Installing the IisProxy Module 

Use

When you use the Microsoft IIS as a Web server in front of SAP Web Application Server Java, you need to install the IIS proxy module provided by SAP to establish the connection from the IIS to the J2EE Engine. You also need to configure the IIS proxy module for the portal and for integrated Windows authentication.

Prerequisites

You must use IisProxy module 1.5.0.0 or higher.

For security reasons, we strongly recommend that you use IisProxy module 1.6.1.0 or higher. As of version 1.6.1.0, the IisProxy module does not forward the REMOTE_USER header variable directly from the client to the server.

Procedure

...

       1.      Download the newest version of the IisProxy module.

You can download the newest version of the IisProxy module from SAP Service Marketplace at service.sap.com/patches. On the Home tab page, choose SAP Software Distribution Center ® SAP Support Packages and Patches ®Search for Support Packages and Packages and enter iisproxy as search term.

       2.      To unpack the SAR archive file, open a command prompt in the directory containing the downloaded file and enter sapcar.exe –xvf <archivename>. See also SAP Note 212876.

sapcar.exe –xvf IISPROXY16_0-10001433.SAR

       3.      Install the IisProxy module as described under Installing the IisProxy Module.

       4.      In addition to the steps in the section Installing the IisProxy Module, perform the following steps:

                            a.      In the step where you edit the IisProxy.xml file, add mapping elements for all portal URI patterns that the IisProxy module is to forward. Normally these are URIs that include /irj/ or /webdynpro/ or /logon/.

The following is an excerpt from an IisProxy.xml file with mapping elements for /irj/, /webdynpro/, and /logon/. In this example all URIs are forwarded to https://myportal.mycompany.com:50001. Each mapping element includes the tag <protocol-header>ClientProtocol</protocol-header>. This specifies the name of the header that is used to inform the target about the protocol used between the client and IIS and is important in a scenario where the client and IIS communicate using HTTP, and the IIS and J2EE Engine communicate using HTTPS.

<mapping name="irj">         <source>             <protocol>http</protocol>             <prefix>/irj/</prefix>         </source>         <target>             <protocol>https</protocol>             <host>myportal.mycompany.com</host>             <port>50001</port>         </target>         <protocol-header>ClientProtocol</protocol-header>         ...     </mapping>     <mapping name="webdynpro">         <source>             <protocol>http</protocol>             <prefix>/webdynpro/</prefix>         </source>         <target>             <protocol>https</protocol>             <host>myportal.mycompany.com</host>             <port>50001</port>         </target>         <protocol-header>ClientProtocol</protocol-header>         ...     </mapping>     <mapping name="logon">         <source>             <protocol>http</protocol>             <prefix>/logon/</prefix>         </source>         <target>             <protocol>https</protocol>             <host>myportal.mycompany.com</host>             <port>50001</port>         </target>         <protocol-header>ClientProtocol</protocol-header>         ...     </mapping>

                            b.      Set the attribute authentication to forward in the filter element of the iisproxy.xml.

The filter tag line should then be as follows :

<filter name="IisProxy filter" authentication="forward" />

See also SAP Note 706968.

For more information on the elements of the IisProxy.xml file, see Configuration for the IisProxy Module: IisProxy.dtd.