Switching Http/Https in ADF

Similar Messages

• Switching between https and http requests

  Hi,
  Our application is built using ADF 10.1.3
  This application need to be integrated with an in house built single sign on system. ( SSO system is built in C# and .NET)
  This single sign on system only understand https request. Once user is validated against single sign on system, our application's authorization page is called in HTTPS mode. Once the user is authorized, he is forwarded to home page. While forwarding to home page, we want to convert the HTTPS request to HTTP.
  Currently once the user is authenticated, all requests are happening in HTTPS mode.
  We do not know how to make http request from existing https requested page.
  Any help is appreciated.
  Thanks
  Ranajit

  Hi,
  the way to do this is by redirecting the call from a PhaseListener or command button. The solution Avrom refers to is a PhaseListener that uses XML configuration file to determine whether or not the page you are navigating to requires https or http. The code that handles the protocol switch is printed below
    * Determines if the requested page requires SSL and if the current protocol
    * meets this need. If not the protocol is switched between http and https
    * @param viewId
    * @param pageRequiresSSL
    public void handleProtocolSwitch(String viewId, boolean pageRequiresSSL)
      ExternalContext exctx = FacesContext.getCurrentInstance().getExternalContext();
      boolean isSecureSSLChannel = ((HttpServletRequest)exctx.getRequest()).isSecure();
      // pages that require SSL and SSL is on, or pages that don't require
      // SSL but SSL is on and should be kept
      if (pageRequiresSSL && isSecureSSLChannel || !pageRequiresSSL && isSecureSSLChannel && isKeepSSLMode) {
      printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel+", is keep SSL = "+isKeepSSLMode);
      printDebugMessage("No protocol change required");
      // page requires SSL and SSL is not active. Switch to SSL.
      if (pageRequiresSSL && !isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel);
        printDebugMessage("Protocol change required to use https");
        switchToHttps(viewId);
      // switch to HTTP is page doesn't require SSL and channel isn't secure
      // and isKeepSSLMode is false
      if (!pageRequiresSSL && !isKeepSSLMode && isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel+", is keep SSL = "+isKeepSSLMode);
        printDebugMessage("Protocol change required to use http");
        switchToHttp(viewId);
      if (!pageRequiresSSL && !isSecureSSLChannel) {
        printDebugMessage("Page requires SSL = "+pageRequiresSSL+", channel is secure = "+isSecureSSLChannel);
        printDebugMessage("No protocol change required");
    * Switches from https to http using a redirect call
    * @param viewId
    private void switchToHttp(String viewId) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext exctx = facesContext.getExternalContext();
        ViewHandler vh = facesContext.getApplication().getViewHandler();
        String pageURI = vh.getActionURL(FacesContext.getCurrentInstance(), viewId);
        //redirect to http URL
        String remoteHost = getHostNameFromRequest();
        printDebugMessage("Switch to http on host "+ remoteHost);
        try {
            String port = httpPort.equalsIgnoreCase("80") ? "" : ":" + httpPort;
            String url = "http://" + remoteHost + port + pageURI;
            printDebugMessage("Redirecting to http URL "+ url); 
            //TODO check request Map
             this.printDebugMessage(" Content size of RequestMap before redirect "+exctx.getRequestMap().size());
            exctx.redirect(url);         
        } catch (IOException e) {
            printDebugMessage("Redirect to http port failed "+ e.getMessage());
    * switches to https using a redirect call
    * @param viewId
    private void switchToHttps(String viewId) {
        FacesContext facesContext = FacesContext.getCurrentInstance();
        ExternalContext exctx = facesContext.getExternalContext();
        ViewHandler vh = facesContext.getApplication().getViewHandler();
        String pageURI = vh.getActionURL(FacesContext.getCurrentInstance(), viewId);
        //redirect to https URL
        String remoteHost = getHostNameFromRequest();
        printDebugMessage("Switch to SLL/https on host "+ remoteHost);
        try {
            String port = httpsPort.equalsIgnoreCase("443") ? "" : ":" + httpsPort;
            String url = "https://" + remoteHost + port + pageURI;
            printDebugMessage("Redirecting to https URL "+ url);       
            //TODO check request Map
            this.printDebugMessage(" Content of RequestMap before redirect "+exctx.getRequestMap().size());
            exctx.redirect(url);         
        } catch (Exception e) {
            printDebugMessage("Redirect to http port failed "+ e.getMessage());
    * @return the hostname of the page request
    private String getHostNameFromRequest() {
        ExternalContext exctx = FacesContext.getCurrentInstance().getExternalContext();
        String requestUrlString = ((HttpServletRequest)exctx.getRequest()).getRequestURL().toString();
        URL requestUrl = null;
        try {
            requestUrl = new URL(requestUrlString);
        } catch (MalformedURLException e) {
            e.printStackTrace();
        String remoteHost = requestUrl.getHost();
        return remoteHost;
    }If your container doesn't support session sharing between http and https then the session is renewed. In OC4J you will have to configure this.
  Frank

• JSF / Switch between HTTP and HTTPS

  Hello!
  I want to switch between HTTP and HTTPS using JSF.
  Under Apache Struts framework I can use struts extension "sslext.jar" to configure switching between http and https in one web application.
  e.g. Login-jsp should be secured, all other jsp's should run unsecured.
  Any ideas?
  regards
  Harald.

  Thanks,
  I made the necessary enhancement for the second phase, password confirmation required when return to SSL zone after leaving it after a succesful login.
  I did the following:
  1) create a class in the application scope and/or singleton class with the servlet paths that require SSL
  2) create a plugin that reads ActionConfigs from the ModuleConfig
  3) create a filter that sets a request scope flag that says that password must re-entered.
  Code Extracts:
  1) MainshopContainer application level parameter singleton class:
  private static HashMap sslZoneMap = new HashMap(50); // key = servlet path of request, example /login.do
  public boolean isInSSLZone(String servletPath)
  return this.sslZoneMap.containsKey(servletPath);
  public void addToSSLZone(String servletPath)
  this.sslZoneMap.put(servletPath,null);
  public int getNumberOfActionsInSSLZone()
  return this.sslZoneMap.size();
  2) Struts plugin
  add a call to loadSSLZoneMap in plugin init method:
  loadSSLZoneMap(config, mainshopContainer);
  private void loadSSLZoneMap(ModuleConfig config, MainshopContainer mainshopContainer)
  throws ServletException
  try {       
  ActionConfig[] actionConfigs = config.findActionConfigs();
  for (int i = 0; i < actionConfigs.length; i++)
  if (actionConfigs.getParameter().indexOf("/jsp/account/") < 0) // /account/* = URL path for SSL zone
  // not found = not ssl zone
  System.out.println("loadSSLZoneMap, following actionConfigs excluded from SSL Zone: "+actionConfigs[i].getPath());
  else
  // found = ssl zone
  String servletPath = actionConfigs[i].getPath()+".do";
  mainshopContainer.addToSSLZone(servletPath);
  System.out.println("loadSSLZoneMap, following servletPath added to SSL Zone: "+servletPath);
  System.out.println("loadSSLZoneMap, number of actions in SSL Zone: "+mainshopContainer.getNumberOfActionsInSSLZone());
  catch (Exception ex)
  ex.printStackTrace();
  throw new ServletException("Exception caught in loadSSLZoneMap: "+ex.toString()+" Initialization aborted.",ex);
  3)
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
  throws IOException, ServletException {
  HttpServletRequest req = (HttpServletRequest) request;
  HttpServletResponse res = (HttpServletResponse) response;
  String servletPath = req.getServletPath();
  boolean secure= this.mainshopContainer.isInSSLZone(servletPath);
  The wole picture:
  The filter adds a RequestDTO object that includes all request parameters, one of them is the secure flag.
  I have a session scope class UserContainer that includes all the session parameters, one of them is the lastRequestDTO.(last made request)
  At the end of all my jsp's I set the lastRequestDTO variable.
  In that method I set the passwordConfirmationRequired flag if needed:
  public void setLastRequestDTO(RequestDTO _lastRequestDTO)
  if (this.lastRequestDTO != null && this.lastRequestDTO.isSecure() != _lastRequestDTO.isSecure())
  this.setPasswordConfirmationRequired(true);
  this.lastRequestDTO = _lastRequestDTO;
  I read the passwordConfirmationRequired in all my jsp's in the SSL zone that allow editing or deleting and if that flag is true, a valid password must be re-entered in order to make the updates.
  When the password is OK I reset the passwordConfirmationRequired to false.
  I need some help for the first phase, that is SSL setup for all actions related to jsp's with url path /account/*
  I tought I could define it in the web.xml:
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All Account Related Pages</web-resource-name>
  <url-pattern>/account/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  but that doesn't work and finnaly understood why:
  Example: /WEB-INF/jsp/account/login.jsp corresponds to /login.do
  The url pattern /account/* at the container level is never encountered.
  Is it allowed to declare the following action path: /account/login instead of /login?
  If yes I could add following prefix /account to all my action paths and forward paths and this could resolve my problem.
  What's your opinion?
  If no, would your library resolve this?
  Will all the Struts/JSP/JSTL url generating tags pick-up the required protocol (http/https) according to your configuration file?
  Regards
  Fred

• No switch to HTTPS occurred in Web Dynpro ABAP application

  We are building a Web Dynpro ABAP application and when I logon I get:
  No switch to HTTPS occurred, so it is not secure to send a password
  I want to suppress this message but I can only find a parameter that works for BSP applications (You can suppress the message using the property BspDontShowHttpsWarning. Goto SICF and locate your service, open node and choose tab error pages. At redirect URL add '&bspdontshowhttpswarning=X').
  However, for Web dynpro this parameter does not work. Does somebody know if there is a parameter available for web dynpro ABAP applications to suppress this message?
  kind regards
  Angelique Heutinck

  Angeline
  I asume that you are using a "Basic Authentication" method, if this is your case, you should configure the SICF service with the following parametters:
  1) Go to SICF, /yourservice / double click
  2) On the "Logon Data" tab, in the "Procedure" option choose "Alternative Logon Procedure".
  3) On the same tab, at the "Logon procedure option", delete the SSO option, and change the Number of the another methods, raised the "Basic Authentication" to the first place.
  4) Go to Error pages tab, flag "System logon", and after that click over Configuration, here check "Do no display warnings"
  Hope this help you !

• Switching from HTTP to HTTPS - adverse side effects???

  Hi everybody,
  what are the possible adverse side effects when changing from HTTP to HTTPS? 
  I could imagine that previously saved web bookmarks would not work, correct?
  Links saved in roles will have to be adjusted in roles, correct?
  Anything else?
  Does anybody have knowledge/experience in this area and how do you recommend to proceed when switching a productive system from HTTP to HTTPS?
  Martin

  The web bookmarks stored on IE browser will still point to the HTTP service, not HTTPS, you will have to make the changes manually.
  The URLS for BW Reports are generated dynamically, you should be able to maintain an entry in table HTTPURLLOC and get this switched to HTTPS. see OSS note 805344 for the same.
  Thanks.

• URL redirect - how to switch from https to http

  Hi, all.
  We have some requirement that the portal session be switched to https on some iviews while the rest of the contents are in http. I am thinking of using url redirect on the web dispatcher.
  What I found is that the url redirect from http to https works great. Now if I want to switch back to http, the redirect doesn't work. Note that the http port is 80 and https port is 443 on the web dispatcher. To test, here is the parameter I did to switch from http to https. This works and transforms the url from http://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxx to https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=http, PROT=https, HOST=ozonehomeep3.XXXXXX
  If I flip it back the other way:
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=ozonehomeep3, FROMPROT=https, PROT=http, HOST=ozonehomeep3.XXXXXX
  When I connect using the url https://ozonehomeep3.xxxxxxxxx/irj/portal/zsap_xxxxxxxxxxxx, it ignores the parameter and the redirect to http did not happen.
  What is wrong?
  Thanks,
  Jonathan.

  Hello,
  I've had a similar problem for one of my customers.
  I've tried to do it on a root level, just Https://FQDN:port_https/ to http://FQDN:Port_http/
  I've used this parameter to solve it:
  icm/HTTP/redirect_0 = PREFIX=/, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http
  maby you should try:
  icm/HTTP/redirect_0 = PREFIX=/, FROM=/irj/portal/zsap_, FOR=FQDN, FROMPROT=HTTPS, HOST=FQDN, PORT=80, PROT=http, TO=/irj/portal/zsap_
  You should also verify that the standard http port (80) are open in the firewall from the outside, just take a telnet session to FQDN and port 80
  to quickly determined if the firewall policy are right.
  Good luck!
  Kind Regards
  Håvard Fjukstad.

• Problem when switching from https to http on Safari

  I am using a Safari browser and try to switch from https to http within the same web application.
  The Safari browser is configured so that on Safari->Preferences->Security the check box "Ask before sending a non-secure form to a secure website" is checked.
  When using the Safari browser in my web application and going from an https page to an http page, the browser shows an (expected) dialog box asking the user whether he wants to send a non secure form. Clicking Ok (twice) causes the following problematic dialog box to appear :
  Safari can't open the specified address;
  Safari can't open "(null)" because Mac OS X doesn't
  recognise Internet addresses starting with "(null)"
  How can I avoid this problem without having to uncheck the above mentioned check box in Safari->Preferences->security.

  I have somehow a similar problem,too. My site is in https upon login which maintains some session data. One of the features of my site is the file upload (servlet) which does some batch processing. Since my https session terminates(timeout)upon uploading, I resorted to switching the link to an http session using
  File Upload
  When I do "session.getAttribute('data')" in my servlet after being called by the "upload.jsp", a NullPointerException is thrown at that particular line.
  My question:
  1. Upon uploading of file/data via https, is there a maximum bytes that it can only process? My file is just less than 1MB and it terminates the session. How do I go about it? Should I switch it then to an http?
  2. If I switch from https to an http session, SSL session data can not be retrieved from an http session?
  Thanks!

• Issues switching to HTTPS

  Hi all.
  I followed Scott Spadafore's advice on forcing a specific page to HTTPS:
  Re: HTTPS and LOGIN
  I'm getting redirected to the right protocol, but the wrong port. The problem seems to be here:
  htp.p('Location: http://'||
  owa_util.get_cgi_env('HTTP_HOST')||
  owa_util.get_cgi_env('SCRIPT_NAME') ||
  owa_util.get_cgi_env('PATH_INFO')||'?'||
  owa_util.get_cgi_env('QUERY_STRING'));
  HTTP_HOST returns "host.mcg.edu:7779" in non-SSL mode, and "host.mcg.edu:4443" in SSL mode. HTTP_HOST contains the port of the protocol I'm switching from, so for example when switching to HTTP, I get:
  http://host.mcg.edu:4443/pls/htmldb... <-- SSL port
  If I use the SERVER_NAME CGI variable (host.mcg.edu) and then hardcode the http or https port number, it works. Not very portable, though, as our production environment uses default ports (80 and 443).
  What am I doing wrong?
  Thanks for your insight.
  -John

  John,
  you could also use mod_rewrite to configure this stuff directly in your Apache (Oracle Http Server powered by Apache :).
  http://blog.murf.org/?p=24
  This way you would have the configuration in a single place.
  ~Dietmar.

• Switch to HTTPS

  Hello,
  I am trying to submit a paragraph of code which has been working on other computers. On my system, I receive the error:
  E_COSMOS_GENERIC: Could not get stream info for http://cosmos08.osdinfra.net:88/cosmos/bingads.business.fastjobs/shares/adCenter.BICore.SubjectArea/SubjectArea/resources/PROD/MonetizationFacts.view
  [HttpStatusCode = Forbidden; ErrorCode = 0x80004005(The operation failed); Description = HTTP(http://cosmos08.osdinfra.net:88/cosmos/bingads.business.fastjobs/shares/adCenter.BICore.SubjectArea/SubjectArea/resources/PROD/MonetizationFacts.view?view=xml&property=info)
  is not allowed. Please switch to HTTPS instead. For more detailed instruction, please check (https://microsoft.sharepoint.com/teams/Cosmos/Documents/SecurityAndCompliance/Security%20Updates%20to%20VcClient.docx).
  Essentially it seems that Visual Studio is telling me that this location is not within communication, because I have to switch to HTTPS. However, because I don't explicitly reference this location in my code, I deduce that it is embedded somewhere in my
  system. Does anybody know how to make the switch from HTTP to HTTPS within the Visual Studio system?
  Thanks,
  Rohit

  Hi Rohit,
  From your description, could you please tell me how you submit a paragraph of code which has been working on other computers and then get the error message?
  If possible, I suggest you can provide me the detail steps or screen shot about how to submit a paragraph of code which has been working on other computers.
  What application you are developing?
  To further help you support this issue, please tell me more information about your issue.
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• No switch to HTTPS occurred, so it is not secure to send a password

  Hi,
  I have created one SAP Transaction iview with Tcode “HRESSIN_F16” which is accessed through ESS service in portal.  This iview uses system with logon ticket say ESS. When we access this iview in our local LAN using HTTP URL it works fine.
  But when we access it through HTTPS (https://www.mycompany.com) we get a logon popup saying “No switch to HTTPS occurred, so it is not secure to send a password” even though we have implemented SSO with logon tickets.
  What are the possible causes?
  Regards,
  Bharat Mistry.

  Hi Joerg,
  Thanks for your quick reply.I will do as you suggest and then let you know whatever result
  Ok I am explaning you in detail.
  I have created one SAP Transaction iview with Tcode “HRESSIN_F16” which is accessed through ESS service in portal. This iview uses system with logon ticket say ESS. When we access this iview in our local LAN using HTTP URL it works fine.We have Web dispatcher also.
  In our case their is situation of (SSL termination without metadata exchange).Means upto Web dispatcher HTTPS then from it to WEB AS HTTP.
  When we access it through HTTPS , we get a logon popup saying “No switch to HTTPS occurred, so it is not secure to send a password” even though we have implemented SSO with logon tickets.
  But even after this warning if We provide username and password set on ECC6,it gives error either user name or password is incorrect.
  And I am sure that username and password are same as ECC6.
  There is also no problem of authorization,we had also tried with SAP_ALL.
  Here it is web dispatcher profile parameter
  SAPSYSTEM = 8
  wdisp/shm_attach_mode = 6
  rdisp/mshost = ....
  ms/http_port = 8101
  DIR_INSTANCE = /secudir
  ssl/ssl_lib=/secudir/libsapcrypto.so
  ssl/server_pse=/secudir/sec/.....pse
  wdisp/auto_refresh = 120
  wdisp/max_servers = 100
  wdisp/server_info_location = /msgserver/text/logon
  icm/server_port_0 = PROT=HTTPS,PORT=443
  icm/server_port_1 = PROT=HTTP,PORT=0
  icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=/webdisp/admin
  wdisp/HTTPS/dest_logon_group = APPS
  wdisp/ssl_encrypt = 0
  wdisp/add_client_protocol_header = true
  icm/HTTPS/verify_client = 0
  icm/HTTP/redirect_0 = PREFIX=/, TO=/irj/index.html
  #icm/HTTP/redirect_0 = PREFIX=/, TO=/APPS~irj
  is/HTTP/show_detailed_errors = false
  icm/HTTP/error_templ_path = /webdisp/error
  icm/HTTP/file_access_0 = PREFIX=/images/,DOCROOT=/webdisp/images
  Thanks & Regards,
  Sunny
  Edited by: Sunny Patel on Jan 21, 2008 2:07 PM

• Would it be possible that saved passwords would work on both http and https version of the same site as some pages are switching from http to https?

  Some sites are switching from http to https protocols and some sites run both. This creates some duality when you have saved passwords. You either save passwords for both versions of the site. And if you visit the https version for the first time you just have to go and look up the password as (personally) I don't remember all of my passwords.
  Would it be possible that unless there are different passwords for different version of the site that firefox would use the one that it has already saved?

  You will have to save the password again in case the submit URL and possibly other parameters change.
  You can try this extension:
  * Saved Password Editor: https://addons.mozilla.org/firefox/addon/saved-password-editor/

• SOAP Adapter with Security Levels - HTTP & HTTPS

  We have a successfully working interface scenario where SAP XI is hosting a web service and the partner systems calling it using SOAP Adapter URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel with Security Level HTTP on the SOAP Sender Communication channel.
  Going forward, for other similar interfaces (SAP XI hosting Web Service and partner systems calling it), we would like to use HTTPS and/or certificates.
  If we enable HTTPS on XI J2EE server as per the guide How to configure the [SAP J2EE Engine for using SSL - Notes - PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc]....
  can partner systems still use the URL http://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel or should they switch to https://host:port/XISOAPAdapter/MessageServlet?channel=:service:channel?
  can we continue to have the existing interface working using HTTP Security Level i.e. partners not having to send the certificate with each message?
  If we use HTTPS security level, is it mandatory for the partner system need to send the certificate? Is it possible to have an HTTPS scenario w/o certificates?
  What is the difference between Security Levels  'HTTPS Without Client Authentication' & 'HTTPS with Client Authentication'?
  I appreciate your inputs on this.
  thx in adv
  praveen
  PS: We are currently on SAP PI 7.0 SP17

  Hi Praveen,
  There is no need to change the interface and It is manditory for the partners to send certificates in order to validate each other. Use the https in url.
  HTTPS With Client authentication:
  The HTTPS client identifies itself with a certificate that is to be verified by the server. To validate the HTTPS clientu2019s certificate, the HTTPS server must have a corresponding CA certificate that validates this certificate. After validation of the clientu2019s certificate, the server maps the certificate to an actual system user executing the HTTP request.
  and check this link.
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  Regards,
  Prasanna

• ASR_PROCESS_EXECUTE - ABAP Webdynpro application - http/https

  Hi,
  We are implementing HCM Processes and Forms framework and trying to use the standard ABAP
  Webdynpro application ASR_PROCESS_EXECUTE to be able to Start HR Personnel related processes.
  Start Processes iview available with the HR Administrator package on the portal when clicked seems to be getting stuck in a loop.
  When I try to test the application from SE80 on the backend, it seems to be going in some sort of loop and flashing message appears repeatedly 'Logon is being prepared.....logon is starting'. Looks like it keeps attempting to switch between http and https. The URL that appears in SE80 for the application is
  http://servernmame.domainname.com/sap/bc/webdynpro/sap/asr_process_execute.
  Instead of http...if I replace this URL with https://servernmame.domainname.com:443/sap/bc/webdynpro/sap/asr_process_execute it works fine
  When I go to SICF and execute this Web dunpro application, it uses https in the URL and that works fine too.
  We are on EhP3. How can i fix this issue? I want to be able to use standard iviews that will call this Webdynpro application using appropriate protocols.
  Any ideas will be much appreciated
  Thanks,
  Saurabh
  PS: this also sound like a portal issue, so posting in Portal forum too.

  Its not the cache, i just wanted to let people know with similar problems.
  It may be a problem with the parameters,
  in RZ10, search for icm* parameters and search in SAP Help about each parameter and what should be their value. You will find that parameters are taking HTTPS
  Also, one more thing, STRUSTSSO2, check if certificate is added in ACL and in production client as well..
  This will solve all this kind of problems.

• Rights Management problem (http / https)

  How do I fix the error: "You are attempting to connect to an adobe livecycle rights management server using an insecure protocol."
  Is there a way to leave the server as http and change the policies to not ask for https protocol?
  I've tried changing the BASE URL to http://localhost:8443 but cannot find any documentation to help me further.

  Is the client using Netscape Navigator or IE? There used to be a problem
  with Netscape not sending the cookies established for a domain like:
  something.com:7001/xxxxx
  if a redirect sends the user to
  something.com:7002/zzzzz
  Because of the port change in the URL, it treats these as different domains
  and doesn't send previous cookie containing session ID.
  Works fine if you use default ports for http/https and do NOT put them in
  the URL.
  Not sure if this is at all related to your problem.
  -Greg
  Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
  www.oreilly.com/catalog/entjbeans3 or www.titan-books.com
  "Peter Morelli" <[email protected]> wrote in message
  news:3bf478a9$[email protected]..
  >
  We have an apache 1.3.20 with the weblogic ssl plugin front ending two5.1sp10
  weblogic servers.
  The plug-in load balances between the two servers, but when a userestablishes
  a session, all requests are served by the wl instance that established thesession.
  So far, the correct, sticky behavior.
  The problem occurs when a user establishes a session with non-SSL http,then switches
  to SSL HTTPS, or vice versa. It looks like a new session is established,and in
  some cases, the requests are now served by the other server.
  Is there any way to maintain sessions across HTTP and HTTPS?
  Thanks.
  --pete

• Weblogic 10.3: web service client enable HTTP/HTTPS connection reuse?

  hi all,
  i am writing an client app to call a web service, through a client proxy generated by jdeveloper/weblogic.
  My question is:
  for the weblogic web service client proxy, is it possible to enable HTTP/HTTPS connection reuse/pooling?
  i see there is many connection created when calling the web service (by command netstat)?
  thank you.
  lsp

  anybody can help?
  thanks