Show TOC

icm/HTTP/admin_<xx>Locate this document in the navigation structure

Use

With this parameter you can configure the Web-based administration interface.

You have to set the parameter if you want to monitor and administrate the ICM with the browser.

More Information: Using the Web Administration Interface

Prerequisites
  • To use the ICM administration functions you must have created an initial administration user for yourself in the browser.

  • The ICM has opened the port that you as the administrator want to set up.

Structure

Work area

Internet Communication Manager, SAP Web Dispatcher

Unit

Character string

Default value

icm/HTTP/admin_0 = PREFIX=/sap/admin, DOCROOT=$(DIR_ICMAN_ROOT)/admin, AUTHFILE=$(icm/authfile)

Dynamically changeable

No

Value Range and Syntax

The parameter has the following syntax:

icm/HTTP/admin_<xx> = PREFIX=<URL-Präfix>, DOCROOT=<Wurzelverzeichnis der Administrationsdateien> [, AUTHFILE=<Dateiname der Authentifizierungsdatei>, PORT=<TCP/IP-Port, auf dem Adminrequests akzeptiert werden>, HOST=<Rechnername oder IP-Adresse, auf dem Admin-Requests akzeptiert werden>, CLIENTHOST=<Rechnername oder IP Adresse, von dem Adminrequests akzeptiert werden>, ALLOWPUB=<Wahrheitswert> ]

The subparameters mean the following:

  • The <xx> index is a number without a leading 0.

  • PREFIX: URL prefix that is called for this HTTP subhandler. The same procedure is used as with the SAP Web Dispatcher.

  • DOCROOT: Root directory of the administration files.

  • AUTHFILE: File name of the authentication file, where the hash values of the passwords for admin users are stored. Default value: icmauth.txt If you do not have to authenticate the user (for instance, if the user has already been authenticated in the http_auth handler), you can you can specify AUTHFILE=none.

    Caution

    In the authorization file users and their group affiliation are in plain text, and the passwords are encrypted. Protect the file from undesired reading in accordance with your security standards.

  • PORT: Restricted to local TCP/IP ports where admin requests are accepted. In the standard system admin requests are accepted on all local TCP/IP ports.

    This port must be specified in the parameter icm/server_port_<xx>. The relevant protocol is used according to whether the port is HTTP or HTTPS.

    You can specify multiple ports, which are then separated with semicolons.

    Recommendation

    SAP recommends HTTPS, because otherwise the password of the admin user is transferred unencrypted.

    Note

    Note that you have to specify a port with PROT=HTTPS if you use HTTPS. You cannot use any port that is configured for end-to-end SSL (PROT=ROUTER).

  • HOST: Restricted to local host name or IP address where admin requests are accepted. You can specify hosts or IP addresses, which are then separated with semicolons. If localhost or 127.0.0.1 is specified here, only local users can use the Web-based interface. If nothing is specified, admin requests are accepted by all host names.

  • CLIENTHOST: Restricted to host or IP address where admin requests are accepted. You can specify hosts or IP addresses, which are then separated with semicolons. This can restrict administration to specific client hosts. If nothing is specified, admin requests are accepted by each host.

    Example

    Value icm/HTTP/admin_<xx> = PREFIX=/sap/admin, DOCROOT=./admin,PORT=1088;8855, HOST=ldp007;localhost, CLIENTHOST=localhost;p122271 has the effect that administration requests in a combination of HOST and PORT values are possible. The local host and another host p122271 are permitted as clients.

    For example, if

    icm/server_port_0 = PROT=HTTP, PORT=1088

    is set, from the local host you can use

    http://ldp007:1088/sap/admin

    to manage the Web Dispatcher or ICM.

  • ALLOWPUB: Specifies whether ICM or SAP Web Dispatcher is to provide public monitoring information. If ALLOWPUB=TRUE, in the path "public/index.html" read access to certain administration pages are allowed without having to log on (for example, "Monitor", "Active Services", "Core Thread Status", "Host Name Buffer", "Release Information", and "MPI Status"). Access to these pages without having to log on should be restricted. This can be done with subparameters HOST and CLIENTHOST. If ALLOWPUB=FALSE, access to administration pages without having to log on is fully deactviated.

Examples

Basic settings

If the parameter has the value

icm/HTTP/admin_<xx> = PREFIX=/sap/icm/admin, DOCROOT=./admin, PORT=8888

and port 8888 is defined as an HTTPS port in

icm/server_port_0 = PROT=HTTPS, PORT=8888, TIMEOUT=15

and the host name is saphost, the ICP files are located in the subdirectory admin in the executable directory. You can administrate the ICM from the browser by entering the URL

https://saphost:8888/sap/icm/admin

in every line.

Log on with the initial user that you created when setting up the Web Administration. See Creating Administration Users

Restrictions to Hosts and Ports

  • Value

    icm/HTTP/admin_<xx> = PREFIX=/sap/admin,DOCROOT= ./admin,PORT=1088;8855, HOST=localhost

    means that administration requests are possible in a combination of HOST and PORT values. Since only localhost is permitted for the host, only requests from clients on the local host are accepted.

    For example, if icm/server_port_0 = PROT=HTTP, PORT=1088 is set, you can manage the Web Dispatcher or ICM from the host by using http://localhost:1088/sap/admin.

  • Value

    Value icm/HTTP/admin_<xx> = PREFIX=/sap/admin, DOCROOT=./admin, PORT=1088, HOST=ldp007.internal.corp;localhost, CLIENTHOST=p122261;p122271;localhost has the effect that administration requests in a combination of HOST and PORT values are possible. Only the two hosts p122261 and p122271 are permitted as hosts.

    For example, if icm/server_port_0 = PROT=HTTP, PORT=1088 is set, you can manage the Web Dispatcher or ICM from the p122261 host with URL http://ldp007.internal.corp:1088/sap/admin.