Page tree
Skip to end of metadata
Go to start of metadata

Purpose

In this wiki page, we will illustrate how to set up SAP Web Dispatcher (WDP) for Fiori applications. Communication scenarios, such as HTTP and SSL Termination are also covered.

Configuring WDP for Fiori Applications 

 Below diagram is the sample Fiori application Architecture for ECC/Gateway using SAP Web Dispatcher as a proxy/Load balancer solution:

Regarding Web Dispatcher Installation, please refer to the following WIKI page. The following communication scenarios are contemplated:

HTTP communication

Configure sapwebdisp.pfl In this section, SAP Web Dispatcher configuration using HTTP communication is explained. For HTTP communication, update following profile sections as shown below: 

# Backend Systems

wdisp/system_0 = SID=<SID>, NR=XX, MSHOST=<ABAP_Back-End_Message_Server_Host>, MSPORT=<ABAP_Back-End_Message_Server­_Port>, SRCSRV=*:*, SRCURL=/sap/es/;/ENTERPRISE_SEARCH;<additional prefixes; read the SAP KBA 2626799>, SSL_ENCRYPT=0

wdisp/system_1 = SID=<SID>, NR=XX, MSHOST=<ABAP_Front-End_Message_Server_Host>, MSPORT=<ABAP_Front-End_Message_Server_Port>, SRCSRV=*:*, SRCURL=/sap/opu;/sap/public;/sap/bc, SSL_ENCRYPT=0

# Used for Multiple systems

wdisp/system_conflict_resolution = 1

# SAP Web Dispatcher Ports

icm/server_port_0 = PROT=HTTP, PORT=<Web_Dispatcher_HTTP_Port>

icm/HTTPS/verify_client = 0

Restart Web Dispatcher to make changes effective. It’s also mandatory that NO HTTPS port was defined in Backend system, and in SICF transaction, the Security Requirement of the /ushell service in the backend must be ‘Standard’.

Testing Fiori URL using web dispatcher with HTTP must work:


http://<Web_Dispatcher_Hostname>:<Web_Dispatcher_HTTP_Port>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html

HTTPS communication (recommended)

Configure sapwebdisp.pfl In this section, SAP Web Dispatcher configuration using HTTPS communication is explained. To enable HTTPS for Web Dispatcher, make sure that you have followed instructions from this document (check points 1 to 4 from “Configuring the SAP Web Dispatcher for SSL When the Connection is Terminated and SSL is Used”).

Add following profile parameters in the Web Dispatcher profile:

# SSL parameters

ssl/ssl_lib = <Location_of_SAP_Cryptographic_Library>

ssl/server_pse = <Location_of_SSL_server_PSE>

ssl/client_pse = < Location_of_SSL_client_PSE >

wdisp/ssl_encrypt = 1

wdisp/ssl_auth = 1

wdisp/add_client_protocol_header = 1

wdisp/ping_protocol = https

icm/HTTPS/verify_client = 1

# SAP Web Dispatcher Ports :

icm/server_port_0 = PROT=HTTPS,PORT=<Web_Dispatcher_HTTPS_Port>

# Backend System

wdisp/system_0 = SID=<SID>, NR=XX, MSHOST=<ABAP_Back-End_Message_Server_Host>, MSPORT=<ABAP_Back-End_Message_Server_Port>, SRCSRV=*:*, SRCURL=/sap/es/;/ENTERPRISE_SEARCH;<additional prefixes; read the SAP KBA 2626799>

wdisp/system_1 = SID=<SID>, NR=XX, MSHOST=<ABAP_Front-End_Message_Server_Host>, MSPORT=<ABAP_Front-End_Message_Server_Port>, SRCSRV=*:*, SRCURL=/sap/opu;/sap/public;/sap/bc

# Used for Multiple systems

wdisp/system_conflict_resolution = 1 

Restart Web Dispatcher to make changes effective. It’s also mandatory that HTTPS port was defined in Backend system, in SICF transaction, the Security Requirement of the /ushell service in the backend should be ‘Standard’:

and in “SICF > Error Pages > Configuration”, the Logon Protocol should be ‘Logon via HTTPS’:

Testing Fiori URL using web dispatcher with HTTP must work: https://<Web_Dispatcher_Hostname>:<Web_Dispatcher_HTTPS_Port>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html

Configuring WDP for Fiori s4HANA Applications

Below diagram is the sample Fiori s4HANA Architecture for ECC/Gateway using SAP Web Dispatcher as a proxy/Load balancer solution:

The previous configuration described for Fiori applications is valid for this case, but in addition you just need to add following web dispatcher parameters:

# Backend Systems

wdisp/system_2=SID=<HANA_SID>, EXTSRV=<HANA_XS_URL>, SRCSRV=*:<Web_Dispatcher_Port>, SRCURL=/sap/hba/;/sap/hana/;/sap/bi/;/sap/viz/;/sap/vi/;/sap/ui5

Restart Web Dispatcher to make changes effective. Testing Fiori URL using web dispatcher with HTTP must work for HTTP and HTTPS: http://<Web_Dispatcher_Hostname>:<Web_Dispatcher_HTTP_Port>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html https://<Web_Dispatcher_Hostname>:<Web_Dispatcher_HTTPS_Port>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html

Fiori Launchpad Logon Procedure

Requests with HTTPS client protocol should be able to Login successfully in this case.The Launchpad requires Logon via HTTPS by default (This is SAP recommendation). These are the possible Logon scenarios contemplated and the behavior expected:

  1. If no HTTPS port in the ICM of the Backend and Security Requirement of the /ushell service in the backend is ‘Standard’, you can Logon via HTTP protocol.
  2. If HTTPS port in ICM, and no client protocol, Fiori Launchpad switches the host from web dispatcher to backend and the protocol to the one expected (HTTPS in this case).
  3. If HTTPS port in ICM, and client protocol HTTP, Fiori Launchpad switches the host from web dispatcher to backend and the protocol to the one expected (HTTPS in this case).
  4. If HTTPS port in ICM, and client protocol HTTPS, should be able to Login successfully.

  • No labels