Configuring SAP Web Dispatcher (Fact Sheets/SAP Fiori Search)

To facilitate communication between the browser and the different systems in the SAP Fiori system landscape, you must implement and configure SAP Web Dispatcher as an SSL client in the system landscape. By implementing SAP Web Dispatcher between the browser and the various servers in the system landscape, you can ensure requests are directed to the correct server.

As SAP Fiori apps access multiple back-end systems but JavaScript code is constrained by the Same Origin Policy, all systems are exposed to the browser thorough SAP Web Dispatcher (or another reverse proxy), which brings them into a common origin (combination of protocol, hostname, and port). In addition to solving the same origin problem, this enables you to control which services are effectively exposed to the client, reducing the system attack surface.

Prerequisites

You have implemented SAP Web Dispatcher and enabled it for multiple systems.
You have enabled single sign-on (SSO).

Procedure

Configure SAP Web Dispatcher to use HTTPS requests.
All communication to back-end systems should be handled using HTTPS requests and SAP Web Dispatcher itself should be called using only HTTPS.

To configure HTTPS settings, you can copy the following source code and adapt it to your business requirements:
Syntax
1. ```
ssl/ssl_lib = <sapcrypto dll> 
ssl/server_pse = <pse> 
icm/HTTPS/verify_client = 0 
ssl/client_pse = <pse> 
wdisp/ssl_encrypt = 1 
wdisp/ssl_auth = 2 
wdisp/ssl_cred = <pse> 
icm/HTTPS/forward_ccert_as_header = true
```
End of the code.

Configure SAP Web Dispatcher ports.

To configure the ports, you can copy the following source code and adapt it to your business requirements:

Syntax Syntax

icm/server_port_0 = PROT=HTTPS,PORT=443,TIMEOUT=120  

wdisp/system_conflict_resolution = 1 
wdisp/add_clientprotocol_header = 1 
wdisp/handle_webdisp_ap_header = 1 
wdisp/add_xforwardedfor_header = true

End of the code.

Define the routing rules to the required target system:

Recommendation
SAP recommends that only those requests corresponding to the services required for the applications that you want to use should be routed to the application servers.

End of the recommendation.

URL Prefix

Target System

/sap/bc

SAP NetWeaver Gateway

/sap/public

SAP NetWeaver Gateway

/sap/opu

SAP NetWeaver Gateway

/sap/es

Back-end server where Enterprise Search is installed

Note
For all routing rules, if you use a reverse proxy other than SAP Web Dispatcher, you must ensure it is configured to preserve the host name of the reverse proxy. If the reverse proxy overwrites or replaces the host name, responses from the various systems cannot be sent back to the reverse proxy. For this reason, SAP Web Dispatcher automatically preserves the host name; however, other reverse proxies may not do so.

End of the note.
1. Configure SAP Web Dispatcher for the SAP NetWeaver Gateway server.
  To configure the SAP Web Dispatcher for the SAP NetWeaver Gateway server, you can copy the following source code and adapt it to your business requirements:
  Syntax
  1. wdisp/system_0 = SID=<GW SID>, NR=<instnot>, MSHOST=<GW MSHOST>, MSPORT=<GW MSPORT>, SRCSRV=*:443, SRCURL=/sap/opu/odata/
  End of the code.
2. Configure SAP Web Dispatcher for the front-end server.
  To configure the SAP Web Dispatcher for the front-end server, you can copy the following source code and adapt it to your business requirements:
  Syntax
  1. wdisp/system_1 = SID=<FE SID>, NR=<instnot>, MSHOST=<FE MSHOST>, MSPORT=<FE MSPORT>, SRCSRV=*:443, SRCURL=/sap/public/bc/;/sap/bc/
  End of the code.
3. Configure SAP Web Dispatcher for the back-end server where the Enterprise Search is installed.
  To configure the SAP Web Dispatcher for the front-end server, you can copy the following source code and adapt it to your business requirements:
  Syntax
  1. wdisp/system_2=SID=<BE SID>, MSHOST=<BE MSHOST>, MSPORT=<BE MSPORT>, SRCSRV=*:443, SRCURL=/sap/es/
  End of the code.

URL Prefix	Target System
`/sap/bc`	SAP NetWeaver Gateway
`/sap/public`	SAP NetWeaver Gateway
`/sap/opu`	SAP NetWeaver Gateway
`/sap/es`	Back-end server where Enterprise Search is installed

More Information

For more information about SAP Web Dispatcher as an SSL client, see the following documentation:

For SAP NetWeaver 7.31, see SAP Help Portal at http://help.sap.com/nw731 Application Help Function-Oriented View Application Server Application Server Infrastructure SAP Web Dispatcher Architecture and Functions of the SAP Web Dispatcher SAP Web Dispatcher and SSL .
For SAP NetWeaver 7.40, see SAP Help Portal at http://help.sap.com/nw74 Application Help Function-Oriented View Application Server Application Server Infrastructure Components of SAP NetWeaver Application Server SAP Web Dispatcher Architecture and Functions of the SAP Web Dispatcher SAP Web Dispatcher and SSL .

For more information about modifying HTTP requests, see the following documentation:

For SAP NetWeaver 7.31, see SAP Help Portal at http://help.sap.com/nw731 Application Help Function-Oriented View Application Server Application Server Infrastructure SAP Web Dispatcher Administration of the SAP Web Dispatcher Modifications of HTTP Requests .
For SAP NetWeaver 7.40, see SAP Help Portal at http://help.sap.com/nw74 Application Help Function-Oriented View Application Server Application Server Infrastructure Components of SAP NetWeaver Application Server SAP Web Dispatcher Administration of the SAP Web Dispatcher Modification of HTTP Requests .