on 02-14-2008 3:27 PM
We'd like to know how to disable HTTP functionality in NetWeaver CE 7.1 SP3 and use strictly HTTPS. There is another thread on this forum with a similar subject, but its answer is similar to the Administrator's Guide--it refers one to icm/server_port_0 in c:\usr\SAP\CEx\SYS\profile\CEx_Jxx_<hostname>, but there are no icm/server_port statements in that file, except for the icm/server_port04 statement we added to turn on HTTPS. So, where is this specified?
Also, is it possible to have behavior similar to Websphere such that if you enter your application URL using http it's automatically rerouted to the same URL with https?
Thanks,
William
Going into the NWA --> Operation Management -> Systems -> Start & Stop -> Java EE Services -> Destinations just shows the destination started; no options to change, configure, etc.. Was this the destinations you were referring to?
We have HTTPS working fine; but want to prevent the use of HTTP for security reasons. I don't think where the users are stored matter because you access the application login page before those come into play. But, in our case we're storing users in the internal MaxDB UME.
Thanks,
William
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi William,
the default port configuration that is delivered is described on the help portal: [http://help.sap.com/saphelp_nwce10/helpdata/en/44/f71aede38e2462e10000000a1553f7/frameset.htm]
The default configuration entries are not specified in the profile, but are defined internally. The default configuration in the profile would look as follows:
icm/server_port_0 = PROT=HTTP, PORT=5$(SAPSYSTEM)00, TIMEOUT=600
icm/server_port_1 = PROT=P4, PORT=5$(SAPSYSTEM)04
icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07
icm/server_port_3 = PROT=TELNET, PORT=5$(SAPSYSTEM)08
If you want to change the port configuration, you should add these 4 lines to the profile and do the modifications there.
e.g.
icm/server_port_0 = PROT=HTTPS, PORT=1443, TIMEOUT=600
icm/server_port_1 = PROT=P4, PORT=5$(SAPSYSTEM)04
icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07
icm/server_port_3 = PROT=TELNET, PORT=5$(SAPSYSTEM)08
Please keep in mind that the numbers of icm/server_port_ parameter have to be unique and that no gaps are allowed in the numbering!
Regards,
Oliver
PS: The HTTPS port is per default not configured. So if you haved managed to set up an HTTPS port you must have changed the configuration already. I am wondering how?
Hi Oliver, Thanks for the update. That solved the problem. I didn't realize that I was meant to add those entries to the profile file. So, by adding the default settings I can change port 1 from HTTPS to HTTP. I had already added port 4 for HTTPS, but since I hadn't seen the other 4 documented entries I was confused, assuming they must have lived elsewhere. I'm still wondering about the web.xml <transport-guarantee> setting, but I'll leave that for another day.
All the best,
William
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vamshi,
Thanks for the response, but in this case we don't have any connection with ABAP or any other externals--this is just straight J2EE.
So, we'd like to know if it's possible to eliminate the exposure of using HTTP and force everyone to use HTTPS. Certainly if I launch the application from the Java Alias list on the sapmmc it uses HTTPS, but there's nothing stopping anyone from typing in the application URL using http://. We have <transport-guarantee>CONFIDENTIAL</transport-guarantee> specified in web.xml and when you do this on WebSphere for instance any use of http:// is forced to https:// automatically.
So, is this possible on NetWeaver CE 7.1? As I say the product documentation alludes to this, but it doesn't correspond to the reality of what I see in our profile ICM file (e.g. see http://help.sap.com/saphelp_nwce10/helpdata/en/44/f71aede38e2462e10000000a1553f7/frameset.htm), so where is this actually defined in NWCE 7.1 and how do we setup this functionality? Or is this a bug in NWCE, not honoring <transport-guarantee>?
Thanks,
William
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi William,
I am not very sure but you can check in visual admin > services>destinations and can check in destination of your java sytem
i think it asks you which sort of authentication you need
i suppose you have used basic authentication.You can use https(secure connnection) and try.
Also tell me where do you store the java users? Like UME is configured as abap or java or ldap?.
Regards,
Vamshi.
Hi William,
You can check the rfc which connects your java stack to abap stack and there you use ssl in logon and security tab option and give the destination with https://<address>.
Also configure accordingly in visual admin.
Regards,
Vamshi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.