on 06-27-2016 6:06 PM
Hi,
We have an issue testing a NWBC App from SAP FIORI Launchpad. This Tile was defined and came in the stardard package of SAP S/4HANA OP 1511. As the configuration guide “SAP S4HANA Other Apps deployment” suggested we have created the destination needed for this app’s type (3 – ABAP & H – HTTPS) as you can see on the following picture
Destination – Type 3 ABAP
All destinations type ABAP are configured to use trust relationship
Destination – Type H HTTPS
All destinations type HTTPS are configured to use trust relationship, logon with ticket and SSL Certificate (Default client)
When we test the trust relationship between the systems involved, it works just fine. When we test the destination “S4PRC_RFC”, it responds as it should
When we test the destination “S4PRC_HTTPS” , it responds as it should
For every destination created for this configuration, the test response are similar to the presented above.
We also have checked the system alias and alias mapping views. Both have configured the proper data, as it shown on the following screenshoots
/UI2/V_SYSALIAS
/UI2/V_ALIASMAP
In the next screen you can see the app’s definition. This configuration was delivered by SAP as a standard
App definition on LPD_CUST
We have only changed the system alias mapping data for the instance
As per our consideration, the configuration seems to be fine according to the steps outlined on the guide we have followed. But it still prompts the logon page when we tried to access a transaction or webdynpro app through fiori Launchpad.
Here are the screens when we tried to access to a transaction (WebGUI), for example “Create Purchase Order (Advance)”
These OSS Notes has been already applied on our system to correct several things
These OSS Notes are listed as a not applicable for our system and components versions.
What might be wrong? Why the SSO is not correctly performed? Is this a program error "APB_LPD_CALL_B_I_TXN"? Do we need to open a OSS ticket to SAP Support to resolve this issue?
Best Regards,
Mariana
Hi,
is the front end gateway a separate server? If yes, have you created the trust between the systems using the transaction SMT1 in the backend server?
Regards,
Vasilis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Mariana Castillo,
I'm having the same problem as you did to solve you problem ?
Best Regards,
Welinton Rocha
Hi Mariana,
I had a similar problem here, same here, I opened a ticket few days ago and still got nothing!
One thing I found out was that if you create those HTTP connections in SM59 with <system_alias>_HTTP instead of _HTTPS (that's without activate SSL), and access the Fiori launchpad using HTTP, everything works fine. Ate lease we can use the NWBC app now!
Hope this will help you.
Regards,
Michael
Hi Mariana,
Quick update here, I found a very interesting thing this morning.
It works in IE 11, that's right both HTTP and HTTPS are working well. However with Chrome, only HTTP works. I've already double checked it!
Here's what I did, I recreated the trust relationship between Fiori and Backend system, created an additional <system_alias>_HTTP connection in your Fiori box with SM59 (point to back-end http port, without SSL, and using trusted relationship). Then go to IE, everything works well. I bet this'll be the only time IE beats Chrome
Access Fiori Launchpad in IE works in both HTTP and HTTPS.
Access Fiori Launchpad in Chrome using HTTPS (before create <system_alias>_HTTP connection,) it points to the Fiori system itself.
Access Fiori Launchpad in Chrome using HTTPS (after create <system_alias>_HTTP connection), it doesn't work.
Access Fiori Launchpad in Chrome using HTTP (after create <system_alias>_HTTP connection), it works.
One more thing to mention, it seems make no difference what system alias you maintained in LPD_CUST (at least for me).
Now hope this will help you!
Michael
Hi Mariana,
I made a mistake, I found out that only HTTP connection works, the reason why IE works when using HTTPS is because it switch back to HTTP to connect to the back-end system, and Chrome for some security reason blocked the connection.
So I'll make a short list to illustrate what I've done so far:
Fiori RFC Connections
Basically you'll need to create <system_alias>_HTTP RFCs in the Fiori system point to the back-end system for every entry in /UI2/V_SYSALIAS, (if doesn't work, try deleted the _HTTPS RFCs for testing purpose).
Fiori Launchpad System Alias
I just changed the system alias for the individual lancupad to the default in LDP_CUST.
Remove the global system alias settings in /UI2/V_ALIASMAP
That's all, this's not a nice way to solve the problem, but I can't find another way, still no response from SAP.
Regards,
Michael
Hi Michael,
I've tested and indeed it Works... but as the RFC is HTTP and my fiori is configured to work with HTTPS, the browser throws an Mixed Content Alert (some content are HTTP and others HTTPS) showing the grey shield (Chrome) in the address bar. This is an issue for me because it prevents me to use the general lauchpad on mobile devices ... Because on mobile devices I can not bypass the alert
BR,
Mariana
Hi Mariana,
After done few more tests, I finally solved the problem, guess SAP didn't tell that you'll need an Web Dispatcher.
Remove those _HTTP RFCs in Fiori system, and re-create _HTTPS RFCs if you've deleted them as I did.
You also need to configure HTTPS in Web Dispatcher as well as mentioned in SAP S/4 HANA Fiori Basic Network and Security Configuration.
Configure the the Web Dispatcher instance profile, for example:
wdisp/system_0 = SID=<Fiori_SID>, MSHOST=<fiori.xxxxx.com>, MSPORT=<message_service_port>, SRCSRV=*:80;*:443, SRCURL=/sap/bc/ui2/flp;/sap/opu/;/sap/bc/ui2/;/sap/bc/apc/;/sap/bc/ui5_ui5/;/sap/public/bc/;/sap/saml2/;/ui2/nwbc/;/resources/sap/dfa/help/, CLIENT=430
wdisp/system_1 = SID=<Backend_SID>, MSHOST=<prd.xxxxx.com>, MSPORT=<message_service_port>, SRCSRV=*:80;*:443, SRCURL=/sap/es/;/sap/bw/ina/;/sap/bw/Mime/DS/Content/;/sap/bc/gui/sap/its/;/sap/public/icmandir/, CLIENT=800
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=300, EXTBIND=1
icm/server_port_1 = PROT=HTTP, PORT=80, TIMEOUT=300, EXTBIND=1
Then access Launchpad using Web Dispatcher host instead of fiori's.
Hope this will finally help you, or if you've figured it out another way, you're very welcomed to share it with us!
Regards,
Michael
Hi Michael,
Well, that might be a solution for a productive system... but I dont think for QA and DEV systems is the way to solve it ... just because those environments are internal Access only and webdispatcher, is for actívate the internet access to the infrastructure...
Thales commented to me on the ticket there was an issue with the mysso2 sicf service and the domain resolved (different from the one is configured for the systems) .... so he has changed the ticket's component but for now is still in processing....
I think there is a serious issue with SSL communication because if it works without SSL ... why it does not work with SSL????
If I get an update from SAP I will let you know...
BR,
Mariana
Hi Mariana,
Are you having this problem with laptop/desktop devices, tablets, and/or mobile devices, either iOS or Android?
Thanks, Mike
SAP Technology RIG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
25 | |
12 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.