on 06-15-2012 12:50 PM
Dear SRM Friends,
we would like to use NWBC HTML for Internet access to SRM-System for our suppliers.
When using NWBC HTML in the intranet everything works fine.
Url for Internal access: http://SRM_SERVER.xxx.ads:8000/sap/bc/nwbc
For intenet access scenario we are using a reverse proxy in dmz which redirects the request to our internal server.
(Internet Explorer HTTPS --> Reverse Proxy --> HTTP Internal SRM Server).
Via internet we are able to access the srm-logon screen.
When entering the right credentials the login screen appears again.
Url for External access: https://portal.xxxxx.de/sap/bc/nwbc
Are there special settings which have to be made for external access via NWBC for HTML?
Could it be a issue that the domain names of external xxxxx.de access are differenz to internal xxx.ads?
Thanks in advance for all your inputs!
Kind Regards
Stefan
We have made an trace with SMICM and the issued SSO2 Cookie in case of access via internet contains the parameter DOMAIN=xxx.ads and not xxxxx.de
We guess this is the issue.
The internet access is via xxxxx.de therefore the SSo2 Cookie should be issued for domain
xxxxx.de and not for the internal domain xxx.ads.
Are we right with this assumption?
If yes, what are the settings to issue a SSO2 Cookie for interal and external access if the domains are
different with usage of NWBC?
I have found several SCN entries for setting up a multiple domain access but all of these are for SAP-Portal.There is nothing (which I've found) for setting up multiple domains access via NWBC for HTML.
Thanks for all your inputs
Stefan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
SAP SRM is issuing a SSO2 Cookie with domain of the host header of the HTTP request.
The reverse proxy has changed the host header of the request from external domain to internal domain.
Therefore the domain in SSO2 was wrong for our process.
In the reverse proxy (we are using microsoft forefront) is a setting which has to be activated to get the host header of the external domain:
"Forward the original host header instead of the actual one (specified in the internal site name field)".
Stefan
Hi,
I think there would not be any issue. Generally Infrastructure team opens NWBC links outside firewall so that these can be accessed through outside world.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.