To facilitate communication between the browser and the different systems in the SAP Fiori system landscape, you must implement and configure SAP Web Dispatcher as an SSL client in the system landscape. By implementing SAP Web Dispatcher between the browser and the various servers in the system landscape, you can ensure requests are directed to the correct server.
As SAP Fiori apps access multiple back-end systems but JavaScript code is constrained by the Same Origin Policy, all systems are exposed to the browser thorough SAP Web Dispatcher (or another reverse proxy), which brings them into a common origin (combination of protocol, hostname, and port). In addition to solving the same origin problem, this enables you to control which services are effectively exposed to the client, reducing the system attack surface.
You have implemented SAP Web Dispatcher and enabled it for multiple systems.
You have enabled single sign-on (SSO).
Configure SAP Web Dispatcher to use HTTPS requests.
All communication to back-end systems should be handled using HTTPS requests and SAP Web Dispatcher itself should be called using only HTTPS.
To configure HTTPS settings, you can copy the following source code and adapt it to your business requirements:
Syntax
ssl/ssl_lib = <sapcrypto dll> ssl/server_pse = <pse> icm/HTTPS/verify_client = 0 ssl/client_pse = <pse> wdisp/ssl_encrypt = 1 wdisp/ssl_auth = 2 wdisp/ssl_cred = <pse> icm/HTTPS/forward_ccert_as_header = true
Configure SAP Web Dispatcher ports.
To configure the ports, you can copy the following source code and adapt it to your business requirements:
Syntax
icm/server_port_0 = PROT=HTTPS,PORT=443,TIMEOUT=120 wdisp/system_conflict_resolution = 1 wdisp/add_clientprotocol_header = 1 wdisp/handle_webdisp_ap_header = 1 wdisp/add_xforwardedfor_header = true
Define the routing rules to the required target system:
Recommendation
SAP recommends that only those requests corresponding to the services required for the applications that you want to use should be routed to the application servers.
URL Prefix | Target System |
---|---|
/sap/bc | SAP NetWeaver Gateway |
/sap/public | SAP NetWeaver Gateway |
/sap/opu | SAP NetWeaver Gateway |
/sap/es | Back-end server where Enterprise Search is installed |
Note
For all routing rules, if you use a reverse proxy other than SAP Web Dispatcher, you must ensure it is configured to preserve the host name of the reverse proxy. If the reverse proxy overwrites or replaces the host name, responses from the various systems cannot be sent back to the reverse proxy. For this reason, SAP Web Dispatcher automatically preserves the host name; however, other reverse proxies may not do so.
Configure SAP Web Dispatcher for the SAP NetWeaver Gateway server.
To configure the SAP Web Dispatcher for the SAP NetWeaver Gateway server, you can copy the following source code and adapt it to your business requirements:
Syntax
wdisp/system_0 = SID=<GW SID>, NR=<instnot>, MSHOST=<GW MSHOST>, MSPORT=<GW MSPORT>, SRCSRV=*:443, SRCURL=/sap/opu/odata/
Configure SAP Web Dispatcher for the front-end server.
To configure the SAP Web Dispatcher for the front-end server, you can copy the following source code and adapt it to your business requirements:
Syntax
wdisp/system_1 = SID=<FE SID>, NR=<instnot>, MSHOST=<FE MSHOST>, MSPORT=<FE MSPORT>, SRCSRV=*:443, SRCURL=/sap/public/bc/;/sap/bc/
Configure SAP Web Dispatcher for the back-end server where the Enterprise Search is installed.
To configure the SAP Web Dispatcher for the front-end server, you can copy the following source code and adapt it to your business requirements:
Syntax
wdisp/system_2=SID=<BE SID>, MSHOST=<BE MSHOST>, MSPORT=<BE MSPORT>, SRCSRV=*:443, SRCURL=/sap/es/
For more information about SAP Web Dispatcher as an SSL client, see the following documentation:
For SAP NetWeaver 7.31, see SAP Help Portal at
.For SAP NetWeaver 7.40, see SAP Help Portal at
.For more information about modifying HTTP requests, see the following documentation:
For SAP NetWeaver 7.31, see SAP Help Portal at
.For SAP NetWeaver 7.40, see SAP Help Portal at
.