Showing results for 
Search instead for 
Did you mean: 

SSO to ITS through WebSEAL gives secure/non-secure messages

Former Member
0 Kudos


We running the following setup:

EP6 SP14

Stand-alone ITS 6.20 patch 18

4.7 R/3 Enterprise


We are running SSO through WebSEAL to the portal and everything seems to be working just fine.

But when we try to access a transactional iView or an IAC iView running on the ITS server I get a pop-up message saying "This page contains both secure and nonsecure items."

We are accessing WebSEAL through HTTPS, we are running HTTPS between WebSEAL and the portal and HTTP between WebSEAL and ITS.

I have tried to access the ITS through WebSEAL without using the portal, and I still get the message. So it must be something between the WebSEAL and the ITS server.

Does anybody have any ideas what is causing this?


Jacob Vennervald

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Jacob,

We are implementing pretty much the same infrastructure and have encountered the same problem. I thought it might be because for our system definition in Portal we had not yet set the ITS protocol to 'https' (it was set to http), but that didn't seem to solve the problem. Have you tried this, or solved the problem some other way?


John Moy

Former Member
0 Kudos

The "secure and non-secure" message, displayed when accessing ITS through WebSEAL when using IE and HTTPS, is caused by an empty source reference (<IFRAME ... SRC="" ...>) within the ITS menu page (...d_menu.html).

The integration guide, available on the <a href="">IBM website</a> and the <a href="">SAP SDN</a>, contains the information on how to stop the message from appearing.

The message should not be displayed when accessing ITS through WebSEAL using HTTP.


Peter Tuton.

Former Member
0 Kudos

Hi John

I ended up solving this myself.

The problem is, that the ITS server sends some "about:blank" pages which are not https and therefore generates a warning

message in your browser.

I solved it by copying spacer.gif from

<INET ROOT>\<ITS INSTANCE>\sap\its\mimes\system


<INET ROOT>\<ITS INSTANCE>\sap\its\mimes\system\99\image

After this you do the following changes in login.html and framesetstart.html:

Change the line

termframeurl = "about:blank";


termframeurl = mimeURL(~service="system", ~language="", ~theme="99", ~name="image/spacer.gif");

Hope this helps.


Jacob Vennervald

Answers (0)