cancel
Showing results for 
Search instead for 
Did you mean: 

HTTPS for RESTful web service ?

Former Member
0 Kudos

Hello,

How to configure HTTPS/TLS for "RESTful web service" and "Web Service" application ?

I didn't find any clear explaination...

Default URL are:

Properties: RESTful Web Service

URL: http://server_name:6405/biprws

Properties: Web Service

URL :http://server_name:6405/dswsbobje

I configured WACS HTTPS connector following this note:

http://service.sap.com/sap/support/notes/1618311

I use port 443 for Tomcat and port 8443 for WACS

Then I changed web services properties:

Properties: RESTful Web Service

URL: https://server_name:8443/biprws

Properties: Web Service

URL :https://server_name:8443/dswsbobje

These 2 URL are well answering from the client.

When I try to connect in "Live Office", I get "LO 02049" error.

Has anybody a working example of HTTPS configuration for these web services ?

What must be used for field "Bind to Hostname or IP Address" in HTTPS section of WACS properties ? Local FDQN ? Public FDQN ?

Or "hostname" is mandatory ?

In certificate, what must be "CN" equal to ? Local FDQN ? Public FDQN ? Hostname ?

Regards,

Stéphane.

Accepted Solutions (1)

Accepted Solutions (1)

former_member197386
Active Contributor
0 Kudos

Bonjour Stéphane,

There is something special with SOAP webservices (dswsbobje): they can be deployed into Tomcat and/or into WACS. In your case, it seems you're using the deployment into WACS.

About the extract of the configuration file "dsws.properties" you mentioned, the line "daaws.raylight.processing = true" allows to re-route SOAP requests for DaaWS consumption to RESTful webservices. This allows to get more stability and robustness, especially when DaaWS webservices are used in Dashboard.

Nevermind about "daaws.raylight.processing.baseurl" property since it is only used internallt at SAP to accelerate troubleshooting by R&D teams.

Best regards,

Anthony

Former Member
0 Kudos

Hello Anthony,

If I well understand, I only need WACS for RESTful service used by "Live Office 4.1 SP7".

For authentication in LO, I use this URL of Tomcat Server (7.0.67) listening on HTTPS port 443:

https://vm-bobi41.xyz.com:443/dswsbobje/services/Session

=> It's OK, I don't have the blinking /!\

I get "LO 020049" error when I click on [ Connection ].

For WACS,

I set port 8443 for HTTPS in:

- properties of WACS (HTTP port) with info for certificate

- RESTful URL :https://vm-bobi41:8443/biprws

- Web Service URL:https://vm-bobi41:8443/dswsbobje   => useless since I use Tomcat to host "dswsbobje" ???

Do I need to modify HTTPS port and activate RESTful in axis2.xml files ?

I did that on both sides, Tomcat and WACS, for "dswsbobje" but it doesn't help.

Any idea ?

Thanks.

Regards,

Stéphane.

former_member197386
Active Contributor
0 Kudos

Stéphane,

You're right, RESTful webservices are only deployed into WACS.

About SOAP webservices, if there are hosted into Tomcat, indeed it is useless to deploy them into WACS.

No modification is required into ( axis2.xml ) file to activate RESTful stack.

Best regards,

Anthony

Former Member
0 Kudos

Hi Anthony, hi all !

I managed to make "Live Office 4.1 SP7" work in full HTTPS mode with Tomcat server + WACS.

Following SAP note 1618311, made for BO XI 3.1 to solve a BI 4.1 SP7 WACS problem was a very bad idea, claimed by a guy on an other thread as having solved his BI 4.1/WACS+HTTPS problem.

In my case, in HTTPS properties of WACS, the hostname must be used but "localhost" must not (as shown in the note. Perhaps it was OK with BO XI 3.1).

Moreover, I had to use a true certificate signed by an official CA. In fact I use for WACS the same keystore than the one used by Tomcat server.

NB: it is possible to do a test with a self-signed certificate but you have to install in IE the self-signed root CA certificate used to generate certificate for Tomcat server in keystore.

In axis2.xml of "dswsbobje" in Tomcat tree, indeed it's no use activating RESTful but HTTPS connector must be activated by removing marks for comments  and port must be set to the value of HTTPS port of Tomcat server.

In LO options, I use this public HTTPS URL:

https://vm-bobi41.xyz.com:443/dswsbobje/services/Session  

In RESTful web service properties, I use this public HTTPS URL:

https://vm-bobi41.xyz.com:8443/biprws

"Web Service URL" does not seem to be used by "Live Office" I keep the original HTTP value:

http://vm-bobi41:6405/dswsbobje

I wonder in what case this URL is used... What product uses it ???

To check that all is well encrypted between client and server, I used a fantastic free tool I've just discovered: "Fiddler" from Telerik.

It even gives cipher suites proposed by the client and cipher suite accepted by the server !

I've discovered user/password and data are all transiting by Tomcat server with "dswsbobje"  service.

I hope it's quite understandable... It's late and my english may become muddled...

Regards,

Stéphane.

former_member685011
Discoverer
0 Kudos

Hello Stephane,

we have recently upgraded to BI 4.1 SP7 (Server and live office). we are facing same issue while trying to login to Live office.But user with administrative privilages able to log in successfully with out any issue. Is it a access issue or something else. i am confused

Thanks for you suggestions.

Regards,

Dileep Kumar

Former Member
0 Kudos

Hello,

Whay is exactly your problem ?

What did you do before ?

Regards,

Stéphane.

Answers (2)

Answers (2)

Former Member
0 Kudos

Hello Stéphane,

Q1: In the Bind to Hostname or IP Address field, specify the hostname that the certificates were issued for.  HTTPS services will be provided through the IP address that you specify. (so it can be either the IP address or the Hostname)

Q2: The value for –dname can be anything unique, Not needed to be a machine or clustername. For instance “-dname CN=STSINDEV” or something that indicates it’s for a particular environment.

I hope this helps.

Former Member
0 Kudos

Hello Moslem,

I'm waiting for your working sample tested on your side to compare with my platform.

Regards,

Thanks.

Stéphane.

daniel_paulsen
Active Contributor
0 Kudos

Hi Stepahne,

Since the /biprws request returns properly, the first place I would check is to make sure the raylight.processing.baseurl is set up for the same port in the dsws.properties file on your web server.

The LO error suggest it could not get a token and log in.

Dan

Former Member
0 Kudos

Hi Daniel,

I had a look to dsws.properties and I only found this, in comments:

# enable/disable the processing through Raylight (default is 'false')

# daaws.raylight.processing = true

# allow to redirect Raylight calls to a specific URL (dev mode)

# daaws.raylight.processing.baseurl = http://localhost:9080/biprws

It's written it's for "dev mode" ???

Is it that you're talking about ?

Regards,

Steve.