cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS SICF services over HTTP Webdispatcher

Go to solution
Former Member

on ‎07-17-2015 10:55 AM

0 Kudos

Hi !

We have the below setup:

External World (HTTPS request) --> F5 --> HTTP request to Web dispatcher --> HTTP request to SAP

Thus, the Web dispatcher works only on HTTP<-->HTTP.

The issue is there are some services in SRM, like ros_ext for SLC, which work only on HTTPS.

Thus, these services pose a problem since the Web dispatcher does not support HTTPS.

There is a way to change them to HTTP in SE80, but that requires access keys & changes in multiple places (which we want to avoid).

Please kindly help advise how to get over this issue.

Thanks a lot !

saba.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

isaias_freitas
Advisor
Advisor
‎07-17-2015 6:08 PM
0 Kudos

Hello Saba,

I believe that the best solution for this is to make your F5 add the following HTTP header:

  • HTTP header name: clientprotocol
  • Value: the protocol used by the end user to reach the F5

Then, the ABAP will know that there is "something in front" of it that is terminating the HTTPS.

Regards,

Isaías

Show replies
Show replies
Former Member
‎07-28-2015 11:12 AM
0 Kudos

Thanks a lot, Isaias !

We modified the iRule to insert “https” into the clientprotocol header on the F5; however, we now see a 503 service unavailable response.

Is this because its traversing through the "HTTP" only webdispatcher ?

Any help would be super welcome.....

I see the below errors in the Webdispatcher logs too:

IcrFindTargetSystem: No system found for addr: <SAP WD>:<SRM WD Port> url: /ros_ext

Please help...

Thanks a lot !

-s.

isaias_freitas
Advisor
Advisor
‎07-28-2015 1:14 PM
0 Kudos

Can you add a screenshot of the 503 error?

Regards,

Isaías

Former Member
‎08-19-2015 8:48 AM
0 Kudos

Hello Isaías,

Thanks a lot for your help...so sorry I couldn't reply earlier...

This is what we see now:

Port 77 is the SRM port defined on the WD for SRM & on the F5 too.

This service (since it needs HTTPS) is jumping to port 44321 (the SRM SMICM HTTPS port), thus resulting in a Page cannot be displayed message.

It should stay on port 77 & use the HTTPS certificate provided by the F5 instead.

The thing is we don't have regular F5 expertise...thus, please can you kindly let me know exactly what needs to be done on the F5 to get past this...


Thanks a lot for your help !

Happy Wednesday

-s.

isaias_freitas
Advisor
Advisor
‎08-19-2015 5:03 PM
0 Kudos

Hello Saba,

You're welcome!

Did the hostname remain the same? The F5 hostname?

It was only the port that changed?

Happy Wednesday to you too!

Isaías

Former Member
‎08-19-2015 5:05 PM
0 Kudos

Hi !

Yes, the F5 name remained intact, only the port changed...please please please help

Thanks a ton !

-s.

isaias_freitas
Advisor
Advisor
‎08-19-2015 5:15 PM
0 Kudos

What is "behind" the Web Dispatcher?

Only the SRM? Or is there a Portal as well?

isaias_freitas
Advisor
Advisor
‎08-28-2015 7:54 PM
0 Kudos

Just sharing the solution with the community.

Saba opened an incident at SAP and I was assigned to it .

The landscape was:



Hardware load balancer -> Web Dispatcher -> Portal -> SRM

The SRM service (transaction SICF) "/sap/bc/bsp/sap/SRMSUS" was configured to require HTTPS.

The final solution was:

1. Configure the hardware load balancer ("HW LB") to add the HTTP header "clientprotocol".

1.1) If the end user reached the HW LB through HTTP, it is supposed to add the HTTP header "clientprotocol: http"; or

1.2 If the end user reached the HW LB through HTTPS, it is supposed to add the HTTP header "clientprotocol: https".

2) During the troubleshooting we also added entries to the HTTPURLLOC table, at the SRM. I believe that these are not required anymore.

Cheers!

Isaías

Former Member
‎09-03-2015 8:36 AM
0 Kudos

Thanks a lot for all the superb help, Isaias

We finally managed to get the page working after installing a self signed certificate on the WD & setting the WD to accept HTTPS requests.

Thanks again !

saba.

Answers (0)

Ask a Question