on 03-12-2006 8:06 AM
Hello,
As you may know, after exiting from one IAC going to the next one, users do not need to login again because of context sharing.ITS reuses the login name and password provided to the first one (within the same browser session). But this seems to fail when going through a reverse proxy like apache (IIS wgate behind the proxy, not on same server).
Why is that ? Can this be overcome ? Can ITS and/or proxy be configured such that next IAC (service) will reuse the same login context.
None of the service files (of each IAS or global) has login and password in them. The second IAC(service) is called by calling the exit OKcode of first service after setting exitURL as direct URL of second IAC(service).
This problem has been noticed on old ITS versions(4.x) and 6.20 also.
Your comments will be much appreciated.
Thank you.
Veba
Hello Veba,
from your description I assume that you have a worked version when not using a reverse proxy, I cannot read if you are crossing domains, but it seems a domain issue (i.e. the cookie(s) are not coming along with the next (exit URL) request) please check:
exit url pointing to the internal host and not to the reverse proxy?
host/domain setting issue of session cookie
eventually the same may apply to the SSO cookie
wrong apache configuration (http header manipulation)
Please read the notes according to reverse proxies and ITS(I did the search for you; not all are applicable but they will point you in the right direction)
507293 ITS and Reverse Proxies
582445 ITS and Reverse Proxies - more Info on headermanipulation
494984 ITS WGATE manipulate HTTP headervariables
688295 ITS Best Practices: WGate configuration ITS 6.20
489943 ITS Error: No Service Name Specified
835762 Integrated ITS and sapwebdispatcher
738056 ITS WGate switchable ~wgate_echo=1 parameter
720480 ITS620 WGate configuration (wgate-config) description
493107 SSO integration for ITS via PAS
417784 ITS Updates in release 6.10
852690 SAP GUI for HTML: ~disconnectonclose and slow connection
Regards,
Fekke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Fekke,
Thank you for the response.
Yes, there is a working version without proxy.
I am not sure if it is a domain issue though. I have seen the usual notes regarding internal vs external domain names but the solutions did not apply (same name, using hosts file to address wgate->agate correctly).
I will look into all the notes you provided.
Thank you.
Veba
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.