on 08-25-2010 6:07 PM
Hi all
I call an iView (webdynpro) from the back end system by passing into the URL userid and password embedded as follow
It has been working for months. Then we upgraded Portal up to SP20 and it is not working any longer. It says:
Cannot redirect to the requested application, the redirect parameter is invalid.
Is there part of the configuration post upgrade that I miss? Did I overwrite some application or component with the Upgrade??
thanks for help
Andrea
Dear Andrea,
You can always append j_user and j_password parameters at the end of your URL (the one that includes your webdynpro or iview). For example:
Just remember to append j_user & j_password & login_submit=true at the end
Enjoy!!
Max
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Don't expose user ids / passwords like this, even over https - There's a very good chance (depending on the E2E response speed) that they will be visible to the casual viewer in the address window of the browser. It's just as bad when lazy developers link using user-ids / passwords directly from a page - the userid / password is visible in the status bar of the browser just by hovering the cursor on the link.
hth
hello everybody.
i have somehow the same problem - the only difference is that we want to "bypass" the netweaver login and password and we are calling an RFC function module.
any ideas? i tried to call the .html site with &j_user but it doesn't work.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andrea
Unfortunately this re-direct will no longer work. You will no longer be able to directly use the redirectUrl parameter
The AS now encrypts the redirect parameter used for navigation after successful authentication (see note 1175239) so when the aboveURL is received at the server, an attempt to de-crypt it is made, which obviously in this case fails fails. This leads to the message you see
"cannot redirect to the requested application, the redirect parameter is invalid"
It was never intended that /logon/logonServlet could be directly called by a customer application or by using a browser, since it depends on internal functionality provided by the security service
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Donald
I am not sure I fully understand the solution you proposed, but I've tried annyway to copy (with my hostname) and paste your URL in the browser and I see the usal problem, meaning it leads me to the logon page
The aim here is to by pass the logon pagae and pass directly into the RIL the userid and password that it used to work prior than the upgrade we did
thanks
ciao
Andrea
>
> Hi Donald
>
> I am not sure I fully understand the solution you proposed, but I've tried annyway to copy (with my hostname) and paste your URL in the browser and I see the usal problem, meaning it leads me to the logon page
>
> The aim here is to by pass the logon pagae and pass directly into the RIL the userid and password that it used to work prior than the upgrade we did
>
> thanks
> ciao
> Andrea
Hi Andrea,
The logonServlet indeed doesn't work any longer with the redirectURL parameter. We had a similar problem after our upgrade (and created also an OSS), because we used the logonServet for manually authenticating SSO users with another user account.
I think you can solve your issue with only little coding effort, by using the UMFactory.getAuthenticator().forceLoggedInUser(HttpServletRequest req, HttpServletResponse res) method. Refer to [http://help.sap.com/javadocs/NW04S/current/se/com/sap/security/api/IAuthentication.html#forceLoggedInUser%28javax.servlet.http.HttpServletRequest,%20javax.servlet.http.HttpServletResponse%29|http://help.sap.com/javadocs/NW04S/current/se/com/sap/security/api/IAuthentication.html#forceLoggedInUser%28javax.servlet.http.HttpServletRequest,%20javax.servlet.http.HttpServletResponse%29].
The good of this method is, that a user with correct j_user and j_password parameters in the current HttServletRequest-object gets automatically logged in. If the j_user and j_password parameters are not ocrrect, the logon formulat gets automatically displayed (refer to documentation).
So you could develop a simple servlet and do something like that in its doGET/doPOST methods:
...
IUser user = UMFactory.getAuthenticator().forceLoggedInUser(request, response);
if (user == null) {
return;
} else {
response.sendRedirect("Your WebDynpro URL");
}
....
You would call it simply like that:
http://hostname:port/MyLogonServlet/Logon?j_user=userid&j_password=pwd
Hope it helps you moving forward...
Hi Andrea,
My question to Patrick is not a proposed solution. I'm asking because I googled a German forum which mentioned about base64 encode on redirectURL. I had tried several ways to encode the URL but still no luck.
Actually we are also facing the same problem (using redirectURL to access a BSP) after portal applied security patch. Now we have a first workaround by using "forcedURL" URL iView. For example, the original URL is like this and now it does not work:
http://devportal:8280/logon/logonServlet?redirectURL=%2F%2Febpdev01.xxx:8000%2Fsap%2Fbc%2Fbsp%2Fsap
%2Fzmm_pr_workflow%2Fapprove_pr.htm%3Fsap-client%3D100%26i_wiid%3D000005083236%26i_aprsq%3D1
%26i_banfn%3D0010317218
1. Portal Content Admin define a new role ABC
2. Define a URL iView (using wizard), change properties "Forced URL" = yes, "Forced URL - Parameter Name" = forcedURL
3. Assign the iView delta link to the new role
Now we can access the BSP by URL:
http://devportal:8280/irj/portal/index.html?NavigationTarget=ROLES://portal_content/xxx.ABC/iView/zmm_pr_workflow&forcedURL=%2F%2Febpdev01.xxx:8000
%2Fsap%2Fbc%2Fbsp%2Fsap%2Fzmm_pr_workflow%2Fapprove_pr.htm%3Fsap-client%3D100%26i_wiid
%3D000005083236%26i_aprsq%3D1%26i_banfn%3D0010317218
Please see if this also work in your case.
Regards,
Donald
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.