on 01-25-2016 9:46 PM
Hello,
How to configure HTTPS/TLS for "RESTful web service" and "Web Service" application ?
I didn't find any clear explaination...
Default URL are:
Properties: RESTful Web Service
URL: http://server_name:6405/biprws
Properties: Web Service
URL :http://server_name:6405/dswsbobje
I configured WACS HTTPS connector following this note:
http://service.sap.com/sap/support/notes/1618311
I use port 443 for Tomcat and port 8443 for WACS
Then I changed web services properties:
Properties: RESTful Web Service
URL: https://server_name:8443/biprws
Properties: Web Service
URL :https://server_name:8443/dswsbobje
These 2 URL are well answering from the client.
When I try to connect in "Live Office", I get "LO 02049" error.
Has anybody a working example of HTTPS configuration for these web services ?
What must be used for field "Bind to Hostname or IP Address" in HTTPS section of WACS properties ? Local FDQN ? Public FDQN ?
Or "hostname" is mandatory ?
In certificate, what must be "CN" equal to ? Local FDQN ? Public FDQN ? Hostname ?
Regards,
Stéphane.
Bonjour Stéphane,
There is something special with SOAP webservices (dswsbobje): they can be deployed into Tomcat and/or into WACS. In your case, it seems you're using the deployment into WACS.
About the extract of the configuration file "dsws.properties" you mentioned, the line "daaws.raylight.processing = true" allows to re-route SOAP requests for DaaWS consumption to RESTful webservices. This allows to get more stability and robustness, especially when DaaWS webservices are used in Dashboard.
Nevermind about "daaws.raylight.processing.baseurl" property since it is only used internallt at SAP to accelerate troubleshooting by R&D teams.
Best regards,
Anthony
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Anthony,
If I well understand, I only need WACS for RESTful service used by "Live Office 4.1 SP7".
For authentication in LO, I use this URL of Tomcat Server (7.0.67) listening on HTTPS port 443:
https://vm-bobi41.xyz.com:443/dswsbobje/services/Session
=> It's OK, I don't have the blinking /!\
I get "LO 020049" error when I click on [ Connection ].
For WACS,
I set port 8443 for HTTPS in:
- properties of WACS (HTTP port) with info for certificate
- RESTful URL :https://vm-bobi41:8443/biprws
- Web Service URL:https://vm-bobi41:8443/dswsbobje => useless since I use Tomcat to host "dswsbobje" ???
Do I need to modify HTTPS port and activate RESTful in axis2.xml files ?
I did that on both sides, Tomcat and WACS, for "dswsbobje" but it doesn't help.
Any idea ?
Thanks.
Regards,
Stéphane.
Hi Anthony, hi all !
I managed to make "Live Office 4.1 SP7" work in full HTTPS mode with Tomcat server + WACS.
Following SAP note 1618311, made for BO XI 3.1 to solve a BI 4.1 SP7 WACS problem was a very bad idea, claimed by a guy on an other thread as having solved his BI 4.1/WACS+HTTPS problem.
In my case, in HTTPS properties of WACS, the hostname must be used but "localhost" must not (as shown in the note. Perhaps it was OK with BO XI 3.1).
Moreover, I had to use a true certificate signed by an official CA. In fact I use for WACS the same keystore than the one used by Tomcat server.
NB: it is possible to do a test with a self-signed certificate but you have to install in IE the self-signed root CA certificate used to generate certificate for Tomcat server in keystore.
In axis2.xml of "dswsbobje" in Tomcat tree, indeed it's no use activating RESTful but HTTPS connector must be activated by removing marks for comments and port must be set to the value of HTTPS port of Tomcat server.
In LO options, I use this public HTTPS URL:
https://vm-bobi41.xyz.com:443/dswsbobje/services/Session
In RESTful web service properties, I use this public HTTPS URL:
https://vm-bobi41.xyz.com:8443/biprws
"Web Service URL" does not seem to be used by "Live Office" I keep the original HTTP value:
http://vm-bobi41:6405/dswsbobje
I wonder in what case this URL is used... What product uses it ???
To check that all is well encrypted between client and server, I used a fantastic free tool I've just discovered: "Fiddler" from Telerik.
It even gives cipher suites proposed by the client and cipher suite accepted by the server !
I've discovered user/password and data are all transiting by Tomcat server with "dswsbobje" service.
I hope it's quite understandable... It's late and my english may become muddled...
Regards,
Stéphane.
Hello Stephane,
we have recently upgraded to BI 4.1 SP7 (Server and live office). we are facing same issue while trying to login to Live office.But user with administrative privilages able to log in successfully with out any issue. Is it a access issue or something else. i am confused
Thanks for you suggestions.
Regards,
Dileep Kumar
Hello Stéphane,
Q1: In the Bind to Hostname or IP Address field, specify the hostname that the certificates were issued for. HTTPS services will be provided through the IP address that you specify. (so it can be either the IP address or the Hostname)
Q2: The value for –dname can be anything unique, Not needed to be a machine or clustername. For instance “-dname CN=STSINDEV” or something that indicates it’s for a particular environment.
I hope this helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Stepahne,
Since the /biprws request returns properly, the first place I would check is to make sure the raylight.processing.baseurl is set up for the same port in the dsws.properties file on your web server.
The LO error suggest it could not get a token and log in.
Dan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Daniel,
I had a look to dsws.properties and I only found this, in comments:
# enable/disable the processing through Raylight (default is 'false')
# daaws.raylight.processing = true
# allow to redirect Raylight calls to a specific URL (dev mode)
# daaws.raylight.processing.baseurl = http://localhost:9080/biprws
It's written it's for "dev mode" ???
Is it that you're talking about ?
Regards,
Steve.
User | Count |
---|---|
84 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.