SAP EP – Netweaver Portal

Symptom

You use SAP Enterprise Portal and want to implement a communication that allowsthe exchange of messages or events / data from client applications and portal servers via different sources or domains.
Other terms

SAP Enterprise Portal, domain barrier in the browser, communication, Same Origin Policy, Relaxing
Reason and Prerequisites

Unlike for other transfers, there is no permanent link set up for HTTP in order to optimize the rate during the data transfer between Web server and browser and to minimize the load of the servers. The system starts a separate connection for every transfer, the browser sends a query to the Web server and waits for a response.
If web servers and the client applications of the portal run on different domains, this affects important functions of the Client Framework, for example Client Eventing, Client Data Bag, Cross Navigation, Work Protect Mode or Session Management. A system landscape that covers different domains in addition causes problems regarding the security. The security concept normally requires that all client applications in the browser are set up on the same domain.
In SAP Enterprise Portal this restriction was reduced by hiding the prefix of the domain: by Java-script the value of propertydocument.domainis set onto the suffix of the specified domain. Then this “reduced” domain is used for original-checks.
Example:
The script in documenthttp://store.company.com/dir/other.htmlexecutesstatement document.domain = “company.com”;. Afterwards the site would respond to the original-check withhttp://company.com/dir/page.html.
For more information on the “Same Origin Policy” refer also to:http://www.mozilla.org/projects/security/components/same-origin.html
Solution

Depending on the actual state, there are three approaches:
1. Plan the system landscape of the SAP Enterprise Portal according to the following convention:Allocation of addresses for Web servers and client applications with at least 3-step hierarchy.As of the second hierarchy level the address must be identical. The addresses may only differ in the prefix.Identical protocols for all addresses (http/https).2. Set up / maintain DNS alias
If the server addresses in an already existing system landscape do not correspond to the necessary convention, set up a new or additional alias for every DNS according to the requirements described under 1.3. Set up Reverse-Proxy
As an alternative for solution 2. you can set up a Reverse-Proxy which serves locally as client. For the Web browser, the Reverse-Proxyis a service provider (server), which distributes the queries to the defined servers within the local area network.