The graphic below shows the steps involved in processing a request in the SAP Web dispatcher and in the ICM.
The SAP Web dispatcher/ICM checks whether the URL prefix of the administration prefix is (for example, /sap/wdisp/admin/). If the URL of the request does not match this prefix, it carries out the “normal” tasks (Web Dispatcher: HTTP load balancing or, if stateful, forwards request to former processor; ICM: ABAP/Java check, forwards request to the work process (ABAP) or to the J2EE server).
For each Web admin request the SAP Web dispatcher/ICM checks whether the user has administration authorization. The authorizations are stored in a file (usually icmauth.txt (as hash values), which is located in the work directory (like the executables). This file nevertheless should only be readable for the user under which the Web dispatcher is running. The file contains in one line the name of the user, the hash value of the password, the user group, and if applicable, the subject of the client certificate.
# Authentication file for ICM and SAP Web Dispatcher
There are monitoring users and administration users. Administration users must be in group admin, users of other groups are monitoring users only. Monitoring users can only use the Web administration interface to display only, whereas administration users can also make changes.
You can create and maintain the authorization file with the program wdispmon or icmon or with the Web administration interface.
If the user has administration or monitoring authorization, the request is passed to the Internet Communication Pages (ICP) Engine for generating a response. Either the request links to a static object (image, CSS) in the file system or to an ICP control file in the file system for dynamic contents (with the file suffix .icp). To generate dynamic page contents the ICP engine can access the kernel of the Web dispatcher/ICM to retrieve or change information.
Do not make any changes to the ICP control files in the file system.
Manual changes to these files can compromise the secure operation of the ICM / Web Dispatcher.