Repost in correct forum

We have setup SSO with Kerberos and SPNEGO for NWBC and now we want to expose it to the internet via SAP Webdispatcher.

NWBC is on a singelstack ABAP system on server1 and we have configured a standalone J2EE system on server 2 for isuing the saplogon ticket.

This works fine with the redirect from icf NWBC -> Error Pages -> Logon Error -> Redirec to URL (Form Fields) http://server2:port/redirect/redirect.jsp

on server2 we have a java application (redirect/redirect.jsp) witch has %response.sendRedirect("http://server1:port/nwbc")%

Problem is that when the webdispatcher calls http://server1:port/nwbc the URL in the browser is hidden with MYDOMAIN.COM/nwbc but when the Logon-error (no saplogon ticket yet) is redirecting to  http://server2:port/redirect/redirect.jsp the browser is showing the actual URL http://server2:port/redirect/redirect.jsp and also when returning to NWBC the browser is showing http://server1:port/nwbc.

And we don't wan't to expose hostnames (server1 and server2) to the internet.

I got this answer:

This question belongs to the SAP NetWeaver Application Server space, this space is for NWSSO topics only, the separately licensed product from SAP.

Regarding your question you have to configure Web Dispatcher for both AS JAVA and AS ABAP and refer to Web Dispatcher URLs only. That includes ICF node configuration and the redirect servlet. The URL generation in AS ABAP needs to be configured so that URLs are generated to point to the Web Dispatcher. Use table HTTPURLLOC for that.

But how do I set up webdispatcher for both ABAP http://server1:port/nwbc (this is working fine before SSO config.) and JAVA http://server2:port/redirect/redirect.jsp?

This is my profile on webdispatcher:

SAPSYSTEMNAME = SID
SAPGLOBALHOST = LOCALHOST
SAPSYSTEM = XX
INSTANCE_NAME = INS
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_CT_RUN)
#-----------------------------------------------------------------------
#SAP Cryptolib
#-----------------------------------------------------------------------
DIR_INSTANCE = D:\usr\sap\SID\INS
ssl/ssl_lib = D:\usr\sap\SID\INS\sec\sapcrypto.dll
ssf/ssfapi_lib = D:\usr\sap\SID\INS\sec\sapcrypto.dll
sec/libsapsecu = D:\usr\sap\SID\INS\sec\sapcrypto.dll
ssf/name = SAPSECULIB
wdisp/ssl_encrypt = 0
icm/HTTPS/verify_client=0
wdisp/add_client_protocol_header = true
wdisp/auto_refresh = 120
wdisp/max_servers = 100
ssl/server_pse = D:\usr\sap\SID\INS\sec\sid2SSL.pse
rdisp/mshost = <ip for abap server1
ms/http_port = <ms http port for abap server1
#-----------------------------------------------------------------------
# Configuration for large scenario
#-----------------------------------------------------------------------
icm/max_conn = 16384
icm/max_sockets = 16384
icm/req_queue_len = 6000
icm/min_threads = 100
icm/max_threads = 250
mpi/total_size_MB = 500
mpi/max_pipes = 21000
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
is/HTTP/default_root_hdl = abap
icm/HTTP/j2ee_0 = PROT=HTTP,HOST=Server2,PORT=5xxxx
icm/server_port_1 = PROT=HTTP,HOST=localhost,PORT=xxxxx
icm/server_port_0 = PROT=HTTPS,HOST=mydomain,PORT=xxx

icm/HTTP/mod_0 = d:\usr\sap\SID\SYS\profile\filter_rules.txt
icm/HTTP/admin_0 = PREFIX=/sap/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),PORT=xxxxx,HOST=LOCALHOST

and this is the filter_rules.txt

# Rules

if %{HTTP_HOST}  RegIMatch MYDOAMIN.COM*
RegIRewriteUrl ^/$ /sap/bc/nwbc?sap-client=200

if %{HTTP_HOST}  RegIMatch mydomain.com*
RegIRewriteUrl ^/$ /sap/bc/nwbc?sap-client=200

if %{HTTPS_HOST}  RegIMatch MYDOMAIN.COM*
RegIRewriteUrl ^/$ /sap/bc/nwbc?sap-client=200

if %{HTTPS_HOST}  RegIMatch mydomain.com*
RegIRewriteUrl ^/$ /sap/bc/nwbc?sap-client=200

I am new to this area