Fully Qualified Domain Names (FQDN)

翻译 2016年08月30日 13:46:04

In Web Dynpro ABAP it is imperative that a client browser with a fully qualified domain name (FQDN) has access to the AS-ABAP. For this reason the full URL must be assigned to a Web Dynpro ABAP application when it is called. The URL must not be shortened (for instance, no domain specification).

The domain used must also satisfy the requirements of the cookie specification (see http://wp.netscape.com/newsref/std/cookie_spec.html).

To check the FQDN/FQHN, in the Web Dynpro explorer in the ABAP development environment (SE80), choose the relevant Web Dynpro application from the navigation tree for your Web Dynpro component/interface, and check the URL in the administration data. Check whether the path details in field URL also contain the full domain and host name.


Note that neither IP addresses nor underscore characters are allowed in host names (see below).


FQDN is necessary for the following reasons:

●  One domain is required with which cookies can be set domain-wide, for instance, SSO2 cookies.

Domain relaxation code is required for cross-frame JavaScript.
This is particularly important for Structure linkPortal Integration (see below).

●  In an HTTPS environment, client and server names must correspond with each other for certificates and for the SSL protocol.

Note that the domain in which the AS-ABAP is run is not necessarily the FQDN used to access the AS-ABAP from the browser. A typical example is an AS-ABAP which runs both in the Intranet and in the Internet. In a case like this the FQDN is determined by the position of the browser relative to the AS-ABAP and not by the AS-ABAP itself.

Configuration of Fully Qualified Domain Names

If the host name simply specifies the host and port but not the domain (including the extension), the shortened URL of a Web application looks like:

This graphic is explained in the accompanying text

<schema>://<host name>:<port>/sap/...



Whereas the full URL should look like:

This graphic is explained in the accompanying text

<schema>://<host name>.<domain> <extension>:<port>/sap/...



IP Addresses Not Supported

URLs that contain IP addresses are not supported.

This graphic is explained in the accompanying text

<schema>://<IP address>:<port>/sap/...


The following notation is required:

This graphic is explained in the accompanying text

<schema>://<host name>.<domain> <extension>:<port>/sap/...



To map IP addresses correctly, the following is required:

●  A minimal form of DNS at the customer location with the name of the AS-ABAP and a mapping to an IP address.

●  Alternatively, a pseudo AS-ABAP name can be used, and the HTTP proxy configured at the firewall in such a way that this URL is sent to the correct IP address.

●  For smaller installations you can use the following quick solution:

Update the hosts file on each workstation. Insert the line hostname.domain.ext  into file\WINNT\system32\drivers\etc\hosts.

No Support for “_” in Host Names

The browser does not accept cookies if a host name contains the underscore character “_”.

Since Microsoft Internet Explorer 6.0 and MS Internet Explorer 5.5 including security patch MS01-055 cannot accept any domain names with underscore characters, session cookies cannot be saved. This will result in terminations when navigating within a Web application.



The development system is called dev_sys, and the quality security system, qsys. This means the fully qualified domain name is:


In comparison, the following notations are not accepted:

For this reason, host and domain names must never contain the underscore character, “_”.

See also:


Domain Restrictions in Accordance with the Cookie Specification

The portal must be started with a domain that complies with the domain specification of the Internet standard cookie specification. Otherwise the portal cannot create the MYSAPSSO2 cookie.

So that the browser can decide which servers a cookie can be sent to, the URL must contain the domain specification, since the decision is based on this information. In accordance with the Netscape cookie specification (available under http://wp.netscape.com/newsref/std/cookie_spec.html), cookies can be set for one domain only, and a domain must contain two or three dots (.) due to security restrictions. Each of the seven top level domains (.COM,.EDU,.NET,.ORG,.GOV,.MIL,.INT) must contain at least one further domain component (usually the name of the company or organization), amounting to two dots. Each domain with a different ending (this includes the top level domains for countries, such as UK, DE, FR, and so on) must consist of two further domain components, that is, these domains must contain at least three dots. For more information see the cookie specification.


Examples of valid domains:

●  <host>.sap.com 
Top level domain -> two domain components

●  <host>.portal.sap.de 
No top level domain -> three domain components


Some browsers (for instance, Microsoft Internet Explorer) are less strict and permit domains that violate the cookie specification rules listed above.

The Internet Explorer would allow the following domain:

This graphic is explained in the accompanying text


This is not a top level domain, yet it only has two domain components.

Domains appear to be accepted whose penultimate component consists of at least three characters, because otherwise there would be problems, for instance with all British domains, due to there being insufficient restrictions on how cookies are sent.





Compliant with specification


Compliant with specification



For MS IE ok


For MS IE ok



For MS IE not ok


Not ok (compliant with specification)


Useful links to Microsoft knowledge base:

<http://support.microsoft.com/default.aspx?scid=kb; en-us;310676>


This graphic is explained in the accompanying text

SAP generally recommends that you always comply with the definitions of the cookie specifications.


The use of SSL (with HTTPS), as well as ensuring encrypted data transfer, should also ensure that the server being contacted (for example, a company or organization) is authentic. This is done using SSL server certificates. For each HTTPS URL the browser checks whether the full host name contained in the URL corresponds to the relevant specification (such as common name, CN) in the checked SSL server certificate. If the browser ascertains a difference, it triggers an error warning.


The SSL server certificate was issued on "CN=tcs.mysap.com, OU=SAP Trust Community, O=SAP AG, L=Walldorf, C=DE". The following URLs are checked:






Compliant with specification



With an SSL server certificate issued on "CN=mysap.com, ..." all the URLs listed above return an error.

With an SSL server certificate issued on "CN=*.mysap.com, ..." all the URLs listed above return an error. A certification authority (CA), however, usually establishes its own rules for components that it issues and for verified certificates. The use of wildcards (*) in the common name is generally not permitted.


When you use SSL terminating reverse proxies (in front of the Web Server/AS-ABAP), make sure that the SSL server certificate of the reverse proxy corresponds to the host name of the reverse proxy that is visible for the browser.

For more information about security see Security in AS-ABAP.

Setting the FQDN

The following variables and parameters are used to set the host and domain names:



●  icm/host_name_full

The ICM sets the FQHN in accordance with the hierarchy below:

  1.  Parameter SAPLOCALHOSTFULL in the SAP profile (recommended for high availability configurations) has top priority. If it is set in the profile file, the ICM takes this as the FQHN value.


Note that the system default value of SAPLOCALHOSTFULL contains the host name without the domain, which is why the system default is ignored by the ICM .

If the parameter is not set, the value in iStructure linkicm/host_name_fullsapurl_li is used.

  1.  If this parameter is also not set, the ICM takes the FQHN of the operating system.

Parameter SAPLOCALHOST is not fully qualified and is not used by the ICM for services.

SAP recommend you set either SAPLOCALHOSTFULL (for high availability configurations), or icm/host_name_full.



Powershell – domain user names in detail

  • 2014年03月11日 22:53
  • 172KB
  • 下载


db_name,instance_name,service_names,db_domain,dbid,oracle_sid等区别与联系 最近整理了一篇文章:oracle listener...
  • haiross
  • haiross
  • 2013年10月29日 22:01
  • 1356


这篇文章中要讲的几个参数:        DB 相关的: DBID, SID        PFILE中的参数:DB_NAME,DB_DOMAIN,  INSTANCE_NAME,       ...


http://www.cnblogs.com/rootq/archive/2009/06/14/1502991.html 1、db_name 数据库名 SQL> connect xys/man...


FQDN 全域名(FQDN,Fully Qualified Domain Name)是指主机名加上全路径,全路径中列出了序列中所有域成员。全域名可以从逻辑上准确地表示出主机在什么地方,也可以说全域...


一、虚拟主机实现原理注意: 谁顺序排第一,谁就是默认站点1.虚拟主机即实现一个httpd服务器,可以对多个站点提供服务2.实现方法——IP将IP地址和站点路径相关联3.实现方法——port将端口号和站...


  • 2014年03月19日 18:42
  • 5KB
  • 下载

How to become a qualified dev&ops

How to become a good webmaster? Is there any free tools that can be used for monitoring the status o...
  • wzyyc
  • wzyyc
  • 2017年03月26日 10:40
  • 111

Google code jam2015 Qualified Round

Problem A. Standing Ovation It's opening night at the opera, and your friend is the prima donna...

sendBroadcastAsUser——Calling a method in the system process without a qualified user

4.2中Android加入了多用户  改换这几种调用方式  public void startActivityAsUser(Intent intent, UserHandle user);...
您举报文章:Fully Qualified Domain Names (FQDN)