cancel
Showing results for 
Search instead for 
Did you mean: 

otpadmin redirects to otp

Former Member
0 Kudos
181

I’m trying to use the OTP Login Module. Strangely whenever I’m calling the admin web-module with the URL http://java-as:port/otpadmin it redirects to the otp user interface (http://java-as:port /webdynpro/resources/sap.com/sso~otp~wd/OTP#). Tracing didn’t give me any further clue. Why is this happening? Any idea is highly appreciated.

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

I figured out that it’s possible to call the web-module directly (http://java-as ort/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication). So it seems that just the alias is broken. But I still have no idea why and how to fix the alias mapping.

Answers (2)

Answers (2)

Former Member
0 Kudos

Hello Tim,

did you solved your issue? We are facing the same in Release 7.5 SPS3 (after a Upgrade of 7.4 SPS8). Redeploy of SCA File did not help.

regards,

Michael

Former Member
0 Kudos

Hi Michael,

unfortunately we didn't solve it. We just gave up and calling the admin / user interface directly. You can reach the admin interface with the following URL:

http://java-as:port/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication

former_member182254
Active Participant
0 Kudos

Hi Tim,

Which version of the SSOAUTHLIB component have you deployed? Have you upgraded it recently from a previous version? If yes it might be that there is some cache in the browser or in ICM. Can you try to clean up the cache in the browser and check if you would be properly redirected?

Regards,

Dimitar

Former Member
0 Kudos

Hi Dimitar thanks for replying,

yes the problem accrued after the update from the previous version. We tried in on a couple of browsers on different clients and cleared the caches already. We also restarted the underlining system but nothing changed.

The current version of SSOAUTHLIB is 1000.2.O.6.2.20151127024700.

former_member182254
Active Participant
0 Kudos

Hi Tim,

Can you please check what is the content of "index.jsp" located in folder "\usr\sap\<SID>\J<INSTANCE>\j2ee\cluster\apps\sap.com\sso~otp~ear\servlet_jsp\otpadmin\root". It should contain the following line of code:

  String newURL = "/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication";

If it is different then the new version of SSOAUTHLIB was not deployed correctly. If the JSP page contains the line above then the JSP is not recompiled correctly. You may verify if the latest assumption is correct by checking the generated Java file located in folder "\usr\sap\<SID>\J<INSTANCE>\j2ee\cluster\apps\sap.com\sso~otp~ear\servlet_jsp\otpadmin\work".

Let me know which of the above two options is true on your system and I will think about next steps how to resolve the issue.

Regards,

Dimitar

Former Member
0 Kudos

Hi Dimitar,

yes the file does contain this  string.

The java file also seems pretty valid for me. At least it contains the string too.:

String newURL = "/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication";

The corresponding .class file exists too.

former_member182254
Active Participant
0 Kudos

Hi Tim,


Do you have some reverse proxy in front of the system which could eventually cache the content of the page? When you have restart the system have you restarted the ICM process as well?

Regards,

Dimitar

Former Member
0 Kudos

Hi Dimitar,

there is no reverse proxy. To be sure I restarted the icm processes just now with jsmon. Nothing changed.

former_member182254
Active Participant
0 Kudos

Hi Tim,

Then I would propose to check if the request reaches the server node (Java process). This could be done by collecting traces with the security troubleshooting wizard - see Collecting Traces for Troubleshooting Security Problems - System Security - SAP Library. You may select incident type "Authentication", start the tool, access /otpadmin alias, stop the tool. In the generated traces you should see records like this if the request has reached the server:

CLIENT: 9842 [a.b.c.d : 55187], REQUEST:

GET /otpadmin HTTP/1.1

accept: text/html, application/xhtml+xml, */*

accept-language: en-US,en;q=0.7,bg;q=0.3

user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko

accept-encoding: gzip, deflate

host: otp.acme.com

dnt: 1

connection: Keep-Alive

CLIENT: 9842 [a.b.c.d : 55187], REPLY:

HTTP/1.1 302 Found

Location: https://otp.acme.com/otpadmin/

Server: SAP NetWeaver Application Server 7.20 / AS Java 7.31

Content-Length: 0

Date: Wed, 16 Mar 2016 12:57:13 GMT

CLIENT: 9843 [a.b.c.d : 55187], REQUEST:

GET /otpadmin/ HTTP/1.1

accept: text/html, application/xhtml+xml, */*

accept-language: en-US,en;q=0.7,bg;q=0.3

user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko

accept-encoding: gzip, deflate

host: otp.acme.com

connection: Keep-Alive

dnt: 1

CLIENT: 9843 [a.b.c.d : 55187], REPLY:

HTTP/1.1 302 Found

Location: https://otp.acme.com/otpadmin/index.jsp

Server: SAP NetWeaver Application Server 7.20 / AS Java 7.31

Content-Length: 0

Date: Wed, 16 Mar 2016 12:57:13 GMT

CLIENT: 9844 [a.b.c.d : 55187], REQUEST:

GET /otpadmin/index.jsp HTTP/1.1

accept: text/html, application/xhtml+xml, */*

accept-language: en-US,en;q=0.7,bg;q=0.3

user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko

accept-encoding: gzip, deflate

host: otp.acme.com

connection: Keep-Alive

dnt: 1

CLIENT: 9844 [a.b.c.d : 55187], REPLY:

HTTP/1.1 302 Found

Server: SAP NetWeaver Application Server 7.20 / AS Java 7.31

Content-Type: text/html;charset=UTF-8

Location: https://otp.acme.com:443/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication

Content-Encoding: gzip

Content-Length: 727

Date: Wed, 16 Mar 2016 12:57:13 GMT

CLIENT: 9845 [a.b.c.d : 55187], REQUEST:

GET /webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication HTTP/1.1

accept: text/html, application/xhtml+xml, */*

accept-language: en-US,en;q=0.7,bg;q=0.3

user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko

accept-encoding: gzip, deflate

host: otp.acme.com

connection: Keep-Alive

dnt: 1

Former Member
0 Kudos

Sorry, could have uploaded the Trace already at the beginning. Despite the fact that it calls the wrong application it looks quite good for me:


GET /otpadmin HTTP/1.1

host: XXXXXXXX:00000

connection: keep-alive

accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

upgrade-insecure-requests: 1

user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

accept-encoding: gzip, deflate, sdch

accept-language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

14:55:56:457 REPLY:

HTTP/1.1 302 Found

Location: XXXXXXXX:00000/otpadmin/

Server: SAP NetWeaver Application Server 7.45 / AS Java 7.50

Content-Length: 0

Date: Wed, 16 Mar 2016 13:55:56 GMT

14:55:56:488    REQUEST:

GET /otpadmin/ HTTP/1.1

host: XXXXXXXX:00000

connection: keep-alive

accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

upgrade-insecure-requests: 1

accept-encoding: gzip, deflate, sdch

accept-language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

14:55:56:489 REPLY:

HTTP/1.1 302 Found

Location: XXXXXXXX:00000/otpadmin/index.jsp

Server: SAP NetWeaver Application Server 7.45 / AS Java 7.50

Content-Length: 0

Date: Wed, 16 Mar 2016 13:55:56 GMT

14:55:56:520 REQUEST:

GET /otpadmin/index.jsp HTTP/1.1

host: XXXXXXXX:00000

connection: keep-alive

accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

upgrade-insecure-requests: 1

accept-encoding: gzip, deflate, sdch

accept-language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

14:55:56:522 REPLY:

HTTP/1.1 302 Found

14:55:56:522 REPLY:

Server: SAP NetWeaver Application Server 7.45 / AS Java 7.50

Content-Type: text/html;charset=UTF-8

Location: XXXXXXXX:00000/webdynpro/resources/sap.com/sso~otp~wd/OTP

Content-Encoding: gzip

Content-Length: 722

Date: Wed, 16 Mar 2016 13:55:56 GMT

14:55:56:554    REQUEST:

GET /webdynpro/resources/sap.com/sso~otp~wd/OTP HTTP/1.1

host: XXXXXXXX:00000

connection: keep-alive

former_member182254
Active Participant
0 Kudos

Hi Tim,

It seems that although the new JSP page is deployed it is not re-compiled correctly because the redirect is to the old application:

Location: XXXXXXXX:00000/webdynpro/resources/sap.com/sso~otp~wd/OTP

...

GET /webdynpro/resources/sap.com/sso~otp~wd/OTP HTTP/1.1


In my case it is:

Location:https://otp.acme.com:443/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication

...

GET /webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication HTTP/1.1

Unfortunately I do not know how to further troubleshoot this issue and will recommend to open a support ticket in component BC-JAS-WEB.

Another option would be to re-deploy the SSOAUTHLIB via telnet using option "version_rule=all". Although I do not know if this will help to properly recompile the JSP.

Regards,

Dimitar