Layer7 Access Management

Expand all | Collapse all

Firewall and ports to be opened Siteminder - Agent - SAP

Jump to Best Answer
  • 1.  Firewall and ports to be opened Siteminder - Agent - SAP

    Posted 12-05-2016 05:41 AM

    Hello all.

    In the next week we'll implement the integration between Siteminder 12.51 and SAP.

    To obtain it, as for the documentation, we'll have to install an agent on a Reverse Proxy (Apache) and the modulelogin at the SAP AS. Also need to implement the SessionLinker in order to handle the sessions.

     

    There isn't any mention about the ports that must be opened from:

    - SAP AS to policy server (in the flow we saw SAP will contact the Policy Server to validate the session)

    - Agent on Apache to policy server (probably the standards 44441,44442,44443,44444)

    - Agent on Apache to SAP AS.

    - Session Linker ports?

     

    Strange to see a documentation that starts just to implement the objects, without before provide a list of ALL ports we need to open.

    Can someone help us? We need to know the used ports :-(

    Thanks all



  • 2.  Re: Firewall and ports to be opened Siteminder - Agent - SAP
    Best Answer

    Posted 12-05-2016 05:54 AM

    Hello

    Regarding the question

     

    - SAP AS to policy server : you need to open the policy server running ports, so usually 44441, 44442, 44443 and 4444

    - Agent on Apache to policy server : same as before, the policy server ports

    - Agent on Apache to SAP AS.: here the SAP AS ports should be open

    - Session Linker ports:  requests are sent by the webagent to the session linker with a plugin, not tcp ports, and session linker the discusses with policy server using the policy server ports

     

    I hope this helps

     



  • 3.  Re: Firewall and ports to be opened Siteminder - Agent - SAP

    Posted 12-05-2016 07:21 AM

    Thanks Miquel for this fast reply.

    So this means that in general the integration uses just the 44441-44443 groups. I was thinking me too to this ports and of course they are sure for "Agent on Apache" ---> Policy Server.

    But is not so clear the connection "SAP AS" ----> Policy Server. It will use the same ports of a standard agents?

     

    Thanks



  • 4.  Re: Firewall and ports to be opened Siteminder - Agent - SAP

    Posted 12-05-2016 07:49 AM

    That's right. Policy server ports are same for all agent types webagent/application server agnet/custom agent.