on 07-17-2015 10:55 AM
Hi !
We have the below setup:
External World (HTTPS request) --> F5 --> HTTP request to Web dispatcher --> HTTP request to SAP
Thus, the Web dispatcher works only on HTTP<-->HTTP.
The issue is there are some services in SRM, like ros_ext for SLC, which work only on HTTPS.
Thus, these services pose a problem since the Web dispatcher does not support HTTPS.
There is a way to change them to HTTP in SE80, but that requires access keys & changes in multiple places (which we want to avoid).
Please kindly help advise how to get over this issue.
Thanks a lot !
saba.
Hello Saba,
I believe that the best solution for this is to make your F5 add the following HTTP header:
Then, the ABAP will know that there is "something in front" of it that is terminating the HTTPS.
Regards,
Isaías
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks a lot, Isaias !
We modified the iRule to insert “https” into the clientprotocol header on the F5; however, we now see a 503 service unavailable response.
Is this because its traversing through the "HTTP" only webdispatcher ?
Any help would be super welcome.....
I see the below errors in the Webdispatcher logs too:
IcrFindTargetSystem: No system found for addr: <SAP WD>:<SRM WD Port> url: /ros_ext
Please help...
Thanks a lot !
-s.
Hello Isaías,
Thanks a lot for your help...so sorry I couldn't reply earlier...
This is what we see now:
Port 77 is the SRM port defined on the WD for SRM & on the F5 too.
This service (since it needs HTTPS) is jumping to port 44321 (the SRM SMICM HTTPS port), thus resulting in a Page cannot be displayed message.
It should stay on port 77 & use the HTTPS certificate provided by the F5 instead.
The thing is we don't have regular F5 expertise...thus, please can you kindly let me know exactly what needs to be done on the F5 to get past this...
Thanks a lot for your help !
Happy Wednesday
-s.
Just sharing the solution with the community.
Saba opened an incident at SAP and I was assigned to it .
The landscape was:
Hardware load balancer -> Web Dispatcher -> Portal -> SRM
The SRM service (transaction SICF) "/sap/bc/bsp/sap/SRMSUS" was configured to require HTTPS.
The final solution was:
1. Configure the hardware load balancer ("HW LB") to add the HTTP header "clientprotocol".
1.1) If the end user reached the HW LB through HTTP, it is supposed to add the HTTP header "clientprotocol: http"; or
1.2 If the end user reached the HW LB through HTTPS, it is supposed to add the HTTP header "clientprotocol: https".
2) During the troubleshooting we also added entries to the HTTPURLLOC table, at the SRM. I believe that these are not required anymore.
Cheers!
Isaías
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.