cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL termination on WebDisp: httpS becomes http (only)

Go to solution
tombo_larsen
Active Participant

on ‎01-03-2008 1:31 PM

0 Kudos

Hi

We are using a SAP Web Dispatcher to access a SAP NW04s Portal, using SSL termination on the SAP Web Dispatcher.

However after logging on to the portal (through the webdisp) the HTTPS protocol turns into HTTP!

More precise:

1) We call the Portal logon page through the SAP web disp like: "HTTPS://<webdisp>/irj/portal" and gets the logon screen.

2) Here we enters the logon info...

3) When clicking the [log on] button, then we get the IE warning that the page contains both secure and non-secure content...

4) When proceeding using YES or NO (doesn't matter) in the pop-up, then we gets the portal header and a "400 Ilegal SSL request", because the HTTPS turns into HTTP.

Any ideas?

Best regards

Tom

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-03-2008 8:34 PM
0 Kudos

Hi Tom,

so you configured the WebDispatcher like option 3 on http://help.sap.com/saphelp_nw70/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm (icm/server_port_<xx>= ... , PROT=HTTPS ..., wdisp/ssl_encrypt=0)

It should work like that -- is really everything on HTTP and not HTTPS or do you just have "extra" content that is HTTP only?

You could try to set Proxy Mappings (http://help.sap.com/saphelp_nw70/helpdata/en/b8/437d46d4451e4c9ab756e272a1581d/frameset.htm) to tell the J2EE Engine that it is behind a WebDispatcher.

Hope this helps,

Holger.

Show replies
Show replies
tombo_larsen
Active Participant
‎01-03-2008 8:55 PM
0 Kudos

Hi Holger

The URL in the client side browser turns into "HTTP://..." instead of keeping "HTTPS://...".

If we manually change the URL to HTTPS in the browser again after logon, then everything works fine and we can use the portal.

But it seems that the warning about secure/non-secure forces the browser to use HTTP (only)?

BR

Tom

Former Member
‎01-03-2008 9:16 PM
0 Kudos

Hi,

on which SPS are you? I think there was an issue with an about:blank setting in the source code. This caused the Internet Explorer to return the unsecure pop-up. Can you try with Firefox -- I think the issue was not there.

If this is the case, then please try to set the Proxy mapping as mentioned above. This will solve the issue (and I think there is a note somewhere which fixed the logon page).

Please let me know if it works and I will try to find the note.

Regards,

Holger.

tombo_larsen
Active Participant
‎01-04-2008 1:41 PM
0 Kudos

Hi Holger

We run release 7.0 SPS13 on the portal side.

Firebox does the same. I have checked in the source for the logon page and found:

UIPPortalPath:"http://dcwdept.danishcrown.dk:44300/irj/portal"

being part of the source. I think this triggers the warning and shift from https to http.

I have tried to implement the Dispatcher HTTP provider proxy mapping as you described... and it WORKS.

BUT internal users does not connect through this web dispatcher (reverse proxy) and therefore this solution does not help - unless it is possible to have more HTTP (not HTTPS) ports for the same Portal Dispatcher?

BR

Tom

Former Member
‎01-04-2008 1:54 PM
0 Kudos

Hi Tom,

you can add as many ports as you like. Just add them to the proxy mapping. But then you would have to make sure that the internal users connect to the portal on this other port.

Regards,

Holger.

tombo_larsen
Active Participant
‎01-04-2008 1:55 PM
0 Kudos

I just tried. It is possible to confiure more HTTP ports for the same EP Dispatcher HTTP provider and then having SAP web disp using the one (with proxy mapping) and internal users using the other.

BR

Tom

tombo_larsen
Active Participant
‎01-04-2008 2:21 PM
0 Kudos

Hi

Just an update. I found the REAL solution.

On the SAP Web Dispatcher the parameter:

wdisp/add_client_protocol_header=true

can be set and then it works without having to configure more HTTP ports on the portal side.

BR

Tom Bo

Answers (0)

Ask a Question