cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Message: Transaction Canceled ITS_P 018 ( illegal host in ~designbaseurl )

Go to solution
eyal_alsheikh
Active Participant

on ‎09-21-2008 3:38 PM

0 Kudos

Dear Experts,

We have installed SRM 5.0 Business Package (BP) in our portal 7.0 and connected it to our SRM 5.0 (SRM_SERVER 550 ) as backend system. The BP contains a set of IAC iviews to run in the SRM system.

However, when we try to display the BP IAC iviews from the portal we get an error message in the SRM system:

ITS, User session could not be created

Transaction Canceled ITS_P 018 ( illegal host in ~designbaseurl )

Thanks for your help,

Eyal

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-25-2008 12:29 PM
0 Kudos

Easiest solution is to patch the kernel of the backend system. Kernel 177 is advised, but as a complete set is not avaiable yet. You can update the DISP+WORK only, this is sufficient. (worked for me)

A workaround is described in note 1455048.

Goodluck, Toine.

Show replies
Show replies

Answers (4)

Answers (4)

eyal_alsheikh
Active Participant
‎10-26-2008 6:19 AM
0 Kudos

Dear Toine,

I searched in the marketplace and I get a message

that note 1455048 does not exist, is it the correct number?

Thank You,

Eyal

Show replies
Show replies
paulcrauwels
Explorer
‎11-05-2008 1:33 PM
0 Kudos

Note is https://service.sap.com/sap/support/notes/1245048 .

eyal_alsheikh
Active Participant
‎10-22-2008 7:08 AM
0 Kudos

Dear Mukesh,

Please read notes in this order:

1245048

19466

1236729

It helped us maybe it will help you,

If you not sure maybe consult OSS,

Regards,

Eyal

Show replies
Show replies
Former Member
‎10-21-2008 12:25 PM
0 Kudos

were you able to resovle this issue. I m facing the same one. Can you please suggest the solution.

Show replies
Show replies
Former Member
‎09-22-2008 8:31 PM
0 Kudos

Check this SAP Note# 889454

*************

Both the integrated ITS and the external ITS contain some checks for averting possible cross-site scripting attacks. A possible attack could entail infiltration of a CSS file from an external host (in this case a cascading style sheet) via the parameter ~designbaseurl.

To prevent this, the ITS, by default, allows only the current host on which the integrated or external ITS is running to be specified in ~designbaseurl. To extend this to a complete domain, proceed as follows:

For the external ITS:

In the "Security/AllowDesignsFrom" key in the register, enter a list of permitted hosts or domains separated by commas, for example: <key name="Security">

< value name="AllowDesignsFrom" type="text">myhost,.company.com</value> </key>

For the integrated ITS:

Set the parameter in the profile file as follows, for example:

itsp/Security/allow_designs_from = myhost,. company.com

Enter the parameter blank in the local profile file to avoid possible error messages due to a parameter not being set. The error message does not occur and the system does not perform a check.

Caution: Depending on the kernel patch used, this behavior may differ. It may only be reached as of a certain patch level. On this topic, see Note 1245048.

Show replies
Show replies
Ask a Question