use for them and don't foresee using them in the future then you should probably close them out.  They won't affect your AAoA as the cards will stay in your reports for 10 years.  No sense in keeping cards that you don't want just to take up room in your sock drawer.

• Side Effects of Upgrading to SP5 from SP4 in XI

  What are the Side Effects of Upgrading to SP5 from SP4 in XI

  Check here:
  http://service.sap.com/~form/sapnet?_SHORTKEY=00200797470000080233&

• [Forum FAQ] How to display an image from Http response in Reporting Services?

  Question:
  There is a kind of scenario that users want to display an image which is from URL. In Reporting Services, if the URL points to an image file, we can directly display it by typing the URL in embedded image. However, some URLs are just sending Http requests
  to server side, then redirect to another position and the server will return the image. For these kind of URLs, Reporting Services can’t directly render the image from Http response.
  Answer:
  To achieve this goal, we can add custom code into the report. Pass the URL as argument into our custom function so that we can create HttpRequest and get the HttpResponse. Then we can use custom function to return the Bytes() from the HttpResponse and render
  it into an image in report.
  Ps: In Reporting Services, it only support drawing Bytes() array into image, so we need to have our custom function return Bytes array.
  Add the assembly and custom code into the report.
  Public shared Function GetImageFromByte(Byval URL as String) As byte() 
                  Dim photo as System.Drawing.Image 
           Dim Request As System.Net.HttpWebRequest 
         Dim Response As System.Net.HttpWebResponse 
                Request = System.Net.WebRequest.Create(URL)         
                   Response = CType(Request.GetResponse, System.Net.WebResponse) 
               If Request.HaveResponse Then  
                    If Response.StatusCode = Net.HttpStatusCode.OK Then                    
                         photo = System.Drawing.Image.FromStream(Response.GetResponseStream) 
                   End If 
               End If 
                Dim ms AS System.IO.MemoryStream = new System.IO.MemoryStream() 
               photo.Save(ms, System.Drawing.Imaging.ImageFormat.Jpeg) 
                  Dim imagedata as byte()  
                  imagedata = ms.GetBuffer()  
                  return imagedata
  End Function
  Grant the permission for assemblies. 
  Go to: 
  C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\RSpreviewPolicy.config 
  C:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer\rssrvpolicy.config
  Give “FullTrust” for Report_Expressions_Default_Permissions.
  Insert an image into report. 
  Expression:
  =Code.GetImageFromByte("https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcSrVwPoAtlcA2A3KaiAJi-XjS4icr1QUnKYr7uzpX3IL3g2GPisAQ")
  The Result looks below:
  Applies to:
  Reporting Services 2005
  Reporting Services 2008
  Reporting Services 2008 R2
  Reporting Services 2012
  Reporting Services 2014
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  >
  Hi, I'd like to display a dynamic image from the web inside a JLabel or any other swing component it could work in. I've been looking on the Swing tutorials and others forums, all I can have is that a JLabel can load an Icon object, defined by an image URL, but can this URL be like "http://xxxxx/image.jpg" somehow or can it only be a local image URL?>
  I do not know why you start talking about an image on the web then go on to show concerns about whether it will work for a 'local' URL.
  But perhaps this answer will cover the possibilities.
  So long as you can from an URL to the image, and the bytes are available for download (e.g. some web sites wrap a direct call to an image in HTML that embeds the image), the URL based icon constructors will successfully load it.
  It does not matter if that URL points to
  - a web site,
  - a local server ('localhost'),
  - an URL representation of a File on the local file system, or
  - it is inside a Jar file that is on the application's run-time classpath.
  How you go about forming a valid URL to a 'local resources' (or indeed what you regard as local resources) is another matter, depending on the form of the project, and how the resources are stored (see list above).
  Probably the main reason that examples use images at a hard coded URL on the net is that it makes an 'image example' self contained. As soon as we compile and run it, we can see the result. I have posted a few examples like that on these forums.
  Edit 1:
  BTW - Welcome to the Sun forums
  Edited by: AndrewThompson64 on Apr 21, 2009 12:15 PM

• JSF / Switch between HTTP and HTTPS

  Hello!
  I want to switch between HTTP and HTTPS using JSF.
  Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
  e.g. Login-jsp should be secured, all other jsp's should run unsecured.
  Any ideas?
  regards
  Harald.

  Thanks,
  I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
  I did the following:
  1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
  2) create a plugin that reads ActionConfigs from the ModuleConfig
  3) create a filter that sets a request scope flag that says that password must re-entered.
  Code Extracts:
  1) MainshopContainer application level parameter singleton class:
  private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
  public boolean isInSSLZone(String servletPath)
  return this.sslZoneMap.containsKey(servletPath);
  public void addToSSLZone(String servletPath)
  this.sslZoneMap.put(servletPath,null);
  public int getNumberOfActionsInSSLZone()
  return this.sslZoneMap.size();
  2) Struts plugin
  add a call to loadSSLZoneMap in plugin init method:
  loadSSLZoneMap(config, mainshopContainer);
  private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
  throws ServletException
  try {       
  ActionConfig[] actionConfigs = config.findActionConfigs();
  for (int i = 0; i < actionConfigs.length; i++)
  if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
  // not found = not ssl zone
  System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
  else
  // found = ssl zone
  String servletPath = actionConfigs[i].getPath()+".do";
  mainshopContainer.addToSSLZone(servletPath);
  System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
  System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
  catch (Exception ex)
  ex.printStackTrace();
  throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
  3)
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  throws IOException, ServletException {
  HttpServletRequest req = (HttpServletRequest) request;
  HttpServletResponse res = (HttpServletResponse) response;
  String servletPath = req.getServletPath();
  boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
  The wole picture:
  The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
  I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
  At the end of all my jsp's I set the lastRequestDTO variable.
  In that method I set the passwordConfirmationRequired flag if needed:
  public void setLastRequestDTO(RequestDTO _lastRequestDTO)
  if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
  this.setPasswordConfirmationRequired(true);
  this.lastRequestDTO = _lastRequestDTO;
  I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
  When the password is OK I reset the passwordConfirmationRequired to false.
  I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
  I tought I could define it in the web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Account Related Pages</web-resource-name>
  <url-pattern>/account/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  but that doesn't work and finnaly understood why:
  Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
  The url pattern /account/* at the container level is never encountered.
  Is it allowed to declare the following action path: /account/login instead of /login?
  If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
  What's your opinion?
  If no, would your library resolve this?
  Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
  Regards
  Fred

• SolMan 7.1 SPS 11 - deactivate redirect from HTTP to HTTPS

  Hi Gurus,
  I am currently experiencing the case, that I can't call HTTP pages anymore.
  Before I made the check described under SOLMAN_SETUP -> System Preparation -> 2. Check Installation -> Manual Activities -> Check Secure Web Browser Comm. (HTTPS) I was able to call SOLMAN_SETUP with HTTP and SSO worked (starting the Browser by calling transaction SOLMAN_SETUP in GUI).
  After I have executed the check, I have changed nothing but to execute the check and make sure there is a working HTTPS service.
  Now I am experiencing the case that if I start transaction SOLMAN_SETUP I get a browser call HTTPS. If I change the protocol and the port to HTTP it jumps directly to HTTPS. This behavior makes me think that some configurations steps have activated a force redirect from HTTP to HTTPS.
  This specially gives me some headache because all other (satellite)-systems are not configured to use secured communication and the certificates are not rolled out.
  Currently I can't afford the need to roll out certificates all over the landscape.
  To buy me some more time:
  How can I check if my feeling about the redirect is correct?
  If there is a redirect, how can I disable this so that I can work with HTTP-URLs?
  I appreciate your help.
  Kind regards,
  Niklas Theis

  Hi Niklas,
  Perhaps this note can give You a little hint how to reverse to the HTTP setting again:
  1716999 - Enable HTTPS for Solution Manager web service communications
  Also check and adjust if necessary the setting for the webservice  “wd_sise_main_app”: Change the setting to “Switch to HTTP”.
  In addtion to that You also might look into:
  - the ACL file; if any block against HTTP has been setup
  Regards,
  Kurt

• Issues switching to HTTPS

  Hi all.
  I followed Scott Spadafore's advice on forcing a specific page to HTTPS:
  Re: HTTPS and LOGIN
  I'm getting redirected to the right protocol, but the wrong port. The problem seems to be here:
  htp.p('Location: http://'||
  owa_util.get_cgi_env('HTTP_HOST')||
  owa_util.get_cgi_env('SCRIPT_NAME') ||
  owa_util.get_cgi_env('PATH_INFO')||'?'||
  owa_util.get_cgi_env('QUERY_STRING'));
  HTTP_HOST returns "host.mcg.edu:7779" in non-SSL mode, and "host.mcg.edu:4443" in SSL mode. HTTP_HOST contains the port of the protocol I'm switching from, so for example when switching to HTTP, I get:
  http://host.mcg.edu:4443/pls/htmldb... <-- SSL port
  If I use the SERVER_NAME CGI variable (host.mcg.edu) and then hardcode the http or https port number, it works. Not very portable, though, as our production environment uses default ports (80 and 443).
  What am I doing wrong?
  Thanks for your insight.
  -John

  John,
  you could also use mod_rewrite to configure this stuff directly in your Apache (Oracle Http Server powered by Apache :).
  http://blog.murf.org/?p=24
  This way you would have the configuration in a single place.
  ~Dietmar.

• No switch to HTTPS occurred, so it is not secure to send a password

  Hi,
  I have created one SAP Transaction iview with Tcode “HRESSIN_F16” which is accessed through ESS service in portal.  This iview uses system with logon ticket say ESS. When we access this iview in our local LAN using HTTP URL it works fine.
  But when we access it through HTTPS (https://www.mycompany.com) we get a logon popup saying “No switch to HTTPS occurred, so it is not secure to send a password” even though we have implemented SSO with logon tickets.
  What are the possible causes?
  Regards,
  Bharat Mistry.

  Hi Joerg,
  Thanks for your quick reply.I will do as you suggest and then let you know whatever result
  Ok I am explaning you in detail.
  I have created one SAP Transaction iview with Tcode “HRESSIN_F16” which is accessed through ESS service in portal. This iview uses system with logon ticket say ESS. When we access this iview in our local LAN using HTTP URL it works fine.We have Web dispatcher also.
  In our case their is situation of (SSL termination without metadata exchange).Means upto Web dispatcher HTTPS then from it to WEB AS HTTP.
  When we access it through HTTPS , we get a logon popup saying “No switch to HTTPS occurred, so it is not secure to send a password” even though we have implemented SSO with logon tickets.
  But even after this warning if We provide username and password set on ECC6,it gives error either user name or password is incorrect.
  And I am sure that username and password are same as ECC6.
  There is also no problem of authorization,we had also tried with SAP_ALL.
  Here it is web dispatcher profile parameter
  SAPSYSTEM = 8
  wdisp/shm_attach_mode = 6
  rdisp/mshost = ....
  ms/http_port = 8101
  DIR_INSTANCE = /secudir
  ssl/ssl_lib=/secudir/libsapcrypto.so
  ssl/server_pse=/secudir/sec/.....pse
  wdisp/auto_refresh = 120
  wdisp/max_servers = 100
  wdisp/server_info_location = /msgserver/text/logon
  icm/server_port_0 = PROT=HTTPS,PORT=443
  icm/server_port_1 = PROT=HTTP,PORT=0
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=/webdisp/admin
  wdisp/HTTPS/dest_logon_group = APPS
  wdisp/ssl_encrypt = 0
  wdisp/add_client_protocol_header = true
  icm/HTTPS/verify_client = 0
  icm/HTTP/redirect_0 = PREFIX=/, TO=/irj/index.html
  #icm/HTTP/redirect_0 = PREFIX=/, TO=/APPS~irj
  is/HTTP/show_detailed_errors = false
  icm/HTTP/error_templ_path = /webdisp/error
  icm/HTTP/file_access_0 = PREFIX=/images/,DOCROOT=/webdisp/images
  Thanks & Regards,
  Sunny
  Edited by: Sunny Patel on Jan 21, 2008 2:07 PM

• Failed to download jars from https

  I have jar files that located at location below
  https://mysite.com/app/hello.jnlp
  https://mysite.com/app/hello.jar
  when the link get accessed directly from browser, the user will be directed to a page where they need to enter username and password then they will be able to download the files.
  Is it possible to pass in the session id somewhere in jnlp file so the jars can be downloaded?
  I hope my question is clear

  I have observed the same problem. When switching from older plugin version to 1.6.0_10 the jar-files are not downloaded on some clients when https is used. This concerns an application without login (there is a login for DB, but it is part of the applet). It works on my machine (Win XP sp3 and IE 7), but not on some others (among which are XP and Vista clients with different IE versions). It should have something to do with security settings of the browser, but I have not found out which. The certificate we use for https is a signed and offical certificate (though it is a wildcard certificate).