654982 - URL Requirements Due to Internet Standards
Click here to load reader
-
Upload
natasha-davis -
Category
Documents
-
view
216 -
download
0
Transcript of 654982 - URL Requirements Due to Internet Standards
![Page 1: 654982 - URL Requirements Due to Internet Standards](https://reader038.fdocuments.in/reader038/viewer/2022100423/577cc3d81a28aba711974ef0/html5/thumbnails/1.jpg)
8/10/2019 654982 - URL Requirements Due to Internet Standards
http://slidepdf.com/reader/full/654982-url-requirements-due-to-internet-standards 1/4
10/30/2014 654982 - URL requirements due to Internet standards
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwM Q==)/bc/bsp/sno/ui/main.do?param= 69765F6D6F64653D3030332669765F7361706E6F7465735F6B65793D…
SAP Note
654982 - URL requirements due to Internet standards
Version 10 Validity:08.12.2011 - active
Language English
Header Data
Released On 09.12.2011 15:10:23
Release Status Released for Customer
Component BC Basis Components
Other Components BC-BSP Business Server Pages
BC-JAS Java Application Server - Please use sub-components
BC-MID-ICF Internet Communication Framework
BC-NET Network Infrastructure
BC-WD Web Dynpro
EP-PIN SAP NetWeaver Portal
Priority Recommendations / Additional Info
Category Installation information
Symptom
1. Cookies (particularly: MYSAPSSO2) are not set(even though the server issues these and the browser accepts cookies. Filtering reverse proxieshave also been ruled out as the source of the error.).
2. https does not work.The browser reports the following error or warning (or similar): "Certificate name is invalid andis unsuitable for the server", or the ICM trace contains the following message, or similar:
MatchTargetName("<hostA.domain. tld>", "CN=<hostB.domain.tld>, OU=<...>, O=<...>, C=<...>")
Other Terms
Cookie, URL, URI, FQDN, SSL, X.509, Single Sign-On (SSO), icm/host_name_full
Reason and Prerequisites
These problems occur either because only the host name, but not the domain (=> FQDN, fully qualifieddomain name), is specified in the URL, or because the domain that you use does not satisfy therequirements of the cookie specification (for more information, see:http://web.archive.org/web/20070805052634/http://wp.netscape.com/newsref/std/cookie_spec.html).
Point 1:
To enable the browser to decide to which server a cookie may be sent, the URL must include the domainspecification since this information is used as a basis for the decision.The cookie specification intensifies this requirement by determining that
domains with the extension "com", "edu", "net", "org", "gov", "mil" or "int" must include at leastone additional domain component (usually the name of the company or organization), while
![Page 2: 654982 - URL Requirements Due to Internet Standards](https://reader038.fdocuments.in/reader038/viewer/2022100423/577cc3d81a28aba711974ef0/html5/thumbnails/2.jpg)
8/10/2019 654982 - URL Requirements Due to Internet Standards
http://slidepdf.com/reader/full/654982-url-requirements-due-to-internet-standards 2/4
10/30/2014 654982 - URL requirements due to Internet standards
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwM Q==)/bc/bsp/sno/ui/main.do?param= 69765F6D6F64653D3030332669765F7361706E6F7465735F6B65793D…
any domain with a different extension (including the national top-level domains in particular, forexample, "de", "uk", "fr", and so on) must consist of at least two additional domain parts.
For example:
http://www.sap.com/... - this is acceptable
http://www.sap.de/... - this is not acceptable
http://www.public.sap.de/... - this is acceptable
Comment:Some browsers (for example, Microsoft Internet Explorer) are less strict and also permit domains thatviolate the cookie specification rules listed above. To the best of our knowledge (for which we cannot beheld responsible), all domains whose penultimate domain components consists of at least three charactersseem to be generally accepted (because otherwise there would be problems, for example with all Britishdomains, due to insufficient restrictions on how cookies are sent):
http://www.sap.de - for MS IE: acceptable
http://www.xy.co.uk - acceptable (conforms to specifications)
http://www.xy.co.uk - acceptable (conforms to specifications)
http://www.co.uk - not acceptable (in accordance with the specifications)
Point 2:Along with encrypted data transfer, the use of SSL (=> https) is designed to ensure that the specifiedserver (for example, an enterprise or an organization) is authentic. SSL server certificates are used forthis purpose. The browser checks each https URL to see whether the complete host name contained in theURL corresponds to the relevant specification (=> Common Name, CN) of the checked SSL server certificateIf the browser detects a variance, it triggers a warning (or an error).
For example:The SSL server certificate was issued to "CN=tcs.mysap.com, OU=SAP Trust Community, O=SAP AG, L=Walldorf,C=DE". Then the following URLs are considered:
http://tcs.mysap.com/... - no SSL/https
https://tcs.mysap.com/... - this is acceptable
https://tcs01.mysap.com/... - Warning/error
In the case of an SSL server certificate that was issued to "CN=mysap.com, and so on", all of the URLsthat are mentioned above return an error.On the other hand, in the case of an SSL server certificate that was issued to "CN=*.mysap.com, ...", thetwo https URLs would work without errors. However, a Certification Authority (CA) usually sets up its ownrules for the parts of the certificates that it issues (and therefore authenticates). The use ofwildcards (*) in the common name is not usually permitted.
Comment:When you use SSL scheduling reverse proxies (before the Web server/SAP Web Application Server/SAP J2EEserver), you must make sure that the SSL server certificate of the reverse proxies corresponds to thehost name of the reverse proxies that is visible to the browser.General information about SSL and the SAP Web Application Server is available athttp://service.sap.com/security > Security in Detail > Infrastructure Security: "Network and TransportLayer Security" and http://service.sap.com/security > Security in Detail > Archive (Old Documents): "SAPWeb Application Server Security".
Solution
Use fully-specified host names (including the domain specification) in URLs and make sure that you onlyuse domains that conform to the rules defined in the cookie specification.
Validity
![Page 3: 654982 - URL Requirements Due to Internet Standards](https://reader038.fdocuments.in/reader038/viewer/2022100423/577cc3d81a28aba711974ef0/html5/thumbnails/3.jpg)
8/10/2019 654982 - URL Requirements Due to Internet Standards
http://slidepdf.com/reader/full/654982-url-requirements-due-to-internet-standards 3/4
10/30/2014 654982 - URL requirements due to Internet standards
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwM Q==)/bc/bsp/sno/ui/main.do?param= 69765F6D6F64653D3030332669765F7361706E6F7465735F6B65793D…
This document is not restricted to a software component or software component version
References
This document refers to:
SAP Notes1257108 Collective Note: Analyzing issues with Single Sign On (SSO)
1009930 (Display) problems in View Designer when loading view
945516 Web Dynpro ABAP in a portal environment
888362 Helpful technical hints for installing and maintaining MIC
830830 Inf. broadcasting: Typical problems with folder selection
817529 Checking the SSO configuration
805344 How URLs are generated automatically in BW
763427 Error message for domain name with underscore
701205 Single Sign-On using SAP Logon Tickets
677118 SP31-> Fully Qualified Domain Names Check
632440 Domain barrier in the browser of the SAP Enterprise Portal
612670 SSO for local BSP calls using SAP GUI HTML Control
611361 Hostnames of SAP servers
585042 Reduction of the data transfer Web middleware/browser
517860 Logging on to BSP applications
356691 Problem analysis: SAP logon ticket with Workplace SSO
This document is referenced by:
SAP Notes (17)
677118 SP31-> Fully Qualified Domain Names Check
1009930 (Display) problems in View Designer when loading view
632440 Domain barrier in the browser of the SAP Enterprise Portal
612670 SSO for local BSP calls using SAP GUI HTML Control
611361 Hostnames of SAP servers
517860 Logging on to BSP applications
585042 Reduction of the data transfer Web middleware/browser
830830 Inf. broadcasting: Typical problems with folder selection1257108 Collective Note: Analyzing issues with Single Sign On (SSO)
888362 Helpful technical hints for installing and maintaining MIC
805344 How URLs are generated automatically in BW
356691 Problem analysis: SAP logon ticket with Workplace SSO
701205 Single Sign-On using SAP Logon Tickets
654326 Domain restrictions in a portal environment
817529 Checking the SSO configuration
945516 Web Dynpro ABAP in a portal environment
763427 Error message for domain name with underscore
![Page 4: 654982 - URL Requirements Due to Internet Standards](https://reader038.fdocuments.in/reader038/viewer/2022100423/577cc3d81a28aba711974ef0/html5/thumbnails/4.jpg)
8/10/2019 654982 - URL Requirements Due to Internet Standards
http://slidepdf.com/reader/full/654982-url-requirements-due-to-internet-standards 4/4
10/30/2014 654982 - URL requirements due to Internet standards
https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwM Q==)/bc/bsp/sno/ui/main.do?param= 69765F6D6F64653D3030332669765F7361706E6F7465735F6B65793D…
Attachments
File Name File Size (KB) Mime Type
Netscape_Cookie_Specification.pdf 19 application/pdf