cancel
Showing results for 
Search instead for 
Did you mean: 

Portal same URL for External / Internal users

Former Member
0 Kudos

Hello Colleagues

 

I need your inputs concerning the configuration of External / Internal access to a Portal system to keep the same URL so that it’s transparent for end users (internal or external).

    

The landscape is as follow: Internet Browser -> F5 LB -> Web Dispatcher -> EP NW73

    

The main issue is that when the EP system is accessed for internal user there is URL redirection to internal URL. So the URL is changed and the requirement is to avoid that.

    

It is likely due to EP system ‘ProxyMapping’ property that is used as the Portal is connected to several backends. Without it, the Portal doesn't respond with the correct URL.

    

If this property is removed, Portal iViews do not work properly and if proxymapping ‘override’ is changed to FALSE, we have the problem described in SAP Note 1643446.

    

Configuration of EP property:

ProxyMappings port=(Host:internal_url,Port:port,Scheme:https,Override:true)

    

And configuratíon in WebDispatcher:

Internal Scenario: wdisp/system_10 = SID=sid, MSHOST=internal_url, MSPORT=port, SRCSRV=*:port

External Scenario: wdisp/system_4 = SID=sid, MSHOST=external_url, MSPORT=port, SRCSRV=*:port

How can the URL redirection be avoided for Internal users so that the same URL is always kept ?

    

Thanks in advance for your help!

Best regards,

Johann

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi Johann,

We have implemented to our customer such a way that users from internet and intranet are able to connect using same url using SAP Webdispatcher. Below are the security points were also taken care.

Here i am providing information for two system EP (eg. prodep), SID EPP and EPR (eg.proderp) and SID = PRD

a.) Actual Hostname of Portal system (prodep) shouldn't be viewed in url.

b.) Port information should be hidden in url

c.) Users should be able to access URL from internet and intranet.

To achieve above solution, you need work with Network,Firewall and SAP Basis areas.

1.)Decide on ports to be opened to internet to access EP system. Here I have configured default port 80 in my scenario.

2.) Public IP and Static IP for web dispatcher should be resolvable to same hostname for eg.if internet users need to connect from url let say mysapportal.com.

3.) Please reach out you network team to configure DNS in such a way that when you do nslookup

for public ip and static, or webdispatcher hostname you should be able to see mysapportal.com

4.) Maintain below parameters

icm/server_port_0 = PROT=HTTP, PORT=8000

icm/server_port_2 = PROT=HTTP, PORT=80

wdisp/system_0 = SID=PRD, MSHOST=hostname,MSPORT=81nn,PROT=HTTP, SRCURL=/sap/bc;/sap/, SRCSRV=*:8000

wdisp/system_1 = SID=EPP, MSHOST=hostname, MSPORT=81nn,SRCURL=/, SRCSRV=<url to be accessed>:*

5.) Maintain WAS & IT connection details on your webdispatcher hostname and port in Portal for EPR system.

After above configuration, all internet and intranet users will be able to access EP system with below url

http://mysapportal.com/irj/portal.

Let me know if you need further information and help.

Regards

KSK

Former Member
0 Kudos

Hi KSK

thanks for sharing this scenario. It is very helpful to get all the points to consider for this case.

This is really similar to customer scenario I am discussing about.

We're currently trying to review all the proxy settings that we avoid the url changes to internal hostname of Portal system.

I'll give the heads up.

thanks and regards,

Johann


Former Member
0 Kudos

The easiest way is to always use the URL of the F5 LB, internally and externally. Proper configuration of active network equipment will ensure that in case the portal is accessed internally, it never goes outside the company. If that isn't possible, any other solution requires tweaking especially if you have system objects in your portal landscape meaning you are accessing backend systems. In the latter case I suggest you look into Dynamic System Resolution.

Former Member
0 Kudos

Hi Johann ,

I have few questions for better understanding your scenario: -

1) Is the ENTRY POINT for your Portal same for INTERNET and INTRANET ? i.e. the F5 Load Balancer ?

2)  The ProxyMappings feature of the AS Java is used in case you have a Reverse Proxy/ Load Balancer as an Entry Point for your Portal.

As per your Settings the value is
ProxyMappings port=(Host:internal_url,Port:port,Scheme:https,Override:true)

What do you mean by INTERNAL URL .

Is it the actual URL of the AS Java System OR a F5 LB URL which is reachable ONLY from Internal DNS of your Company.

Ideally it should be a URL which should be accessible from INTERNET and INTRANET BOTH

So the value for HOST should be the F5 Load Balancer URL and PORT should be the F5 LB Port.

3) You are using F5 LB --> Web Dispatcher --> EP 7.3

I see 2 Load Balancers here .

F5 LB is a hardware load balancer which is capable of handling Layer 7 Load Balancing as well as effecient Reverse Proxying Feature and is also supported by SAP.

If it is not too late in the implementation , I would ask you to reconsider your option of using 2 Load Balancers

4) Are you connecting to any SAP ECC/etc systems from the Portal ?

Regards,

Ashish .A. Poojary

Former Member
0 Kudos

Hi Ashish

thanks for your prompt reply. The answers to your questions are:

1) The entry point access for Internet and Intranet is the same as per know through the F5 Load Balancer

2) The Internal_url is actually the AS Java hostname. You mentionned an important point here as the ProxyMapping is a property of the Portal system, it was thought it will be access only internally once the connection pass through the F5 LB and the Web Dispatcher.

we have to review something here with the property value of this setting.

3) It is a customer implementation and the issue was already mentionned. However it's been some time that their system and configuration is live so removing the Web Dispatcher could only be considered as a new project at long term.

4) The Portal is connecting to several backends such as SRM, HR, ECC and BI. It is another reason to have the ProxyMapping setting configured in the Portal system.

Thanks for your help

Regards,

Johann

Former Member
0 Kudos

Hey Johann ,

Now that we are sure that F5 Load Balancer is the Entry point , the very first change to be done is to change the parameter for ProxyMappings Host and Port to that of F5 Load Balancer.

I dont see how this should effect the access to backend Systems.

I would suggest you go through the below blog.Its very well written blow by Brian which details on the concepts involved while configuring proxies.

http://wiki.scn.sap.com/wiki/display/BSP/Using+Proxies

Regards,

Ashish .A. Poojary


Former Member
0 Kudos

Hi Ashish

thanks for your reply. The blog you mentionned is very helpful to have a clearer view about the many possible scenario for configuring proxies.

Regards,

Johann