1 2 3 40 Previous Next

SAP Enterprise Portal

590 Posts


In the modern world of computing and IT Security is perhaps one of the important aspects of assured business practices and conformance to business practices. Without necessary security measures and protection mechanisms as we know the consequences can be consequential in all walks of life and the Enterprise Portal is no different. In my experience with the Enterprise Portal I've dealt with many different scenarios in which customers have been performed security scans and updates in a bid to identify vulnerabilities and make correction measures were necessary. Such processes are encouraged as they help ensure Portal Environments are fined tuned when it comes to protection against harmful and malicious threats from diverse sources.


What is Clickjacking

Clickjacking is something I've seen noted by customers on multiple occasions as a result of running vulnerability scans. In true essence click-jacking is essentially a clever means of tricking users into performing hidden actions through disguised links and context elements.



Clickjacking - Protection Step 1

If you have conversed with SAP you will be aware of the important of the latest Patch Level Release & Support Package implementation. Applying the latest Patch Levels & SP's provide resolutions into easily avoidable issues and offer preventive measures against potential issues. In terms of "potential issues" this can indeed include security breaches and threats therefore the recommendation is always to ensure the latest SP's & Patches have been applied.


Clickjacking - Protection Step 2

Now if you run security & authorization checks from a Portal perspective you may come across possible concerns across a wide range of Portal Component areas and in many cases these have to be checked independently. In this case we are going to try and lay the foundation (following Step 1) to ensure we have a solid Clickjacking protection setup in place. Here we are essentially implementing preventive measure guidelines to ensure your Portal setup and environment has the correct security settings.

A core aspect to click-jacking protection is the surrounding platform in which the Portal operates which is the Browser.


From the Portal's perspective in terms of intended utilization it is of vital importance that the Web Browser Platform being used is supported from SAP's perspective. In order to support optimal browser performance you will need to ensure that the current Product Version being utilized (IE, Chrome, Firefox, Safari) supports your NW Version and vice versa. In relation to optimal browser performance here I am making reference to two difference aspects:


  • Rendering: how the presentation is presented to the end user in terms of EP components & elements
  • Security & Navigation: functionality setup and essentially "click-ability" and "select-ability"


The primary means of checking whether or not your present Web Browser Platform version is supported is through the SAP PAM or Product Availability Matrix. On the PAM we are given insight into which different Product Versions support Web Browser Versions and vice-versa. The PAM will also provide an informative outlined into the limitations (if any) which may exist which a potentially unsupported setup.


Although we can refer to the risk of using an supported Browser Platform as a lack of common sense in many cases we inadvertently open ourselves up to potential threats. For example if you are using standardized company software and are participating in a project perhaps you want to make use of a free software to offer an extra degree of detail to your project. This could be anything from grammatical process setups or perhaps a graphical generation software.


If you have experiencing with downloading any software program you would have encountered the launch program and .exe files on many occasions. Here we often navigate quickly through the launch tool as we only want to make use of the final product. In doing so we might accidentally install a host of third party tools such as browser plugins, and toolbar setups. In true essence you are never quit sure as to what you are downloading if not from a trusted source. Upon downloading any third party software even for temporary use inadvertently you could be installing spyware and phishing mechanism to which you are "none the wiser".


The recommendation is to install only what is supported and seek consultation from Admins regarding any potential queries you may have regarding the intended utilization of programs or tools which may not be available as standard in an organizational setup.



Combining Protection Step 1 & Protection Step 2


I would strongly recommend reviewing the following guidance documentation to add an extra degree of comprehensive insight as this will help set a solid protection measure foundation against clickjacking.


Protection Step 3 - Applications & Elements

The first point of reference here comes in the shape of SAP Note: 1781171 - ClickJacking vulnerability in WebDynpro Java. In theory it is of adequate practice to set the property "ClickJacking" to "true" and "X-FRAME-OPTIONS" to be set as "SAMEORIGIN". This will make sure that the functionality is constant on all of the WDJ server responses and calls.


However, do note that this X-FRAME-OPTIONS is not compatible with all browsers. Refer for more details.:



Protection Step 4 - Iframes & Forbidden Framing References

Many of us as Portal end-users have come across and encountered the infamous message "This content cannot be displayed in a frame. To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame. What you can try: Open this content in a new window which can arise for a whole range of different issues. Sticking to the topic of clickjacking here on the Web Dynpro front in many cases the root source is actually that of the Web Browser Platform and cannot be avoided by us.


Both documentation links outlined above share additional details about the Allow-From attribute. Such issues meant the creation of the X-Frame-Options to avoid click jacking vulnerabilities in WD setups which again is complemented by SAP Note: 1781171 - ClickJacking vulnerability in WebDynpro Java.

By definition the Portal allows itself to be framed into another third-domain page. This ability is required in order to support the Interoperability mode. (Integrating SAP Portal Content into Other Portal Servers.


For more informaton on this: http://help.sap.com/saphelp_nw73/helpdata/en/24/68b6dff7be4d6a98d0d49eba920096/content.htm )


This is the reason we can't control the X-Frame-Options header variable (which disables/limits framing options). In order to avoid clickjacking it is possible for you to use reverse proxy in order to prevent SAP NW Portal framework page being framed. You can configure the reverse proxy to use a parameter 'X-FRAME-OPTIONS' to disallow framing. To prevent clickjacking, a Website Owner (Google) can send a HTTP response header X-Frame Option "Deny". Then the browser prevents the page from rendering in a frame and you get the error message "This content cannot be displayed in a frame". Again to highlight it is a browser limitation.


One example of such reverse proxy can be apache reverse proxy. See more details on X-FRAME-OPTIONS here:




Reference Point - Fiori & Clickjacking.


The primary driver behind the utilization of the Fiori Launchpad on Portal is to provide end-users with the practical experience that Fiori itself offers. The utilization of the Fiori Launchpad on Portal shares the same approach delivered within the normal Enterprise Portal environment although the way such an experience is display is different!




If you are familiar with the Universal Worklist from an end-users perspective you will know that the UWL itself serves as a centralized task management platform for a wide array of processes.The purpose of such task types or work-items varies surrounding business operations and can include sales orders, travel requests, leave requests or tracking setups. The management of such tasks is of vital importance as you can imagine due to the association they share to an organizations business operations and general practices.


Sample Scenario: You need to remove task types?


Lets imagine you have a workitem approval scenario for managers which revolves around different managers approving and rejecting overtime requests for employees. Now the way in which this process is configured means that when a "request" is either "approved" or "rejected" the employee will receive a confirmation.


So let us imagine


  • User A (Employee) sends a request (overtime) for approval to their manager.
  • User B (Manager) receives the request and approves it (meaning notification and confirmation is sent to the employee).
  • However the workitem (despite being approved) remains in the end-users (employees) UWL Inbox and therefore appears active (when it should be completed).


For the reason the employee follows the obvious approach and attempts to find a means of removing the workitem since in fact it has been completed. If we add a degree of further complexity to this sample scenario we can imagine the same behavior happening for "Rejected" requests which undoubtedly means task duplication will occur and the employees & managers Inbox will be overflowing with "dormant" tasks. The status of the these overtime requests may remain as "released for approval" and if these are not approved on time financial impacts may occur.


Lets Remember: How the UWL works.

The UWL follows two primary pull operations as its baseline means of functionality. When an end-users firstly opens the UWL tasks are pulled from the backend systems (across connectors) into the UWL Cache. A second pull operation then takes place and the workitems/tasks are pulled from the cache into the UWL Interface. If you intend on removing any tasks from the setup you need to firstly remember the key question here of whether you want to remove workitems from the UWL or the actual workflow?


UWL - Task Management - Can We Really Delete Tasks?


So after some discussion you confirm that you need to remove some invalid tasks from the UWL Worklist for the manager specifically related to overtime. Firstly you may have heard that should be able to view and access the workflow overview through the following navigation path:


  • Logon to the Enterprise Portal
  • Navigate to Content Administration & Workflow Content
  • Select Workflow Tasks & Locate the workitem


These reports are part of Collaborations and are supported by the UWL.

  • However in true essence these are not documented and we do not promote & support such a deletion method.

The steps outlined above are a typical approach for the deletion of worktasks but not recommended. Outlined below is a comprehensive guidance document highlighting how to hide, remove and manage workitems accordingly.



uwl2.JPGIn relation to the deletion of tasks themselves. There is no official walkthrough documentation provided by SAP as this is not encouraged

unless there is no other means of solution. If the tasks we are dealing with are  Java Workflow tasks, meaning that there is no backend system involved in the scenario for these particular items,then the "task" of interest is part of a Task List, which has have created through the "Create Task" uwl button.

If you want the UWL to manage workitems accordingly to ensure the Inbox is kept "current" the Refresh option can be used to bring the recent workitems that are generated and available in SWPR but not in the UWL itself. The workitems once processed properly will be automatically removed from the UWL and their associated status will change.



SAP KBA: 1577547 - UWL Performance Tips and Considerations

UWL Refresh & Performance Parameters:

There are many configuration options that affect the performance and in the process of creation, the sizing guide determines the hardware requirements.


  • Number of users
  • Total number of items per user
  • Number of connectors


Performance Degradation Factors

  • Sometimes specific connectors (BPMUWL) cannot fulfill the get items request. There is 30 seconds timeout defined for the connectors (configurable)
  • Communication channel between UWL and providers (Network, JCo)


Performance Configuration Recommendations

  • Use Delta Pull mechanism (where applicable)


  • Delta Pull period should be no longer than the time that task is required to be updated in the UWL for all new items from the backend. If the items are created more frequently, the period should be shortened and the opposite. Better results for performance will be with higher values but the items may not be always up to date.The minimal value is 60 seconds and it is default value as well.


  • Cache validity should have a longer period value than the delta pull.If cache validity has expired then a call to backend will be performed regardless of the fact that delta pull has occurred.


  • Page refresh rate, that is accessible from data properties of Personalize Tasks, specifies how often UI will be refreshed with data from the cache. Note that the cache validity period takes precedence.Then the Page refresh rate should have less period value than cache validity. Last comes the Delta Pull period. In short: Cache Validity > Page refresh rate > Delta Pull period.


  • The number of users per channel depends on the number of the tasks and the number of theusers. Default value is 40 users per channel. Increasing this number will decrease the number of the invocation to the backend. Note that the higher the number of users per channel, the higher volume of data per invocation will be transferred.


  • The IView property “Wait duration for UI refresh while waiting for update” can be increased if UI is not responsive. If the value of this property is set to 0 then user interface will be blocked waiting for the call to the backend to complete.  In this case after call is completed and  cache is updated, items are read from cache displayed in the UI. Assigning value to the property allows  the UI to read the last data found in cache and display it immediately, this  way unblocking UI while the call to backend is performed in background. After the time defined in the property passes, presumably cache already updated with the latest items in background, UI is updated again from cache showing the latest items.


  • The number of the custom attributes should be decreased.For every additional attribute an additional call to backend is performed. The setting “Retrieve custom attribute via primary pull” should be switched off.


Portal Runtime errors can on occasion be more commonly encountered than we would like as Portal end-users. Often upon being presented with a Portal Runtime error we are baffled by its occurrence and actively seek its root cause and subsequently its resolution. If you have had experience with the Enterprise Portal for some time the likelihood of you being involved in such a scenario is high. This blog posting aims to look at a specific Portal Runtime error and will touch base on the steps to follow in the quest for a quick and straightforward resolution.

Portal Runtime Error - Popup Principles

When a Portal Runtime error occurs the primary troubleshooting hints are normally provided to you as an end-user within the error exception details. From a high level perspective Portal Runtime errors can occur for a wide array of reasons e.g. invalid system configurations or application discrepancies. However troubleshooting Runtime error exceptions should always begin with labeling the "Exception ID" as the core point of interest.


If you match the Exception ID to the trace file and application log you are already on you're way to finding a resolution. Often breaking the issue down into small steps is the best means of troubleshooting analysis.

Example - Portal Runtime Error

We are going to take the principles above and apply it to a sample problematic scenario and follow a troubleshooting resolution approach. Let us firstly imagine that you have recently performed a system change of some sort. This can be related to upgrades, system migrations, data transfers, SP implementation etc.

Reproducing the Popup:


  1. Login to the portal from desktop.
  2. http://<host>:<port>/irj
  3. Perform some navigation across the Portal Role menus which will prompt the issue to occur.


You find an Error in Trace - The "Old URL is Null", what does this mean?



If you proceed to analyze the default trace file based upon the Portal Runtime error Exception ID  you will have seen the following reference

  • "NavigationService.redirect.recieved exception when calling to redirectors with URL".

The NavigationRedirector provides a method to retrieve redirected node names. A re-director must be registered in a means that recognizes the prefix of the navigation target. In this case the exception is occurring due to caching of the NavigationService.redirect recieve request when calling redirectors with the defined URL.


The Navigation Cache is responsible for caching the navigation of the Portal, starting from the “Entry Point” level. As it caches navigation data like title, merge ID, sort priority:

  • If you make a change to the navigation of the user, the change might not be immediately visible causing subsequent errors.

To resolve this issue you need to clear both the Navigation Cache along with the FPN Cache.


  • Navigation Cache:
    • To clear this firstly login to the portal from desktop (http://<host>:<port>/irj).
    • Go to System Administration > Navigation > Navigation Cache before clicking on the Clear Cache button.
    • Clear the cache for the ROLES connector.


  • FPN Cache (if applicable)
    • Login to the Consumer Portal wherein the federated portal cache needs to be synchronized.
    • Navigate to System Administration > Federated Portal > Myself as Content Consumer > Cache Management.
    • Under Clear Cache followed by the Synchronize Content, click on 'clear the federated Portal cache'.
    • Select “Synchronize all content (if you have consumed large amounts of content, this may take a long time to complete).”
    • Select the “Synchronize with a selected producer” option.
    • Select the federated Portal (Producer) from the dropdown list that needs to be synchronized.
    • Click on the “Synchronize” button.
    • Please restart the Portal session by closing all the browser windows before logging into the Portal again.


A common occurrence with KM (Knowledge Management) problematic based scenarios can often be traced to Hot-Deployment occurrences especially when we are dealing with configuration setups. Hot Deployment references can be encountered in the form of exception highlights within default trace files or also lead to on-screen graphically represented errors. Such occurrences are often associated with recent upgrades, migrations and system restarts involving component configuration changes.

What is Hot-Deployment?

As the name hot-deployment might suggest this process refers to an abrupt & quick means of transferring underlying KM/KMC Code within a KM Service Landscape. The catch with Hot-Deployment is that such a process involving the code does not require the end-user or system admin to perform a restart of the corresponding container base. To elaborate further on this point if we take the Enterprise Portal as the backdrop we know that such an environment consists of multiple core component areas. From solely the perspective of KMC, hot-deployment means you are able to redeploy KMC Components freely without touching the corresponding Portal Components which provide the platform base on which KM runs.


In the image above we depict the process basis of how KM interacts with the Portal through run-time technology conduit channels. All KMC Components interact with the Enterprise Portal's classloader elements i.e. the Portal Runtime Technology (PRT) which is supported through delegated communication from the CRT (Component Runtime).

Hot-Deployment - Concerns ?

The major point of highlight surrounding Hot-Deployment is that such an action is NOT supported, encouraged or recommended as it can lead to a wide array of different issues. If you come across hot-deployment references within the default trace files you're findings will be identical or similar to the sample exception outlined below:


  • #0-500#Error#com.sapportals.wcm.crt.CrtClassLoaderRegistry# #EP-KM-FWK-RF#sap.com/com.sap.netweaver.bc.crt##sap.com/com.sap.nw.r#com.sapportals.wcm.crt.CrtClassLoaderRegistry[HT T P Worker ,5,Dedicated_Application_Thread]#Plain.Stacktrace of classloader registration attempt. [EXCEPTION] java.lang.Exception #0-500#Error#com.sapportals.wcm.crt.CrtClassLoaderRegistry#



These exceptions can come into play with visual representation errors




  • #EP-KM-FWK-RF#sap.com/com.sap.netweaver.bc.crt/global~wpc~tiny_mce#com.sapportals.wcm.crt.CrtClassLoaderRegistry#Thread[HTTP Worker [@842428700],5,Dedicated_Application_Thread]Plain Registration of classloader with id ignored, as hot-deployment is not supported (see OSS Note 894884). Please restart the server to enable newly deployed components.##2.0#2015 09 02 11:09:31:935#0-500#Error#com.sapportals.wcm.crt.CrtClassLoaderRegistry#

In the Hot-Deployment sample exceptions  outlined above we see the references to the Component Runtime & Portal Classloaders. The significance of such exceptions is that component discrepancies and functional issues may appears as a result.

Correcting Hot-Deployment

The exception above we see a reference being made to hot deployment. An overview on this particular exception along with its root source and means of resolution is covered in the following SAP documentation:

- SAP Note: 894884 - Hot-deployment of KMC components - Clarification


In order to resolve hot-deployment you will need to proceed to restart the J2EE engine in order to clear the hot deployment and then subsequently check if KM is accessible.

  • This restart requirement is outlined as a hint in the exception itself and will appear as "Please restart the server to enable newly deployed components".


In addition to the note documentation outlined above kindly review the guideline WIKI's below which offer a more comprehensive overview:


Hot Deployment in the Enterprise Portal: http://wiki.scn.sap.com/wiki/display/KMC/Hot+Deployment+in+the+Enterprise+Portal

KMC - Hot Deployment Checker: http://wiki.scn.sap.com/wiki/display/KMC/KMC+-+Hot+Deployment+Checker


If you see exceptions pertaining to the "Registration of classloader with id" the reasoning behind this is sourced to incomplete deployment. A restart should in theory resolve this occurrence and resulting exception (as this restart subsequently redeploys the component).

So the bottom line here is that Hot Deployment is not supported and the J2EE should be restarted if it occurs. From a preventive standpoint you can use the Hot Deployment checker tool to see if your application is Hot deployment safe, see the note as well.


Points Of Consideration

If you find a restart does not resolve the issue there are various troubleshooting notes and resolution documentation available. However in true essence as this is a non-supported action there is not much we (SAP) can do in terms of offering consultation. SAP Note: 894884 should be used as the primary source of reference here. As per this note SAP Delivered components have not been Hot-Deployment "aware" since SP12+ onward.

If then you come across Hot-Deployment this means that the likely cause is a manual trigger or by Custom Developed Components. If it is the former i.e. (Custom) I need to emphasize that Hot-Deployment in any way, shape or form is not supported and therefore we advise such an action is never conducted ESPECIALLY in Production based Environments.

  • Custom Developed Components also fall outside the scope of the Support Channels therefore from our side consultation is not available.

If Hot-Deployment was caused by the Deployment of a custom service, this can be resolved by performing a full system restart. If however, it is being called by the actual coding of this custom application, then it will reoccur even after the system restart has been performed.

  • In this case, you will need to discuss this with the associated code developer responsible for the application in order to redesign it so that it is not causing an init or triggering a classLoader at runtime.

Basically, anything causing a restart of the CRT (component run-time) without a corresponding PRT (portal run-time) restart will result in Hot-Deployment being caused.



If hot deployment has occurred it will ordinarily be the cause of discrepancies and subsequent loss of functionality.



As we've covered previously Substitution is a key part of functional association to the Universal Worklist (UWL) from an operational standpoint. In a previous blog posting I covered and outlined the methodology behind managing substitution rules and how they can be disabled in the most optimal way (http://scn.sap.com/community/enterprise-portal/blog/2016/01/28/ep-uwl-substitution--unable-to-delete-a-substitution-rule). 


This blog posting covers a different viewpoint surrounding substitution and focuses solely upon trying to hide the "Manage Substitution Rule" option from different end-users.


From a high level perspective customizing an interface and the option elements it holsters is common practice among organizations in order to suit business requirements and preferences.


Manage Substitution Rule - Background

The "Manage Substitution" option you see in the dropdown image outlined above is an Action triggered directly by the UWL (Universal Worklist) itself. This is part of the standard UWL Functionality and the association Action Name is "launchSubstitutionManager".

Manage Substitution Rule - Trying to Remove it

If you have a requirement to removal total support for substitution and its functional association a cross-reference check of the configuration in the iView Property "Display Substituted User" within (PCD Content) should reveal the current value to "yes/no". If you want to keep tje substitution feature itself active but do not want to display the "Manage Substitution" option then add the "launchSubstitutionManager" to the iView Property of "List of UWL Actions to exclude".



Navigate to the UWL Iview in the PCD that the end users are seeing in your standard business scenario setup.


  • E.G. pcd:portal_content/users/JoeBloggs/Roles/UWL/com.sap.netweaver.bc.uwl.uwl_iview


When you select UWL substitution from the dropdown, next to Property Category, what is displayed here for the following parameters?


  • Add ALL Substitution Profile as default: Yes/No?
  • Disable Substitution Profiles: Yes/No?
  • Disable turn on/off buttons: Yes/No?
  • Display Create/Delete buttons: Yes/No?
  • Hide Rule Activation column: Yes/No?



Substitution Buttons & Further Pointers

Please see the help.sap.com article for reference, see the table at the bottom.


Here you will see the standard options which indicate whether Create and Delete buttons are displayed or not. As you should see as standard the Default setting is "Yes". This flag provides an option to hide the Create Rule and Delete buttons from the business user.


Manage Substitution Rule - Important

If your goal in this instance remains to make users unable to create/delete rules as this functionality is not needed i.e. remove the 'Manage Substitution Rule' option there are some important points to highlight.


From NW 7.31 operating with the LATEST SP you can indeed remove the "Manage Substitution Rules" option from view but earlier Product Versions do not boast such a removal functionality. With the I-View Property "Display Substituted User"  you can remove the option as this property hides the Substitution Selector and the Menu Item.

Additional Guidance Documentation & Points

If we re-reference the property we discussed previously "Add All Substitution Profile as default" you will find the parameter that I am mentioning in the following:

  • SAP KBA: 1577579 - Facts and limitations about Substitution in the Universal Worklist


I've come across issues regarding this option before and you will see that in older UWL Component Versions that in some cases the option remained visible despite its edited exclusion.


For your reference kindly also see SAP Note: 1258676 Point 25. At UWL Substitution 'All' profiles used to be added automatically even if it was excluded from backend profiles. Adding 'All' profiles now can be properly set by the appropriate iView property as this should allow you to implement a coded fix to achieve the desired setup and subsequent display.


In my experience perhaps one of the most commonly encountered issue scenarios in my discussions with customers relates to session management and inadequate session retention. I like to use the term "classical" session retention to describe a connection issue such as the working example outlined below:

  • User A logs into the Enterprise Portal and performs some activity
  • User A proceeds to finish this activity and navigate away or close the browser (whilst clicking logoff)
  • User B logs into the Enterprise Portal and is presented with User A's session details i.e. the information last accessed by User A.


The Portal, Sessions & BI/BW

With regards to the Enterprise Portal, BW in itself along with Business Intelligence (BI) is one of the most heavily utilized application interfaces. Business Warehousing along with running BW Reports is often an activity associated with interaction & integration through the Enterprise Portal.

  • For example you could have BW Reports accessed through Portal iViews

Let us expand on the working example above and imagine that a BW ABAP Production System and notice via Transaction SM04 that RFC Connection Sessions are not closing & getting disconnected from the Enterprise Portal. In true essence these type of occurrences come down to two particular factors which are either a discrepancy in the setup or a mis-configuration in terms of parameters.


With respect to a BW based scenarios here you need to determine whether or not the root source of "session retention" resides with the Portal itself or in fact the BW perspective.


From an end users perspective utilizing the enterprise Portal is a straightforward process. We simply logon, fulfill our work obligations and logoff. As an end user we are only concerned with the graphical representation of the Portal that we are delivered with through our monitors representation and we are not truly troubled by what underlying functionality is taking place.

The Portal - How It Manages Sessions

From the perspective of the Enterprise Portal and session management there are some important points to highlight. When session expires or logoff is invoked or browser is closed, no matter what, the connection is not terminated but returned to the pool and kept open as defined in the Connection Lifetime property. In short, the connection stays open for the predefined amount of time by design and this is not an unexpected behavior. It remains in the pool, it is no longer used by e.g. the UWL and it is available for other clients.


The connection lifetime pool can be reset to a different value.When you use transaction SM04 to check sessions what are you seeing? In many cases when the portal is closed (via logoff) a reference is stored.



Use Transaction SM04 - What Do You See?

From using the SM04 transaction it may appear that the sessions remain open but in fact they will only be references.


  • But you are seeing the transaction field remain filled? Are you closing the browser after the users logoff?


Now the WIKI outlined below concerning the RFC Sessions and the SM04 Transaction screen is the core point of reference for resolving session retention.



Essentially SM04 as a transaction provides us with a view on the different connection types. With reference to SM04 the connection type means what kind of user (and their connection) is connecting to the SAP System e.g. the Portal.


Connection Types


  • Connection types include that of RFC, GUI, Plugin (HTTP/SMTP).


RFC Connections


This particular connection type references users which are connected up to the system (Portal) via an RFC Connection. (See RFC's using the SM04 transaction), a simplistic view on a RFC connection type user is someone who is utilizing the connection using external based RFC clients.


GUI Connections

As the title implies this particular connection types makes references to users who utilize access to the Portal via a GUI based connection platform.



The Portal - Connection Lifetime Property

The Netweaver Administrator (NWA) and the Connection Lifetime Property in older versions twas managed through the Visual Administrator but from 7.3+ you can find, review and maintain this property through the following path:

  1. Login to Netweaver Administrator (/NWA)
  2. Go to Configuration > Infrastructure > Application Resources
  3. Click at the resource you'd like to change, for example of type 'JCA Connection Factory'.
  4. Do your changes (if needed) in 'Resource Details' > 'Connection Pooling' and save.


Note: The RFC connection will be removed from the connection pool if it is unused for a longer time than defined in the connection lifetime:


In true essence when we are dealing with a session retention issue from the perspective of the Enterprise Portal (EP) the primary points of analysis are to ensure that the correct parameters and configurations are being maintained and that the .DSM Terminator is called and reference accordingly.


The Portal & BW - Resolving Connection Issues

Now taking what I have written above into account we know that the connection itself is not terminated but rather returned to the connection pool. So here now we must determine where the issue is sourced from i.e. the Portal or BW.


  • Are you closing the browser after user logoff? When a user logs off from your company Portal by choosing the Log Off button, a logoff action should be triggered on the SAP Portal Side (Portal & Connected back-end systems).
  • Although the SAP Netweaver Portal comes with an out-of-the-box mechanism that terminates a session when the user closes the browser or navigates out of the SAP iFrame the mechanism itself does not handle logoff. Instead your company Portal must raise the terminating event when logging off from the SAP Portal.


Portal Resolution Notes


  • SAP Note: 1261669 RFC connections are not closed
  • SAP Note: 1903478 -Session remains open after the logoff on enterprise portal && SAP
  • SAP Note: 1660720 - Session remains open after the logoff on enterprise portal



BW Resolution Notes


  • SAP Note: 2177121 - Common issues with RFC sessions and time out handling in BI Java Web


Full Overview Blog Series on Sessions & Related Issues

EP: Sessions Part 1 (RFC, GUI, HTTP Plugin) A Brief Overview


EP: Sessions Part 2 (RFC, GUI, HTTP Plugin) Common Ground & Issues


EP: Sessions Part 3 Frequent Issues & Solutions




Several of my blog postings thus far have been aimed at troubleshooting performance based issues and pinpointing the root causes and this blog will follow the same notion except with particular reference to the AccessStatistic Service in association to KM (Knowledge Management).

What is the AccessStatistic Service?


Upon being involved with KM based performance issues or timeout scenarios one of my key areas of focused is based on the AccessStatistic Service and whether or not this is enabled on a customers landscape. Now in short the AccessStatistic Service is a mechanism responsible for recording accessed KM resources in a Portal Landscape environment. The AccessStatistic Service is utilized to track the type of resource accessed, the ID used to access it i.e. (whom the resource was accessed by) and the resources last read access.


Should You be Using AccessStatistic Service?


From a high level perspective the functionality offered by the AccessStatistic Service is indeed beneficial from a logging and performance standpoint. However in true essence in order to conform to best practice standards (performance wise) it is officially recommended that the service itself be "deactivated". This may seem peculiar but I will explain why such a service is recommended NOT to be utilized as standard and put more simply as default. As we know the Portal in itself plays host to a wide variety of application, information and all branches of associated information. Such diversity in the content holstered by the Portal combined with a large end-user base means a simple concept becomes a complex and diverse environment.

Now taking the sample "environment" that we have created into consideration let us add the activation of the KM AccessStatistic Service into the mix.  KM Folders are utilized as the base platform in which KM Documents are stored.  For example through KM End-Users can access, obtain, manage and review data information through documents sourced from the business  intranets, external WWW feeds, and file servers. The KM Documents themselves are presented in the standard formats of PPT, excel, word documents and html. With KM the underlying baseline operation through which the entire setup functions is based on "accessing" information.

If this AccessStatistic Service is activated and setup in your environment you will not see associated information appearing in a dialog box and there will be masses and masses of DB Accesses. Such a setup has resulted in several scenarios in which time outs and poor performance where something all too frequent and familiar.

I have been encountering timeouts, could this be the AccessStatistic Service?


In short from a purely KM standpoint the answer to this question is indeed yes and checking your configuration is the best means of analysis so the AccessStatistic Service can be ruled out or identified as a potential culprit as early as possible.

To reaffirm performance decrements and time-out issues from the perspective of a KM Setup on any occasions share the same primary cause within the KMC and this is the activation of the AccessStatistic service on the KM repositories.


The resolution in such a scenario is this services deactivation within the configuration of the KM repository managers as per:


  • SAP Note 1025290 (restart required after service deactivation).


As outlined in SAP Note 1025290 this repository should be removed from the configuration of all CM repositories where possible.


This should be done by navigating to System Admin -> System Configuration -> Repository Managers -> CM repositories





From here you can access the configuration of each of the CM repositories. These should be opened for editing and the AccessStatistics repository removed from the list of repository services.

  • In the sample image above  you can see that it’s assigned to the /documents repository in this case. By selecting ‘edit’, you can then select/deselect the checkbox next to whichever services you want enable on the repository.





Once the configuration of each of the CM repositories on which this service is currently active has been active have been updated, a system restart will be necessary for the changes to take effect.


AccessStatistic Service - Further Reading


You can find additional information in the documentation outlined below:



KM  - Optimal Performance


Now regarding the KM Setup and the performance issues alongside the KM Folders rooms I've outlined some core reference documentation below for your convenience:


I would also recommend in this case from the perspective of document storage and KM utilization is to make use of the baseline principles and guidance material in the documentation below as this will allow you to create an optimal setup so performance degradation is not a risk and timeouts are no longer encountered:


This blog is for portal end-users and content administrators who would like to learn about the new features developed in the latest Enterprise Portal SP for FLP on EP, their benefit, and the configuration required.


Important note: This SP is the first to use the stable SAPUI5 release 1.38, which is the recommended version for productive usage of NW 7.50. It is highly recommended to consider SP04 for upgrade. For more information, see note 2261419 - Maintenance Strategy for FLP on Portal


SP04 includes the following features:


  1. Home page update options
  2. Clear personalization
  3. Browser history support
  4. Accessibility Settings through User Preferences Menu
  5. Merge of identical EP tiles
  6. Display user image (from UME)
  7. Dialog for unauthorized tiles (enhanced)
  8. Remote Content Management (enhanced)
    1. Assignment in a non-unit role
    2. Desktop filter ID support
    3. New guidelines for UI5 library source configuration
  9. SAP Business Client new connection type.

1 Homepage Update Options (sync enhancements)

As an administrator, you can control the ability of end users to see the updates done for the iViews properties, role assignments and content, changes in administrative groups, i.e. the changes done by an administrator and affecting the end user’s homepage.

The options are as following:



  • Automatic update (default): on FFP loading the homepage will be updated automatically. This may cause delay on every logon, hence this option is not recommended in production.


  • Manual update: a menu item Check for updates is available in the Options menu. When a user wants to trigger an update, he should click on this menu entry and to get a pop-up with a summary of updates:



The updates can be viewed in details and either applied or not:



  • Notifications for end users: provides a similar to manual updates pop-up on FFP loading:



A user can accept or defer the changes. The pop-up will come up until the changes are accepted. This is the recommended option as it has minimal impact on logon performance and gives the end user control on his homepage, while keeping it up-to-date with administrator’s changes.

Check for updates menu item is available in the Option menu as well.


  • Never check for updates: this option means the user will not get any updates done by the administrator.

Changes that administrators make to home page content do not override end user personalization.

2 Clear Personalization

Clear Personalization menu item can be added to the Options menu. With this item an end user can undo all changes that have been made to the home page.


An administrator can show or hide this menu item for a Fiori Framework Page:



3 Browser History Support

An end user can now navigate between a launched application and the launchpad using the browser's standard back and forward buttons. In order to enable this option, please follow the instructions in note 2269227 - Application Integration parameter to support browser history mechanism.


4 Accessibility Settings through User Preferences Menu

  End users can now activate accessibility features by choosing an Options menu item User Preferences and then Accessibility



If you set it to true:


The relevant accessibility parameter will then be transferred from FLP on EP to the launched applications to enable their accessibility features


An administrator can show or hide the Accessibility item by configuring in the Fiori Framework Page an option Show ‘Accessibility’ in ‘Options’ Menu:



5 Merge of Identical EP Tiles

An administrator can remove duplicate tiles, both in portal or remote content from ABAP FES, by activate this option in Fiori Framework Page. The implementation logic for remote and EP content is different: remote content tiles are merged if Title, Subtitle and Information properties are identical; for Portal content the implementation relies on the merge ID logic.


6 Display User Image (from UME)

User image, uploaded in UME, can be shown in the Home page header by configuring a new option in the Fiori Framework Page, Show User Images:


The Homepage for an end user could then look like this:



7 Dialog for Unauthorized Tiles (enhanced)

This error message appears in the following scenario:

1. An administrator has removed a tile(s) from an end user role

2. The tile(s) appears in FLP on EP Homepage or was saved as a browser bookmark

3. End user launches the tile from the Homepage or browser bookmark.

In case you launch the app from the Homepage  the dialog will suggest to remove the tile:




Suggestion will not appear in case of launching directly from the browser bookmark.

8 Remote Content Management (enhanced)

8.1 Assignment to a non-unit role


In the previous releases the remote content could be assigned only to the unit role, which is not flexible enough for portal administration.

This new feature was developed to make the management of remote content easier for complex assignment cases.

Now you as an administrator can combine the remote content assigned to several roles in the hierarchy under one unit role, which will be assigned to a user.



You have created 2 roles and assigned remote content to each one of them:




Now you define a unit role, which will be assigned to an end-user:





  • in design time you do not see the remote content of non-unit roles and you cannot edit it;
  • in run-time the remote content from all non-unit roles will be displayed for the end user, to whom a unit role is assigned.

8.2 Desktop Filter ID Support

As an administrator you can filter portal content so that only certain content is displayed in a given desktop. Now this logic can be applied also for remote content. To do this you should set the Filter ID property for the role which the remote content is assigned to:



8.3 New guidelines for UI5 library source configuration

As of 7.5 SP4 the guideline is to use Java as the SAPUI5 library source for all productive scenarios. For more detailed information refer to note 2261419 - Maintenance Strategy for FLP on Portal


9 SAP Business Client New Connection Type

SAP Business Client 6.1 implemented a new Fiori Launchpad connection type, which can be used starting from SP04:



Within this connection type, the only parameter relevant for a Portal backend would be the connection URL:




The transactions launched from SAP Business client 6.0 with Fiori Launchpad connection have native look (not SAP GUI for HTML UI).



To learn more:

There is a requirement for adding a specific language which is not available in the portal as the portal logon language and to translate all the portal pages to that specific language.

Firstly you need to check whether the language you are looking for is really supported from SAP side or not ?

For that check the the PAM link depending on your portal versions (Here the link is for 7.4 Version) : NW 7.4 Languages


If that specific language is not listed in the PAM document, it confirms that SAP does not support that language,

To enable portal applications to be displayed in different languages, create resource bundles that hold all language or country-specific text strings or other resources, it can be done according to the following help docuement : Using Resource Bundles


Further Portal provides a process for translating the text of portal objects : 'Portal Content Translation'

In a scenario where the URL iview is not opening up correctly in IE. When you Deltalink this ivew to a new page the page shows blank screen in browser IE and It works only in Chrome and Firefox.

The issue could be replicated as:


1. Log in to Portal

2. Content Admin > Portal Content > *some* Folder > UI5 application > Action planning Iview

3. Now Click on Iview for Preview and its opening up in a new window (this is the expected behaviour).

4. But when you have delta linked this Iview to a Page > Action Planning page.

     When you click on the page ,it  is opening up a blank page.


In case of Portal 7.4 and it could be likely to see this in other versions of portal also that the application would work fine for the Higher versions of IE like 10 and 11. The issue arises for lower version of IE like IE9 and the Application should work fine in Chrome once security checks are disabled in the browser.


As we know the UWL provides us (as end-users) with a centralized point of access to work-items and work-tasks which can vary from simple admin queries to functional approval processes. From an organizational standpoint the management of such work-items is of vital importance towards conformance to key business requirements and processes.


If the UWL is being utilized to manage supplier purchases (SRM) and involves interaction from a key set of employees who operate through an approval process substitution is a term of strong relevance. Organizations and business establishments that share business relationships will need to manage communication with diligence regardless of consistently. End-Users share an obligation to ensure work commitments and task processing requirements are fulfilled during their vacation time so all involved parties are formally fulfilling business requirements even in the absence of another employee.


UWL Substitution Issues

In my experience I have encountered a wide range of different issues in association to Substitution Processes and their utilization alongside the Universal Worklist (UWL). For example if you are utilizing the Universal Worklist and presently have configured a substitution rule which is no longer valid e.g. the assignee is no longer with the company you may encounter issues. On some occasions despite you're best efforts you seem not to be able to fix, delete or remove the substitution rule.


Sample Errors

With such an occurrence exceptions can be quite generic and may sometimes grammatically appears as:

  • "Cannot Connect to Provider " or "Problems Reported (Repairable).


"No Substitution Could Activate this Substitution Rule"

Lets take a working example and imagine that in an organization a single user is not able to manage substitution rule from the UWL portal interface. Instead he/she begins to receive the error "No system could activate this substitution rule" when attempting to configure and save the rule.


How could such an issue arise?

The first question which needs to be brought under the limelight here is whether or not the user who is encountering the issue has been deleted/disabled? If the user has been deleted this is known to cause some inconsistencies and subsequent discrepancies in a system setup. For this reason it is always recommended to Disable a user as opposed to delete them. From a logical standpoint if you go ahead an proceed to delete a User who is part of any process flow any tasks maintained in association to such a user will become invalid hence the importance of disabling the user.


With Substitution in general from a high level perspective there are some important points to highlight and keep in mind.

  • One key point is that Substitutions are kept in all systems.


When a substitution rule has been created either in the backend or in Java Workflow, Universal Worklist will try to activate the substitution rule in ALL available connector(s), be it WebFlowConnector, AdHocWorkflowConnector or BPEMUWLConnector.


In the case where the user whom a substitution rule is being maintained is not mapped or does not exist in one of the systems defined, then the Universal Workflow will report that inconsistency through the "Problems reported(repairable)" or a message in "Manage Substitution Rules" - > "My Substitution Rules" - > "Rule Activation" status.



  • You will see the coded fix for this particular issue in SAP Note: 1851579 - UWL Substitution Status error message has technical details


Substitution & Databases


In the past on several occasions I've worked on scenarios in which manipulation i.e. deletion has taken place from a DB Standpoint in an effort to resolve UWL and substitution issues. Again I would like to reaffirm what has been highlighted above and stress the importance of not deleting User Profiles or references until all necessary steps have been taken.


If you have been researching ways to resolve substitution issues then you will have of most likely come across the following DB References:


  2. HRUS_D2 table

Kindly allow me to provide some clarification here.


The general method to delete a substitution revolves around checking the entries in Database table KMC_WF_SUBSTITUTE in Portal DB and then subsequently deleting any entries against the user.


  • Remember: Substitutions are kept in all systems


DB Specifics


Firstly the Backend table HRUS_D2 stores all the current substitutions. The moment the rule is deleted/disabled then the entry gets deleted from this table. In terms of worktasks and their associated tables these will store the classification of tasks,  and fields such as TCLASS contains the classifications and the task name.


Again referencing the HRUS_D2 DB Reference. This table contains the approver, the substitute, the begin and end dates, the substitution profile and whether the substitution is active or not.


Now regarding the HRDUS_D2 table and delegation. With this table we should NEVER manually delete or manipulate records from both HRUS_D2 and KMC_WF_SUBSTITUTE.


  • The HRUS_D2 is a database table which does not belong to UWL and we should never advise manual deletion on it or manipulation. SAP_WAPI_SUBSTITUTE_MAINTAIN is the function module as you suggested used for maintaining substitutions in the backend.


So regarding KMC_WF_SUBSTITUTE as database table this database table contains data in relation to substitution for the Universal Worklist specifically relating to the AdHocWorkflow Connector. If you are facing an issue with substitution from the Universal Worklist, you may be asked to check this table.


For a more comprehensive overview I recommend reviewing the following SAP Note: 854549 - Scope and behavior of substitution in UWL



When using the SAP Enterprise Portal (EP) within an NW Environment in a large organizational landscape business requirements may require different linguistic and language settings for multiple user bases. The Universal Worklist is fundamental for task and workitem assignment and processing and can be utilized by different locale groups throughout an organization all of whom may work with different locale settings.

UWL Display Elements & Language

If you are familiar with the UWL you will be aware that the Interface display through which end-users interact with the worklist incorporate a wide arrange of different display elements and icons. These include UWL Decision Buttons also known as Action Buttons, Drop-down Navigation Menu, Footer Menu (dependent on version) and textual format graphics.


Portal Languages & How They Are Maintained


Now regarding this scenario and the languages used in the Enterprise Portal there are a few important points to highlight. The language that the portal is displayed in depends on the following hierarchy, with the languages at the top of the list taking precedence over those at the bottom.


  1. Component (iview) language (defined in the portalapp.xml)
  2. Portal Mandatory language (defined in the prtDefault.properties)
  3. User language (defined in the user#s profile).
  4. Request language (defined by the browser).
  5. Portal Default language (defined in the prtDefault.properties)
  6. System Default language (default locale defined by the OS).


So for example, if you have your portal user language (as in point 3) set to German, but the language of the iView that is the logon page (as in point 1) set to English, that logon page will be displayed in English.



UWL Specific Element Display

Let us say for the case of a working example you're organization utilizes the UWL in a diverse region environment i.e. the Portal is being used in multiple countries now using several languages for End Users.

To carry on from this example let us imagine that there are four languages in place here English, French, Traditional Chinese and Simplified Chinese and you have set the translations (as per the 6 points above) but you notice a discrepancy in the display.

In your setup you notice that the Decision Buttons are not display in the correct language setting. If you login to the Portal & Navigate to the UWL (in Traditional Chinese) you soon notice that the the texts are instead displayed in Simplified Chinese.


UWL Language Inconsistency - High Level Analysis


  • Firstly start out simple and see what the browser language is defined as (at present)?


If there is a discrepancy this may be causing the defined change not to become apparent. In these type of scenarios as you can see (based on the 6 points above) there are various locales to maintain the languages therefore a setup discrepancy can be encountered on some occasions.


Issues similar to this have been noted, highlighted and resolved in documentation such as that outlined below:


  • SAP Note: 1661391 - Portal 7.3 is not displayed in the configured language
  • SAP KBA: 1696439 - Changing the Default or Mandatory Locale for a 730 Enterprise Portal


UWL Known Issues


Now I would like to reference the UWL in particular here also as I am aware some minor aspects of the interface itself are indeed  hard-coded (in terms of language/grammatical display) however the following documentation can be used as a reference point to resolve various UWL language display issues and problematic scenarios.


  • SAP Note: 2055108 - Forced Language Request not working in the UWL iView from Browser Favourites
  • SAP Note: 2012105 - How to find the language used to retrieve the work items
  • SAP Note: 1806134 - Changing language does not affect UWL decision buttons text
  • SAP Note: 1801857 - Wrong language- country variation for UWL Webflow workitems


From a high level perspective in the past there have been issues regarding the UWL and the translations. In particular several issues have been encountered with the "decision buttons" and "menu roles" translations both of which have been resolved via documentation outlined above.


After reviewing the notes subsequently I recommend clearing the UWL cache and the browser cache before attempting to reproduce the issue.


  • Steps to clear the UWL cache: please go to "System Administration" "System Configuration" -> Universal Work list & Workflow -> Universal Workflow Administration -> Click on cache administration page -> Click "Clear Cache" button.


Now the UWL itself is a Web Dynpro application and normal behaviour for Web Dynpro applications means that to refresh the language a portal logoff and re-logon is required.


  • Alternatively the change of user's locale will take effect either after an automatic cache refresh is triggered, or when the user triggers the refresh manually by pressing the "Refresh" button.



Certain tabs are "hardcoded" i.e. it is not possible to modify the language outside of the standard delivered SAP translations.


UWL Date Language Format


We do not control this in the Universal Worklist. The format of the date field is controlled by WebDynPro. From UWL side we only create an input field of type date.


When deciding which format to be shown to the end user, then only the setting in UME language/location/region is considered, but also the language setting of the browser may also be used. One key point to check here is personalization for end-users. If checking the personalization doesn't help, then the format is controlled by one of the other sources (discussed below) and it should be changed at the source.

The formats are dependent upon a couple factors, webdynpro, PC settings, browser settings, and backend settings.

  • Now in terms of the UWL and how it deals with workitems and there associated details i..e Date Format Display we have to remember some key points here. The UWL gets the "sent" attribute for the item from the backend and converts it to a java.util.Date object.

Then the UWL uses java.text.DateFormat in order to convert the Date object to a String. This is done with the DateFormat's standard method "format(Date data)". When the DateFormat object is created, the timezone and locale of the logged on user is used. So the UWL uses standard java functionality for this conversion and the fact that the "sent" is shown in different time format for different locale/timezone is the normal behavior of java.


Bookmarks and Portal Favorites are similarly labelled but easily distinguished in terms of a Portal Landscape. In my experiences I have come across and worked on many scenarios surrounding their intended management, organization and removal. In this blog posting we will cover how bookmarks can be created, manged and subsequently removed (if required).


KM Folders & Bookmarks

KM folders are utilized as the base platform in which KM Documents are stored and repositories accessed. For example in a KM Setup (within Portal) end-users can access, obtain, manage and review data information through documents sourced from business intranets, external WWW feeds and file servers.


Portal Changes & Mass Management of Favorites?

When managing Portal Favorites diligence is required to ensure no redundancies come into play. For example if Portal Roles have been changed to suit business requirements (PCD_ID changes/role assignment) subsequent issues may be encountered. Such a change would make current Portal Favorites links to become "broken".

Firstly if the Portal favorites are no longer operational and return invalid I would firstly recommend ensuring that the navigation path is maintained correctly especially if a system change has recently taken place.

In true essence the favorites themselves are just a link source to documents, iViews and pages. If there has been a change to a Path, to a document or the URL used to call an iView then obviously the old link setup will no longer function.


  • There is no automatic tool means of updating mass PCD_ID's of Favorites.

The only feasible resolution is for the end-user to re-add the favorite again (using the updated Path).


The end-user in the can also delete the older link (ones which are no longer functional) from the favorites iView


Remember if there has been a change to a Path (PCD), to a document or the URL used to call an iView (as in this particular case) the old link as we will not work.



Mass Deletion of Bookmarks

The report RSWR_BOOKMARK_DELETE can be used for the mass deletion of the Bookmarks.


The user has the option to select the bookmarks to be deleted under four conditions:


  1. Delete all the Bookmarks of a particular type(either for the selected templates or all templates),
  2. Delete all the Bookmarks which have not been used since the key date(either for the selected templates or all templates),
  3. Delete the Bookmarks by entering the Bookmark IDs directly,
  4. Delete all the Bookmarks created by an user(s), with option to also filter it further based on the last used date or template name.


However from the frontends perspective a keystone function for mass deletion does NOT exist. The users can delete their entries in the Favorites or KM Folders, which will remove the link in the Portal. A ABAP administrator can reorganize bookmarks using report RSWR_BOOKMARK_DELETE, according to note 1419451.


In my experience across the Enterprise Portal area many of the scenarios that I deal with on a daily basis revolve around browser bases issues or scenarios that in some way, shape or form associate to the Web Browser Platform itself.  From a high level perspective we think as a Web Browser Platform as a simple conduit through which we can gain access to and interact with Web Based Resources and this is indeed true. However we need to remember that with each Web Browser Platform comes a set of different parameter and property settings which need to be maintained in order to support optimal performance. In reference to "performance" here I do not mean the speed of the browser but rather the means in which it functions i.e. the rendering of the browser & subsequent display presented to end users.

Quirks, Standards, Edge..

I would like to stress the importance at looking over browser configurations and the various modes from the most simple standpoint possible. With browser related scenarios a simple issue can quickly become a complex scenario especially taking all the various parameters into account within a troubleshooting scenario.

In the interest of simplicity we can look at things as below (in a modern browser environment):

  • Quirks: displays webpages as if users view them with older versions of the browsers.
  • Standards: HTML 5 engine, new features are only supported in this mode.

Is there a way to "Force" all Pages to be displayed within Edge Mode?

If you want to achieve from a functional aspect "forcing" all Pages to run in browser document mode EDGE essentially here we are referring to standards.

To achieve this you would need to use the Standards Ajax Framework Page which is available from NW7.31 SP14 and 7.4 SP9. This is basically an Ajax framework page that runs in Standards Mode.


However this does not cover applications for example if you are using older HTMLB style applications these require Quirks Mode.

Attempting to run old applications that require Quirks mode, will need to be run in a new headerless window or new window in order to see the content.

Ajax Standards Mode Framework Page


Reviewing Different Modes

Remember we need to look at Internet Explorer as a Web Browser Platform with core fundamental underlying parameters which determine the way it functions and how it operates in association to an Enterprise Portal environment.


From a purely navigation approach here we are dealing with two key modes which are that of Browser & Document Mode.


What is the Browser Mode all about?


In short the browser mode is a user agent string sent to the server (which affects the User Agent only).


    • When compatibility mode is selected the the User Agent is set to the oldest supported setting for the current browser.
    • Tools > Compatibility View > F12 > Navigation > Navigation.UserAgent
    • IE10, IE10 Compatibility View, IE9, IE8, IE7.




The User Agent is essentially a string (textual) which identifies the Browser & OS to for the Web Server. To provide insight with a working example if we take IE5 Quirks which is the oldest document mode as the baseline. This means Internet Explorer is telling the server its browser mode. According to the browsers mode the server then decides which resources CSS/JS should be sent back to the Browser.


So What is the Document Mode all about?

Document Mode: Determines how the browser (IE) renders the page.


    • Essentially tells browsers how it wants it to be rendered.
    • Browser decides which rendering engine should be used.



From a high level perspective let us remember that Document Mode determines how Internet Explorer is rendered.Quirks Mode displays the webpages as if they are within older IE versions while Standards Mode follows the HTML5 Engine with new features supported. The Quirks Mode syntax is different from the Standards Mode syntax.




In my time working alongside the Enterprise Portal I have come across multiple different types of error messages and exception warning popups. Such occurrences are often informative in their presentation and can lead the affected users down the path of achieving a straight forward resolution quite quickly. On some occasions different exception references appear which might at first glance appear confusing and may leave us perplexed as whether they are related to the Portal itself or the environment in which it functions. By environment here I am making reference to the landscape, the data accessed, applications utilized and external/internal dimensions of our business requirements.

"No Switch to HTTPS occurred"



In certain situations an error exception referencing "no switch to HTTPS occurred" will arise and we are going to address this now and explain why such a warning message would appear in the first place. Ordinarily encountering this particular messages goes hand in hand with initial Portal logon:

  1. Logon to the Enterprise Portal from desktop
  2. http://<host>:<portal>/portal
  3. A popup message will appear (in full it reads)
    • "Protocol cannot be switched to HTTPS, HTTPS is not configured active"
    • "No switch to HTTPS occurred, so it is not secure to send a password"



Why would such a message appear?


There are several possible reasons as to why this particular warning message appears and it ordinarily comes down to SSO/SSL configuration discrepancies and a clean-cut resolution is specific to each customers system and setup.  Obviously such a warning message can prove to be distracting to user bases and needs to be removed in order to maintain best practices and secure operations.

Solving the Issue & Removing the Message


If you want to go about removing the message and ensuring safe transmission of passwords is supported in your environment by the correct parameter settings the first core point of reference should be the following Knowledge Based Article:

  • SAP KBA: 1857366 - No Switch to HTTPS Occurred

In true essence as the note highlights this popup exception warning deals with and is associated to no switch to HTTPS occurring (HTTPS recommended) so the password set to be transmitted encrypted and hence not in a secure manner.


  • From a high level perspective naturally for external facing systems and any form of production systems HTTPS should always be used.


Filter Blog

By author:
By date:
By tag: