on 02-02-2010 2:02 AM
Hi,
We are implementing SAP BillerDirect Portal. To make BillerDirect Portal available over the internet, we Configured SAP WebDispatcher with SSL termination. We followed the steps mentioned in SAP Help Documentaion for SAP WebDispatcher with SSL termination.
http://help.sap.com/saphelp_nw2004s/helpdata/en/76/6d4fa247d0d647b5bd40745400d873/frameset.htm
We created certificate and send it to CA (TrustCenter CA). We received the CA response and we imported the certificate.
AS mentioned in the help document, we configured the SAP Web Dispatcher profile to support SSL termination
We tried to access our BillerDirect Portal over the internet using below link
We are getting login page, once we enter correct user ID and Password, portal is not loading (not going to next page) portal remains on same login page.
If we enter invalid credentials portal login page is giving u201CUser Authentication Failedu201D error.
If we try to access any portal login pages which brings a pop-up for login, login gets succeeded and we are able to see next pages
Examples
1) https://company.com/bd/admin/xcm/init.do
2) https://company.com/monitoring/SystemInfo
All pages which bring up portal login page without pop-up, not able to pass through portal login screen.
We Tried the ProxyMapping option on Dispatcher using Visual admin. This option also didnu2019t work for us.
Here is the WebDispatcher Profile
SAPSYSTEMNAME = xxx
SAPGLOBALHOST = xxxxx
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386
DIR_EXECUTABLE = $(DIR_CT_RUN)
#----
Accesssability of Message Server
#----
rdisp/mshost = hostnameofportalserver with FQDN
ms/http_port = 8101
#----
Configuration for medium scenario
#----
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#----
SAP Web Dispatcher Ports
#----
icm/server_port_0 = PROT=HTTPS,PORT=443
icm/server_port_1 = PROT=HTTP,PORT=80
icm/HTTPS/verify_client = 0
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=D:\usr\sap\xxx\W00\data\icmanroot\admin,AUTHFILE= D:\usr\sap\xxx\SYS\global\security\data\icmauth.txt
Parameters for the SAP Cryptographic Library
ssl/ssl_lib = D:\usr\sap\xxxW00\sapcrypto.dll
ssl/server_pse = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
ssf/name = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
ssf/ssfapi_lib = D:\usr\sap\xxx\W00\sapcrypto.dll
sec/libsapsecu = D:\usr\sap\xxx\W00\sapcrypto.dll
wdisp/ssl_cred = D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
Parameters for Using SSL to the backend server
wdisp/ssl_encrypt = 1
wdisp/ssl_auth = 1
wdisp/ssl_cred = D:\usr\sap\xxxW00\sec\SAPSSLC.pse
wdisp/ssl_certhost = hostnameofportalserver with FQDN
wdisp/ssl_ignore_host_mismatch = true
#ICM Parameters
icm/HTTP/j2ee_0 = PREFIX=/, HOST =hostnameofportalserver with FQDN PORT=50000,SPORT=50001, SSLENC=1,TYPE=1, CRED =D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
We also tried below options in WebDispatcher profile but we are getting same problem.
wdisp/add_client_protocol_header = true
wdisp/add_clientprotocol_header = 1
wdisp/ssl_ignore_host_mismatch = true
#ICM Parameters
icm/HTTPS/forward_ccert_as_header = true
icm/HTTPS/trust_client_with_issuer = *
icm/HTTPS/trust_client_with_subject = *
we also tried
wdisp/ssl_encrypt = 0
wdisp/ssl_auth = 0
we also tried
wdisp/ssl_encrypt = 2
wdisp/ssl_auth = 2
We are not able to resolve issue. Please help us on resolving this issue.
Thanks
Praveen
'_' in Host Names is not allowed. Our hosname has '_'.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/67/be9442572e1231e10000000a1550b0/frameset.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Seems some parameter problem in your webdispatcher.
From your configuration it seems you are using Terminating SSL concept of webdispatcher.
Pls change the parameter as below and then restart the webdispatcher to take change effect and let us know the ouput.
before making change take backup of webdispatcher profile file
SAPSYSTEMNAME = xxx
SAPGLOBALHOST = xxxxx
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386
DIR_EXECUTABLE = $(DIR_CT_RUN)
#-----------------------------------------------------------------------
# Accesssability of Message Server
#-----------------------------------------------------------------------
rdisp/mshost = hostnameofportalserver with FQDN ms/http_port = 8101
#-----------------------------------------------------------------------
# Configuration for medium scenario
#-----------------------------------------------------------------------
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
icm/server_port_0 = PROT=HTTPS,PORT=443
icm/server_port_1 = PROT=HTTP,PORT=80
icm/HTTPS/verify_client = 0
# SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=D:\usr\sap\xxx\W00\data\icmanroot\admin,AUTHFILE= D:\usr\sap\xxx\SYS\global\security\data\icmauth.txt
# Parameters for the SAP Cryptographic Library
ssl/ssl_lib = D:\usr\sap\xxxW00\sapcrypto.dll
ssl/server_pse = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
ssf/name = D:\usr\sap\xxx\W00\sec\SAPSSLS.pse
ssf/ssfapi_lib = D:\usr\sap\xxx\W00\sapcrypto.dll
sec/libsapsecu = D:\usr\sap\xxx\W00\sapcrypto.dll
wdisp/ssl_cred = D:\usr\sap\xxx\W00\sec\SAPSSLC.pse
wdisp/add_client_protocol_header = 1
wdisp/ssl_encrypt=0
Thanks
Anil
Edited by: Anil Bhandary on Feb 2, 2010 5:44 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.