Explaining the sapproxy.ini configuration file.
In SAPProxy.ini file, you will define the server configuration parameters. It is housed in the same directory as the Liquid UI Server aka GuiXT Server files. A typical sapproxy.ini file will appear as shown in the following example:
The sapproxy.ini file contains two sections and a number of parameters, which are defined below. The two sections are:
The [control] section of the sapproxy.ini file is where you will define how many servers you will be connecting to. A sample [control] section of the sapproxy.ini file appears as follows:
The parameter contained in the [control] section of the sapproxy.ini file is explained as follows:
This parameter defines how many SAP ERP systems the Liquid UI Server will connect to. In our example, there is only a single SAP system involved. Client sites may have up to four proxies.
The [ProxyX] section of the sapproxy.ini file is where you will input the actual connection parameters of the server. The [X] is a number indicating the proxy number for each connection. There must be a [ProxyX] section for each server specified in the [control] section. In other words, if you set proxycount=4 in the [control] section, you must have four [Proxy] section. These will be numbered as follows:
A sample [ProxyX] section of the sapproxy.ini file is displayed in the example below.
[control] proxycount=1 [Proxy1] ListenPort=3200 TargetServer=test TargetServerPort=3200 ReservedPhysMem=25 GuiXT = 10 Options= -logtraffic:on -tracetraffic:on servercert=r:\synactive\sapproxy\servercert.pem privatekey=r:\synactive\sapproxy\privatekey.pem
The parameters contained in the [Proxy] section of the sapproxy.ini file are as follows:
This is the port that the Liquid UI Server will listen to for information from SAP. This should be the same as the TargetServerPort described below.
This is where the SAP ERP system is specified. Users can either use a name, as in the preceding example (e.g. ‘juneau’) or a connection string. For more information about connection strings, please see the Connection Strings section.
This is the system ID of the SAP ERP system to which the Liquid UI Server will connect. The system ID is preceded by the number ‘32’. So if the SAP ERP system ID is ‘00’, the TargetServer number will be ‘3200’. A sample entry is shown below.
This entry designates the amount of actual physical memory that will be verified for any subsequent launches of the sapproxy.exe. Sapproxy always checks the memory before launching and normally requires a large amount of free memory to launch. This is a useful option for users with smaller or more limited systems, as it tells Sapproxy that only the specified amount of memory needs to be checked in order to launch sapproxy. A sample entry specifying 25M of memory is shown below.
This is where you will specify whether or not the GuiXT instance is WS or not. If the implementation is not WS, the number will be ‘1’. If it is WS, the number will be ‘10’.
In addition to the parameters introduced above, the sapproxy.ini file can contain other parameters as well. These are as follows:
All options can only be used separately - you cannot combine options. In other words, you can only use one of the below options at a time.
- Trace options
You can add trace options to the sapproxy.ini file. Trace options assist in debugging Liquid UI Server. The syntax is as follows:
This option is a Boolean that can be set to either 'on' or 'off'. Logtraffic will trace each and every network packet, writing the results as a log file. Logs will use the naming convention 'TL_*'. The 'logtraffic' option is added to the Sapproxy.ini under the keyword 'Options=logtraffic:on/off'. The default setting for logtraffic is 'off'.
To add trace options, please do the following:
- Open the Sapproxy.ini in a supported text editor. We usually use Notepad.
- Add the following keyword to the Sapproxy.ini file: options=-logtraffic:on. This keyword will trace each and every network packet, writing the results as log files. The logs will use the naming convention: TL_*
- Once the log files are generated, send them to Synactive for review by a Support specialist.
- Easy Access On/Off
This flag turns off the automatic addition of the NO_EASYACCESS flag. The NO_AEASYACCESS flag is used to eliminate the easy access bit in the DIAG. The default setting is 'on'. The option is written as shown below
- ITS On/Off
This is used to disable the removal of the ITS flag. ITS was the predecessor to NetWeaver. GuiXT was able to run in ITS and this flag was used to prevent the flag from being removed. Since ITS is no longer common, this flag is unlikely to be used in most scenarios. The default setting is 'on' and it is written as follows:
- SAPConsole On/Off
This flag is used to turn the sapconsole detection on or off, causing the appropriate handling of sapconsole packets to occur. When the flag is set to 'on' then sapconsole mode is turned on. The default setting is 'auto'. It is written as follows:
This setting is used to turn on the Secure Connect feature for Liquid UI. The passphrase may be anywhere from X to XX characters long and may contain alphabetic characters, numbers, and symbols. The syntax is as shown below.
To use this setting, please do the following.
- On the Liquid UI Server, open the sapproxy.ini file and type in the following: SecureConnectPasskey=test.
- Save your changes and close the sapproxy.ini file.
- On your iOS device, open the Connection List and select the connection you wish to use.
- In the 'Secure Connect' filed, type the same passphrase you entered on the Liquid UI Server.
- Click the Save button to save your changes.
- In the Connection List, click Done.
- The connection will launch securely. You can tell that the connection is secure because the SAP system ID will be green.
- Swap Easy Access On/Off
This option is used to turn off the automatic swapping of 'Easy Access'. The default setting is 'on'. This option is written as shown below:
- Send Direct Return On/Off
This option turns on the process of sending screens from server to client during ‘Input Script’ processing. The default state is 'off' but please note that this flag cannot be turned on if a given connection is determined to be from sapconsole. This option is written as follows:
- Trace Connections
This option is used to trace and display information about each connection. The default setting is 'off'. This option is written as shown below:
- Limit Trigger
This option is used to turn off the limit trigger. This is explained in more detail in the Server Debugging section. This option is written as follows:
- Log Traffic
This option is used to log each packet sent and received by the server. The default setting is 'off'. This option is written as follows:
- Trace Traffic
This option is used to trace and log each network packet. The log can then be used to replay back the R/3 network flows. The default setting is 'off'. The option is written as follows:
- Progress Indicator
This option turns off the progress indicator during Input Script processing. The default setting is 'on', and it is written as shown below:
- Async RFC
This option is used to suppress addition of this flag to the SAP application server. If active, the SAP server will send all RFCs and wait for response. It is written as follows:
- Remove Menu Entries
This option will remove menu entries sent to client when it is turned on. It is used only for sapconsole mode and the default setting is 'off'. It is written as in the example below:
This flag is used to turn on robust connection. LUI clients can hold the connection with the R/3 server in the event of network disconnection. It enables the clients to transfer the connection to different devices with same username and password through the server. This option is written as follows:
A blob is a large screen which is sent in chunks from R/3 server to the SAPGUI client. If this option is turned on, then the server does not process the compilation of the chunks to form the screen packet, but sends the chunks as is, behaving like pass through. This will have serious consequences for the engine code as it would miss a full screen. The default setting is off. This option is written as follows:
This option generates detailed logs with every event captured during the traffic processing and traffic alterations of the server. This option is written as follows:
This option is used to trace OLE control logs on the server and option is written as follows:
When this entry is included in the sapproxy.ini file, the Liquid UI Server will send a blank screen to the SAP GUI client. The syntax is as follows:
This setting means that you will not have a live connection to a SAP server, similar to how the Offline product works. Also as in Offline, you can run scripts to create controls and other functions on this screen. This setting is useful for creating custom controls or functions without sending data to SAP. Click the X in the upper right corner of this screen to turn it off.
The _INTR_ entry takes a single option, as follows.
- app: This option designates the dynpro. In the example, it is the ZGUIXT custom dynpro.
Beginning with the 3.4.xxx.0 release of Liquid UI WS Server, the _INTR_ syntax has changed. The original syntax is shown below.
TargetServer=__INTR__ , app=ZGUIXT
From the 3.4.xx.0 release, the syntax will be as follows. Any new options will be included in the list of options.
TargetServer=__INTR__ , options=-app:ZGUIXT -n:1001 -sid:PRDNote: The two syntaxes cannot be mixed - you must use one or the other. If both are used, the 'options' syntax will always take precedence.
The options for the _INTR_ entry are as follows.
- -app: This designates the dynpro name.
- -n: This designates the dynpro number.
- -sid: This designates the database name.
Liquid UI Server will now support TLS (the encryption protocol used in SSL and https) for the most secure network connectivity. This is the same proven protocol used in all internet commerce "https" websites. It performs its encryption after a complex handshake and decides on an encryption cypher and session key to use on both ends. To turn on TLS, you need one Server Certificate, and one Private Key. They are specified in sapproxy.ini as follows. You will also need the latest version synssl.dll. Our implementation is TLS version 1.2 which is the latest version of TLS standard. Our code is based on openssl Version 1.0.2h.
If Liquid UI client does not have a valid license (not purchased from app store, and running on a temp license) and if it connects to sapproxy configured like below in sapproxy.ini, then the license specified in clientsy3 will be downloaded into the device, upon a successful logon of the user.
The means that customers running iOS (for now), does not need to install the sy3 manually.
The sy3 file path should be configured in sapproxy.ini as ClientSY3. It does not need to have any quotes or brackets, simply point it to the file.
[Proxy1] ListenPort=3220 TargetServer=juneau TargetServerPort=3200 options=-logrfc:on -tracetraffic:on -verbose:on ClientSY3=\\raven\usr\SYNACTIVE\GALA\ANDROIDBUILD\LiquidUI.sy3
Enable SecureConnect on Liquid UI Clients without having to configure encryption key on client
If Encryption key is configured only on Liquid UI Server (sapproxy.ini) and not specified on client, sapproxy will enable secureconnect once connected and Server realizes that it is talking to our Liquid UI client. (Again currently only available on iOS). We will have the option to enable secureconnect by specifying encryption key on both client and server or by specifying just on the server side.
The benefit of this, is users will experience secure connection, without having to manually enter the key on the client. The key on the client will be removed in future versions of the client.
[Proxy1] ListenPort=3220 TargetServer=juneau TargetServerPort=3200 options=-logrfc:on -tracetraffic:on -verbose:on ClientSY3=\\raven\usr\SYNACTIVE\GALA\ANDROIDBUILD\LiquidUI.sy3 SecureConnectPasskey="swordfish"
Note: You will also need to configure Liquid UI Clients (app)
Secureconnect allows Liquid UI client to connect to Liquid UI Server through secure messaging. It enable SecureConnect on LiquidUI Clients without having to configure encryption key on the client. The security is handled by means of the RC4 block cipher and uses a MD5 hash. Liquid UI encrypts every packet between the Liquid UI Server and the client device, ensuring the security of your data.
Beginning with 3.5.520.0 secureconnect parameter is configured in Liquid UI Server→sapproxy.ini configuration file.
sapproxy.ini file for Single Sign On
The user has to follow the below configurations to enable Single Sign On feature on Liquid UI for iOS and Android.
sapproxy.ini file for Domain\Username:
[control] proxycount=1 [Proxy1] ListenPort = 3210 TargetServer = ns.guixt.com // Your SAP Server TargetServerPort = 3224 // Your SAP Server Port GuiXT = 10 SNCName = p:poojitha@DOMAIN
sapproxy.ini file for @portal\Username:
[control] proxycount=1 [Proxy1] ListenPort = 3210 TargetServer = ns.guixt.com // Your SAP Server TargetServerPort = 3224 // Your SAP Server Port GuiXT = 10 portalurl=http://nw74:50000/irj/portal
sapproxy.ini file for Username or .\Username:
[control] proxycount=1 [Proxy1] ListenPort = 3210 TargetServer = ns.guixt.com // Your SAP Server TargetServerPort = 3224 // Your SAP Server Port GuiXT = 10 defaultdomain=@portal / defaultdomain=domain (defaultdomain=SYNDOM)