404 error using Web Application Proxy

  • 783 Views
  • Last Post 24 November 2015
Tony posted this 23 November 2015

Hi all   I'm attempting to set up WAP/ADFS to do pre-authentication to a SAP CRM system.  Within the network everything works well via ADFS and I can authenticate just fine.  Coming through the WAP I get a 404 error.  The SAP CRM debug log shows a difference in the URLs when accessing internally versus externally, as follows:  

Internal connection (works) 10.10.10.10 crm.contoso.com - - [23/Nov/2015:15:15:45 +1300] HTTPS 302 "GET /saml2(bD1lbiZjPTMwMCZkPW1pbg==)/bc/bsp/sap/crm_ui_start/default.htm?sap-sessioncmd=open HTTP/1.1" 0 83 h[-]  

External connection (fails) 10.10.10.11 crm.contoso.com - - [23/Nov/2015:15:34:15 +1300] HTTPS 404 "GET /saml2%28bD1lbiZjPTMwMCZkPW1pbg%3D%3D%29/bc/bsp/sap/crm_ui_start/default.htm HTTP/1.1" 1819 52 h[-]   The difference appears to be simply that the special characters in the URL have been transformed/replaced when coming through the WAP.  I couldn't find a configuration option within WAP that addresses this.   

Any thoughts?  

Tony  
 

Order By: Standard | Newest | Votes
danj posted this 23 November 2015

It has also stripped off the query parameter in the failing one:

 

?sap-sessioncmd=open



 

In a typical reverse proxy system you can tell it to rewrite portions of the URL differently (pass on relative identifier but rewrite server name for example),

perhaps this behaviour can be modified in WAP?

 

Dan

 

show

Tony posted this 24 November 2015

Hi Dan

 

Thanks for the response.

 

It turns out there is a hotfix for this issue (although the KB title is a tad misleading).

 

 https://support.microsoft.com/en-us/kb/3042127

 

Tony

 

show

Close