Install SAP OCB Retail – 1 – SMP3 configuration
To be able to install SAP Omnichannel retail banking on SMP3 SP8, some adjustments must be done on the SMP3 server configuration.
Avoid memory leak
Add a new parameter in the props.ini file of SMP3 server.
vim /SAP/MobilePlatform3/Server/props.ini
Parameter to add: -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
DTD validation
Looking at the installation guide from SAP, this configuration is somewhat against SAP’s own security recommendations, but is needed as OCB uses struts, and for those the validation must be done via DTD and not by XSD. Edit the file fixed-sys.properties located at /SAP/MobilePlatform3/Server/configuration/com.sap.mobile.server.launcher.
vim /SAP/MobilePlatform3/Server/configuration/com.sap.mobile.platform.server.launcher/fixed-sys.properties
Comment out the last two properties.
Weak Diffie-Hellman ciphers
New browser don’t like anymore the SMP3 SP8 standard TLS ciphers, therefore these must be changed to be more aligned with latest security expectations.
vim /SAP/MobilePlatform3/Server/config_master/org.eclipse.gemini.web.tomcat/default-server.xml
For each TLS connector, substitute the ciphers by TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA.
JAVA_HOME
Set JAVA_HOME variable to the one used by SMP3.
export JAVA_HOME=/SAP/MobilePlatform3/sapjvm_7/
0 Comments