Security popups or network errors on accessing UWL through a load balancer or reverse proxy
I’ve lately seen different kind of problems happening with the usage of UWL in distributed environments.
Generally, to gain scale a SAP Portal environment is put behind different layers of reverse proxies and/or load balancers. This happens due to business or infrastructure needs of different nature. We can have something like the following:
The point is that generally when using the portal in such an environment, different kind of problems may arise which are not actually bugs with the SAP Portal, but rather consequences of such an environment like the one described above.
Speaking about UWL, the UWL iView in the portal is a special type of iView which uses SAP_LocalSystem as the system alias. According to below KBA, since the UWL uses SAP_LocalSystem then the Portal System Landscape constructs the hostname and port in the URL by itself, when loading the UWL.
Please keep that in mind, as different kind of problems can arise if you do not proceed with the configuration per the below KBA:
1739698 – Security warning for mixed secure and non-secure content when accessing the UWL
Notice that KBA 1739698 is mainly targeted for Security Warnings, but the same kind of problem can happen in the form of “Page not found“. In such a case, when analyzing through HTTP traces, you can see that at the time of the call to the UWL application the hostname and port used are the ones from the internal NetWeaver server instead of the load balancer/reverse proxy.
As mentioned on SAP KBA 1643446 to which KBA 1739698 refers as the solution:
If you access the portal, or any other application residing on the AS Java, behind an intermediate component such as a load balancer or reverse proxy, and you terminate the SSL traffic at the intermediate component, you need to configure the AS Java HTTP Provider service to allow absolute URL references to be adjusted accordingly to use HTTPS instead of HTTP (additionally the external hostname may need to be used instead of the portal internal hostname).
Hope this can be of help for those who have to set such an environment, or are facing issues with regards to that, which might get resolved by following the advice from SAP KBA 1739698