cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SRM ABAP Server to listen only HTTPS (ICM)

Former Member

on ‎07-11-2013 6:16 PM

0 Kudos

Hi All,

I am working on enabling our SAP SRM System on internet by reverse proxy

Our Server Details

Portal 7.3

SRM 7.01

MDM 7.1

Below is the

External url -> Apache Reverse Proxy -> Portal -> SRM

https://www.mycompany.com -> http://www.Apachereverse.mydomain.com:80/ -->

                                                                                                       http://portal.mydomain.com:50100/irj/portal

                                                                                                    ...

I am able to send all requests from external url to portal and by changing the system object (ITS & WebAS) hostname and protocol.

But in SRM, there is one place when I click on Internal product Catalog, its uses host name from SMICM and http protocol.

At this point, I want to all requests in ICM to use https and www.mycompany.com as the hostname.

Then From Apache reverse proxy, I will redirect to http://srm.mydomain.com:8000/sap.

Please help

Regards

Ponnusamy

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎07-11-2013 7:19 PM
0 Kudos

Hi Ponnusamy,

Its looks like you have configured SSL termination at reverse proxy, which is ensuring the communication path reverse proxy -> Portal -> SRM and backwards uses http without encryption.

If you want SRM ABAP ICM to listen at https, you will need to configure end-to-end SSL.

Regards,

Yashith

Show replies
Show replies
Former Member
‎07-12-2013 12:50 AM
0 Kudos

Hi ,

First thing i wanted to understand which system is responsible of doing SSL offloading?

And can you please let me know what are the details that you have maintained in the Portal 7.3 system landscape for the SRM back-end.

All the url should be https in the system landscape page for the SRM system in portal.

Please let me know your comments.

thanks

Rishi Abrol

Former Member
‎07-12-2013 5:19 AM
0 Kudos

Hi Rishi,

My SSL Offloading happens at Load Balancer.

In the Portal System object (system landscape), I made protocol to https and ITS and webas parameter to www.mycompany.com

All requests from System object is perfectly going to backend through reverse proxy from Apache.

Only issue I am facing, when I click on Internal Product Catalog, its uses ICM Hostname and port mentioned in SMICM.

Can I make SMICM Parameter as follows

Protocol -> https

Hostname -> www.mycompany.com

Port : 0

So All requests that uses ICM host should use the above one and in my apache, i can redirect to correct FQDN of backend system.

Regards

Ponnusamy

Former Member
‎07-12-2013 5:43 AM
0 Kudos

Hi Ponnusamy,

As the SSL offloading is done by the load balancer so that makes things easier.

Now on the load balancer you would have got two vip one for the portal and another for backend system.

So two ways to user it.

Apache should do reverse proxy for two ip one for Portal and one for SRM(if they cant be accessed by different ip and are installed on different hosts and with different port names on which the application are installed)

Apache should do reverse proxy for one ip for both portal and SRM(if they cant be accessed by same ip and are installed on hosts and with different port names on which the application are installed)

Again please let me know what are the settings maintained in the system landscape in portal for the SRM system.

Thanks

Rishi abrol

Former Member
‎07-12-2013 5:50 AM
0 Kudos

Hi,

for this 

Only issue I am facing, when I click on Internal Product Catalog, its uses ICM Hostname and port mentioned in SMICM.
Can I make SMICM Parameter as follows
Protocol -> https
Hostname -> www.mycompany.com
Port : 0

Please try to maintain the table httpurlloc

MANDT         <main client of backend>

SORT KEY      001

PROTOCOL      HTTPS

APPLICATN

FOR DOMAIN

HOST          <Host name which you will recognised the backend on internet>

PORT          443

Thanks

Rishi Abrol

Former Member
‎07-12-2013 6:41 AM
0 Kudos

Hi Rishi,

Thanks. Do I need to include HTTPS parameter in SMICM or thats not needed when keep this table updated.

Regards

Ponnusamy

Former Member
‎07-12-2013 6:52 AM
0 Kudos

Hi,

Its better to install the sapcrypto and get HTTPS parameter set in the system. logically we don't need it as ssl offloading is done by load balancer.

Thanks

Rishi Abrol

Former Member
‎07-12-2013 10:12 AM
0 Kudos

Hi Rishi,

I added the entry in the table, but still the request goes to actual host name of the server and not to the internet address.

Regards

Ponnusamy

Former Member
‎07-12-2013 1:07 PM
0 Kudos

Hi,

Did you restart the ICM and also can you try activating HTTPS in the system.

Thanks

Rishi Abrol

Former Member
‎07-20-2013 7:57 PM
0 Kudos

Hi Ponnusamy,

Please check this: http://help.sap.com/saphelp_nw04/helpdata/en/55/33a83e370cc414e10000000a114084/content.htm

You can try to link the internal product catalog to SICF service, and use "external alias" or "virtual host" to achieve your goal.

I hope this will help you.

Regards,

Andre

Former Member
‎07-22-2013 7:01 AM
0 Kudos

Hi All,

I am able to solve the issue and able to access my application on internet without any issues.

Rishi input helped a lot to find the solution

1. Maintained  Table entries httpurlloc in all clients - 000, prd client

2. Added the below entries in Apache

   RewriteEngine on

    RequestHeader set x-sap-webdisp-ap HTTP=8000,HTTPS=443 

    RequestHeader set ClientProtocol https

3. Added entries for BSP application to render on internet

      RewriteRule ^/(sap\(.*)  http://FQDN:8000/$1 [P,L]

  

And follow the link below, which explains in detail

http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies

Regards

Ponnusamy

Former Member
‎07-22-2013 8:32 AM
0 Kudos

Hi Ponnusamy,

I'm just curious, as you are using the SAP Web Dispatcher anyway, and as my previous idea using SICF-service to make your BSP available, why not using it? because SAP  Web Dispatcher also having a "reverse proxy" functionality and load-balancing capability as well?

I assume this is much simpler than your solution now (extra Apache as reverse-proxy)?

See http://help.sap.com/saphelp_nw70/helpdata/en/e9/3bb7f8f6ea4e938ef0b9687cbb6c14/content.htm

Regards,

Andre

Ask a Question