No persistent session handling between iChain and SAP Netwaever

  • 3352878
  • 16-Jan-2008
  • 26-Apr-2012

Environment

Novell iChain 2.3 Support Pack 5
SAP ERP 2005 ECC6 with Integrated ITS, Basis 7.00
SAP ERP 2005 ECC6 with Integrated ITS, Basis 7.00 Service Pack Version 9
Windows Server 2003 Enterprise x64 edition with Service Pack 1

Situation

SAP NetWaever portal server does not maintain persistent TCP sessions as requested by iChain. Instead of running subsequent HTTP requests over the same TCP session the SAP server closes the TCP session down after the request web object has been delivered to the requesting client (iChain). This behavior causes extra traffic and and processing on iChain and the SAP Portal server.

The Novell iChain proxy server has been configured for:
  • "Enable persistent connections to browser" has been enabled (default)
  • "Enable persistent connections to origin server" has been enabled (default
  • set accelerator [SAP portal accelerator name] forcehttp10toorigin = NO has been set to make sure HTTP1.1 will be used. Note: If a given browser client generating a request to an iChain accelerator has been configured to make use of HTTP 1.0 iChain will use as well HTTP 1.0 to communicate with the origin web server
  • Secure Exchange has been enabled between the browser client and iChain proxy server
Using a direct browser client connection with the SAP portal server handles persistent connections as request.

Resolution

SAP provided a fix which can be referenced under SAP note 1123915 on 21/12/07 (kernel patch 140)

Additional Information

Troubleshooting:

In order to troubleshoot this issue it was required to track a given user session at both sides (public, private) on the iChain proxy using LAN traces. Therefore it is helpful to turn on "Forward browser IP address in Request Header [X-Forwarded-FOR" and Forward iChain cookie to web server on the SAP accelerator. This trace has been compare with a trace taken from a direct browser to SAP server connection. SSL has been turned off in all cases.

Backround:

A peristent connection will be initiated by a given user agent (browser client, proxy...) using the HTTP "Connection: keep-alive" header. iChain used this "Connection: keep-alive" header on all outgoing requests initiated to the SAP server (for further details on HTTP persistent connection handling use RFC2616.

iChain requests a persistent connection and chunked encoding in one header line using a separator and closing it with e CRLF.
Example:"Connection: keep-alive, TE".

Based on the following definitions from RFC2616 this construct is valid:

- Connection = "connection"":" 1#(connection-token)
- connection-token = token
- token = 1*
- separators = "(" | ")" | "<" |">" | "@"| "," | ";" | ":" | "\" | <">|..........."

The SAP server does not accept this construct and therefore does not honor the connection keep-alive request


Feedback service temporarily unavailable. For content questions or problems, please contact Support.