Forum Discussion

danderson_19405's avatar
danderson_19405
Icon for Nimbostratus rankNimbostratus
Feb 25, 2011

ABAP webdynpro in EP url are HTTP vs. HTTPs - popup errors - need to adapt F5 config

We've been live with F5 load balancing our SAP EP java traffic for 3 years now -

 

 

We introduced ABAP web dynpro to our customer EP and they now receive pop-ups; HTTP watch trace files show that the themes url built are HTTP vs. HTTPS. With that said, we've gotten recommendation from SAP to change our "Ports" and "ProxyMappings" configuration settings thru Visual administrator in the Dispatcher for the HTTP provider.

 

 

We need to

 

1) Configure the Ports parameter in the following way:

 

(Port:54100,Type:http)(Port:54101,Type:ssl)(Port:54102,Type:http)

 

 

2) Configure the ProxyMappings in the following way:

 

54100=(Host:hostname.com,Port:80,Scheme:http, Override:true),54101=(Host:hostname.com,Port:443, Scheme:http,Override:true),54102=(Host:hostname.com, Port:443,Override:true)

 

 

With this configuration, all the HTTP requests sent to port 54102 will be mapped on the Java dispatcher to the proxy server's host (hostname.com) and HTTPS port (443).

 

 

OK - so being a Basis admin techie --- we KNOW how and what to do on the SAP/EP side to make these changes - GOT IT

 

 

SAP has said "you need to adapt the F5 configuration" -- this is where we fall short and do not have the skill set to define what / how needs to be done to our F5 configuration; we've always contracted out our F5 configuration which to date has been basic enough that it didn't warrant a resource with both SAP and F5 skills

 

 

 

Any F5 / SAP guru's out there willing to talk this thru with us and perhaps get us to where we need to go?

 

 

Thank you in advance

 

Doreen
partner
sap

3 Replies

Sort By
  • Nojan_Moshiri_4's avatar
    Nojan_Moshiri_4
    Historic F5 Account
    Mar 07, 2011
    Hi Doreen, that's an interesting scenario but it seems pretty straightforward to me, but more detail is needed about the user traffic flow into the ABAP web dynpro. For example, what URL will they be using versus the EP Traffic.

     

     

    It's more than likely that you just need a basic config with a new Virtual Server, a new Pool and some new monitors.

     

     

     

    Have you checked the portal deployment guide, you can likely adapt that guide to make a configuration for WebDynPro.

     

     

     

    SAP NetWeaver and Enterprise SOA: Enterprise Portal (BIG-IP v10 system)

     

     

     

  • danderson_19405's avatar
    danderson_19405
    Icon for Nimbostratus rankNimbostratus
    Mar 10, 2011
    We've finally determined that the bad (HTTP vs HTTPS) url's are contained within web pages vs. header. SAP logic is definitely generating absolute url's and that's the root cause.

     

     

    SAP has recommended that we switch our protocol to be all HTTPS vs. HTTPS to the client and HTTP internally within our network. We don't want to do that as there isn't any reason that we need to run HTTPS internally.

     

     

    Found a wonderful F5 resource who took the time to analyze the traffic and find all of the "where and when" url's were absolute. Then built configuration within the F5 configuration to look for specific patterns and when found change to HTTPS

     

     

    We are quite surprised that this is not spoken of often within BLOGS / FORUMS ETC. as to date, we hadn't been able to find anyone else reporting of the same issue and responses to their solutions.

     

     

    Thank you

     

    Doreen
  • Nojan_Moshiri_4's avatar
    Nojan_Moshiri_4
    Historic F5 Account
    Mar 10, 2011
    Doreen, thank you for taking the time to post it back. Did you end up using a stream profile on the BIG-IP to make these changes?

     

     

    I find a lot of variety in SAP deployments, and not everyone sets up the landscapes the same way, so it's not surprising that there wasn't a ready answer.

     

     

    If you'd like to share your configuration with me, I could write a blog post to save people time and effort on this in the future, and I'd be happy to credit you and your F5 resources.

     

     

    You can reach me at n dot moshiri at f5 dot com

     

     

    Thanks for sharing this experience.