on 2016 Mar 14 5:42 AM
I’m trying to use the OTP Login Module. Strangely whenever I’m calling the admin web-module with the URL http://java-as:port/otpadmin it redirects to the otp user interface (http://java-as:port /webdynpro/resources/sap.com/sso~otp~wd/OTP#). Tracing didn’t give me any further clue. Why is this happening? Any idea is highly appreciated.
I figured out that it’s possible to call the web-module directly (http://java-as ort/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication). So it seems that just the alias is broken. But I still have no idea why and how to fix the alias mapping.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Tim,
did you solved your issue? We are facing the same in Release 7.5 SPS3 (after a Upgrade of 7.4 SPS8). Redeploy of SCA File did not help.
regards,
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Michael,
unfortunately we didn't solve it. We just gave up and calling the admin / user interface directly. You can reach the admin interface with the following URL:
http://java-as:port/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication
Hi Tim,
Which version of the SSOAUTHLIB component have you deployed? Have you upgraded it recently from a previous version? If yes it might be that there is some cache in the browser or in ICM. Can you try to clean up the cache in the browser and check if you would be properly redirected?
Regards,
Dimitar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Dimitar thanks for replying,
yes the problem accrued after the update from the previous version. We tried in on a couple of browsers on different clients and cleared the caches already. We also restarted the underlining system but nothing changed.
The current version of SSOAUTHLIB is 1000.2.O.6.2.20151127024700.
Hi Tim,
Can you please check what is the content of "index.jsp" located in folder "\usr\sap\<SID>\J<INSTANCE>\j2ee\cluster\apps\sap.com\sso~otp~ear\servlet_jsp\otpadmin\root". It should contain the following line of code:
String newURL = "/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication";
If it is different then the new version of SSOAUTHLIB was not deployed correctly. If the JSP page contains the line above then the JSP is not recompiled correctly. You may verify if the latest assumption is correct by checking the generated Java file located in folder "\usr\sap\<SID>\J<INSTANCE>\j2ee\cluster\apps\sap.com\sso~otp~ear\servlet_jsp\otpadmin\work".
Let me know which of the above two options is true on your system and I will think about next steps how to resolve the issue.
Regards,
Dimitar
Hi Tim,
Then I would propose to check if the request reaches the server node (Java process). This could be done by collecting traces with the security troubleshooting wizard - see Collecting Traces for Troubleshooting Security Problems - System Security - SAP Library. You may select incident type "Authentication", start the tool, access /otpadmin alias, stop the tool. In the generated traces you should see records like this if the request has reached the server:
CLIENT: 9842 [a.b.c.d : 55187], REQUEST:
GET /otpadmin HTTP/1.1
accept: text/html, application/xhtml+xml, */*
accept-language: en-US,en;q=0.7,bg;q=0.3
user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
host: otp.acme.com
dnt: 1
connection: Keep-Alive
CLIENT: 9842 [a.b.c.d : 55187], REPLY:
HTTP/1.1 302 Found
Location: https://otp.acme.com/otpadmin/
Server: SAP NetWeaver Application Server 7.20 / AS Java 7.31
Content-Length: 0
Date: Wed, 16 Mar 2016 12:57:13 GMT
CLIENT: 9843 [a.b.c.d : 55187], REQUEST:
GET /otpadmin/ HTTP/1.1
accept: text/html, application/xhtml+xml, */*
accept-language: en-US,en;q=0.7,bg;q=0.3
user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
host: otp.acme.com
connection: Keep-Alive
dnt: 1
CLIENT: 9843 [a.b.c.d : 55187], REPLY:
HTTP/1.1 302 Found
Location: https://otp.acme.com/otpadmin/index.jsp
Server: SAP NetWeaver Application Server 7.20 / AS Java 7.31
Content-Length: 0
Date: Wed, 16 Mar 2016 12:57:13 GMT
CLIENT: 9844 [a.b.c.d : 55187], REQUEST:
GET /otpadmin/index.jsp HTTP/1.1
accept: text/html, application/xhtml+xml, */*
accept-language: en-US,en;q=0.7,bg;q=0.3
user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
host: otp.acme.com
connection: Keep-Alive
dnt: 1
CLIENT: 9844 [a.b.c.d : 55187], REPLY:
HTTP/1.1 302 Found
Server: SAP NetWeaver Application Server 7.20 / AS Java 7.31
Content-Type: text/html;charset=UTF-8
Location: https://otp.acme.com:443/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication
Content-Encoding: gzip
Content-Length: 727
Date: Wed, 16 Mar 2016 12:57:13 GMT
CLIENT: 9845 [a.b.c.d : 55187], REQUEST:
GET /webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication HTTP/1.1
accept: text/html, application/xhtml+xml, */*
accept-language: en-US,en;q=0.7,bg;q=0.3
user-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
host: otp.acme.com
connection: Keep-Alive
dnt: 1
Sorry, could have uploaded the Trace already at the beginning. Despite the fact that it calls the wrong application it looks quite good for me:
GET /otpadmin HTTP/1.1
host: XXXXXXXX:00000
connection: keep-alive
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36
accept-encoding: gzip, deflate, sdch
accept-language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
14:55:56:457 REPLY:
HTTP/1.1 302 Found
Location: XXXXXXXX:00000/otpadmin/
Server: SAP NetWeaver Application Server 7.45 / AS Java 7.50
Content-Length: 0
Date: Wed, 16 Mar 2016 13:55:56 GMT
14:55:56:488 REQUEST:
GET /otpadmin/ HTTP/1.1
host: XXXXXXXX:00000
connection: keep-alive
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
upgrade-insecure-requests: 1
accept-encoding: gzip, deflate, sdch
accept-language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
14:55:56:489 REPLY:
HTTP/1.1 302 Found
Location: XXXXXXXX:00000/otpadmin/index.jsp
Server: SAP NetWeaver Application Server 7.45 / AS Java 7.50
Content-Length: 0
Date: Wed, 16 Mar 2016 13:55:56 GMT
14:55:56:520 REQUEST:
GET /otpadmin/index.jsp HTTP/1.1
host: XXXXXXXX:00000
connection: keep-alive
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
upgrade-insecure-requests: 1
accept-encoding: gzip, deflate, sdch
accept-language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
14:55:56:522 REPLY:
HTTP/1.1 302 Found
14:55:56:522 REPLY:
Server: SAP NetWeaver Application Server 7.45 / AS Java 7.50
Content-Type: text/html;charset=UTF-8
Location: XXXXXXXX:00000/webdynpro/resources/sap.com/sso~otp~wd/OTP
Content-Encoding: gzip
Content-Length: 722
Date: Wed, 16 Mar 2016 13:55:56 GMT
14:55:56:554 REQUEST:
GET /webdynpro/resources/sap.com/sso~otp~wd/OTP HTTP/1.1
host: XXXXXXXX:00000
connection: keep-alive
Hi Tim,
It seems that although the new JSP page is deployed it is not re-compiled correctly because the redirect is to the old application:
Location: XXXXXXXX:00000/webdynpro/resources/sap.com/sso~otp~wd/OTP
...
GET /webdynpro/resources/sap.com/sso~otp~wd/OTP HTTP/1.1
In my case it is:
Location:https://otp.acme.com:443/webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication
...
GET /webdynpro/resources/sap.com/sso~otp~adm~wd/AdminApplication HTTP/1.1
Unfortunately I do not know how to further troubleshoot this issue and will recommend to open a support ticket in component BC-JAS-WEB.
Another option would be to re-deploy the SSOAUTHLIB via telnet using option "version_rule=all". Although I do not know if this will help to properly recompile the JSP.
Regards,
Dimitar
User | Count |
---|---|
68 | |
8 | |
8 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.