Install SAP OCB Retail – 1 – SMP3 configuration

Let the world know ...Tweet about this on TwitterShare on Google+0Share on Facebook0Email this to someoneShare on LinkedIn0

To be able to install SAP Omnichannel retail banking on SMP3 SP8, some adjustments must be done on the SMP3 server configuration.

Avoid memory leak

Add a new parameter in the props.ini file of SMP3 server.

vim /SAP/MobilePlatform3/Server/props.ini

Parameter to add: -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true

DTD validation

Looking at the installation guide from SAP, this configuration is somewhat against SAP’s own security recommendations, but is needed as OCB uses struts, and for those the validation must be done via DTD and not by XSD. Edit the file fixed-sys.properties located at /SAP/MobilePlatform3/Server/configuration/com.sap.mobile.server.launcher.

vim /SAP/MobilePlatform3/Server/configuration/com.sap.mobile.platform.server.launcher/fixed-sys.properties

Comment out the last two properties.

Weak Diffie-Hellman ciphers

New browser don’t like anymore the SMP3 SP8 standard TLS ciphers, therefore these must be changed to be more aligned with latest security expectations.

vim /SAP/MobilePlatform3/Server/config_master/org.eclipse.gemini.web.tomcat/default-server.xml

For each TLS connector, substitute the ciphers by TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA.

JAVA_HOME

Set JAVA_HOME variable to the one used by SMP3.

export JAVA_HOME=/SAP/MobilePlatform3/sapjvm_7/
Let the world know ...Tweet about this on TwitterShare on Google+0Share on Facebook0Email this to someoneShare on LinkedIn0

Leave a Reply

Your email address will not be published. Required fields are marked *