Forum Discussion
NimbostratusIE Error with F5 URL
Hi,
We've setup our SAP Fiori application to work over the F5.
With IE 11, we see the login page just fine using the external F5 URL. However, after entering the credentials & hitting the Login button, it says:
Logon with URL parameter not possible; logon cookie is missing
It simply refuses to let us in. On browsers such as Chrome, this issue isn't observed & we're able to log in just fine.
With IE, it appears to be passing credentials in the URL string.
If we use the local URL (without the F5), we do not see this problem. Its just IE 11 + F5 together that lead to this issue. Maybe IE has strict rules, thus forbids us from proceeding...is there an irule we're missing maybe ?
Please help advise...
Thanks a ton ! saba.
4 Replies
- Kai_Wilke
MVP
Hi Saba,
its very hard to tell whats going wrong without having a look on the wire (aka. using HTTPWatch, Fiddler, etc. to see the differences).
But you may want to perform the standard procedure when troubleshooting broken website functionality.
- Flush your browser cache.
- Unbind possible iRules which are tampering the payload or headers.
- Turn of HTTP-Compression on F5.
- Roll back any changes to the HTTP profile esp. the req/resp chunking settings.
Cheers, Kai
Saba_007_140621Thank you, Kai !
We'll surely check up on these points. We did try using HTTPwatch, but nothing substantial came up in the trace :(
Is there something different about the way IE 11 handles security...i.e. it passes the creds. in the URL string.
Safari, Chrome & Firefox work perfectly Ok.
We have a setting in SAP that says: Deactivate login XSRF protection...after setting this, the Login page keeps popping up again n again...i.e. it refuses to move further. The only difference is that now we don't see the "Logon with URL parameter not possible; logon cookie is missing" error...but the issue stays :(
Thanks a lot ! saba.
rk553_294531Hi Saba,
I have similar issue in my environment, could you please let me know the solution.
Thank you in advance.
- Kai_Wilke
Hi Saba,
I duno why your IE starts sending the form data using
(i.e. send form data as query string)... πIs your IE still sending a POST request with additional querystring information, or is it now a pure GET request?
Have you already compared the HTML/JS content for any differences using the one and another browser/access?
Does it also happen on a fresh Windows installations, without additional addons/programs?
You may also press the F12 button in IE and check if some console errors would indicate the problem, or if your problem could be resolved by using a certain IE downlevel mode?
logon cookie is missing" error
You could also try to loosen the cookie-releated security settings, or even puting the site into a different IE security zone to narrow the issue.
Are you using some sort of cookie encryption on your F5?
Deactivate login XSRF protection
XSRF is not an explicit browser functionality. Its more a combination of well established core functionalities. It will make sure you've visited the login site before sending login information. Basically it will track your site usage flow by using reversible but still unpredictable random query strings, form datas and cookie values etc...
about the way IE 11 handles security
Browser security is somewhat complex in these days. I've stopped catching up with all those protection mechanism many years ago... π
Cheers, Kai
