cancel
Showing results for 
Search instead for 
Did you mean: 

Are posible login to ITSmobile via URL

former_member395192
Participant
0 Kudos

In SAP WEB console we use login via URL f.e. to login in client 001 and server servA.dom1.dom2 with username user1 and password pass12345 we use next URL

http://servA.dom1.dom2/?p=mc3090audio&c=001&u=user1&s=pass12345&a

now we try go to ITSmobile and for sapserver sapserv1

http://sapserv.dom1.dom2:8000/sap/bc/gui/sap/its/test/mobile/testservice?sap-client=001&&sap-languag...

but it not work propertly. Instead open generated form for first screen are opened logon window. Why logon wia URL doesn`t work?

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

You didn't share the SAP version you are using. Most likely what you are seeing is due to XSRF protection, see SAP note 1617090 for details.

https://service.sap.com/sap/support/notes/1617090

former_member395192
Participant
0 Kudos

Hello, Samuli and thnx!

We have SAPKB70106 and so note 1567128 which bound with note 1617090 shold be implemented.

After implementantion that notes I post there about result.

Thank you very much, Samuli!

former_member395192
Participant
0 Kudos

That solution is not helpful, becouse it correct only for SAPKB70108 - SAPKB70109.

Thank for direction in serch, anymore!

Former Member
0 Kudos

Set the parameter ~XSRFCHECK = 0 for the ICF service in question.

former_member395192
Participant
0 Kudos

I think, parameter ~XSRFCHECK not used in our release SAPKB70106, becouse accordingly sap note 1458171 XSRF protection was introdused from SAPKB70108 or by note 1458171. Correspond SP SAPKB70108 and note 1458171 wasn`t implemented in our systems.

Is presence XSRF protection necessary condition to use URL login parameters sap-login and sap-passwords?

Must I  implement note 1458171 and bounded with it to that?

former_member395192
Participant
0 Kudos

Samuli, I check parameter ~XSRFCHECK=0 on our Solution Maneger server, which more modern than ERP and in correspond note 1458171 include XSRF protection.

But it not work also.

When I copy and paste url

http://f.q.dn:8080/sap/bc/gui/sap/its/test/mobile/itsmobile00?sap-client=100&sap-login=user&sap-pass...

and press "Enter", I see logon windows, also as withot params sap-login=user&sap-password=pass:

http://f.q.dn:8080/sap/bc/gui/sap/its/test/mobile/itsmobile00?sap-client=100

Former Member
0 Kudos

Check the standard ITSmobile test ICF services, if they have the ~XSRFCHECK parameter set to 1 under GUI Configuration, then you have XSRF protection in your system. In case you don't have XSRF protection, the reason for URL login not working is unrelated to XSRF protection. In that case use HTTPwatch or similar to verify that there is no redirect taking place. In case of redirect, the credentials will be removed from the URL. If you are still unsuccesful in finding out the reason for URL login to fail, debug the ICF handler CL_HTTP_EXT_ITS and as a last resort CL_HTTP_SERVER.

Former Member
0 Kudos

Well check also the respective ICF service, maybe your Solution Manager system has also the newer XSRF protection described in SAP note 1617090.

The fact that sap-login and sap-password are removed from the URL indicate that they are either removed because of XSRF protection or a redirect.

former_member395192
Participant
0 Kudos

Helo, Samuli!

You answers helpful and correct.

I activate http debug in IE9 via F12 and find, that correct parameter in URL login is sap-user. Parameter sap-login not used for URL login in that case.

Also helpful for me was answer in http://scn.sap.com/message/14163392 from

Answers (0)