icm/server_port

Posted by — January 14, 2015 in SAP PARAMETER Leave a reply

Parameter

icm/server_port

Short text

ICM server specification

Parameter Description

This is a vector parameter in the format [parameter name]_[index]. The index is a number without a leading 0. You do not need to use the indexes in ascending order; that is, you can, for example, configure only icm/server_port_2.

You can use this parameter to specify the service/port and keepalive timeout to be used for a protocol. You can optionally specify the service name or the port number.

You can also set the following options for the parameter:

• Timeout Options: Two timeouts can be configured – the network timeout TIMEOUT and the processing timeout PROCTIMEOUT. The period is specified with the parameter value (in seconds). The value -1 deactivates the timeout. If this option is not set, the value is defined by the parameter icm/keep_alive_timeout. (Note that after the timeout interval has expired, the user context in the work process is not closed. This timeout is defined by the profile parameter rdisp/plugin_auto_logout.) The processing timeout PROCTIMEOUT defines how long the ICM waits of the response from the backend (AS ABAP or AS Java) before it returns an error to the client (ETIMEOUT).

• Use an external binding program: To bind ports below 1024 under UNIX, extend this parameter using the (optional) specification EXTBIND=1. The icmbnd then binds the port and transfers it to the ICM.

• Do not bind port to all host names: You can use the optional parameter HOST=[host name or IP address] to specify that the port should not be bound to all host names (default), but only to the specified host.

• SSL configuration with the argument SSLCONFIG (see parameter icm/ssl_config).

• X.509 Certificate: You can use the optional parameter VCLIENT to specify whether the client must produce an X.509 certificate if SSL is used. There are three certification levels (0-2):

• 0: No certificate is required and the server does not ask for one.

• 1: The server asks the client to send a certificate. If the client does not send a certificate, authentication is carried out by another method, for example, basic authentication (default setting).

• 2: A client must send a valid certificate to the server, otherwise access is denied. This server-specific value overrides the value that is set with parameter icm/HTTPS/verify_client. If you specify an SSL configuration with SSLCONFIG, do not specify VCLIENT here.

• ACLFILE: This addition specifies the file that is used as the access control list (ACL). If the profile parameter is set, the file must exist and its syntax be correct. The syntax of the ACL file is described in ACL Syntax.

• TLS: This addition specifies whether TLS encryption (using STARTTLS) is to be used for inbound SMTP requests. The value 0 specifies that TLS is not used. This is the default. Value 1 specifies that TLS is offered but not mandatory. Value 2 specifies that TLS is mandatory and an error is sent to clients that attempt to send mails without TLS encryption (without STARTTLS).

• AUTHMECHANISMS: This addition specifies which SMTP authentication procedure is used. The value NONE specifies that no authentication is requested. This is the default. The value PLAIN specifies that the authentication procedure PLAIN is used. The value EXTERNAL specifies that authentication is performed using an SSL client certificate. If the value EXTERNAL is specified, the client certificate must be maintained as trusted in the server PSE. The client certificate must also be assigned to the user for SMTP authentication. You can also combine the procedures PLAIN and EXTERNAL (separated by a semi-colon).

• AUTHUSERS: This addition specifies which users are used for SMTP authentication. Separate the user names with semi-colons. The users must be valid users in client 000 of the type SYSTEM.

Behavior of the ICM or Web Dispatcher if the ACL file is missing or has errors (is syntactically incorrect):

The ICM or Web Dispatcher is prevented from starting; that is the ICM or Web Dispatcher ends immediately. If you attempt assign or reload an erroneous ACL file to an existing service, the new file is ignored, and an existing ACL file remains active.

Application Area

Internet Communication Manager

Parameter Unit

Special character string

Default Value

None

Who is permitted to make changes?

Customer

Operating System Restrictions

None

Database System Restrictions

None

Are other parameters affected or dependent?

You can define an SSL configuration with the parameter icm/ssl_config and reference it from this parameter.

Only one service can be bound to one port. Also, a service cannot be started if another program is using the port or service.

Values allowed

PROT=[protocol name], PORT=[port or service name] [, TIMEOUT=[keep alive timeout], PROCTIMEOUT=[processing timeout], EXTBIND=1, HOST=[host name], SSLCONFIG=ssl_config, VCLIENT=[SSL client verification]]

For example: PROT=HTTP, PORT=8080, TIMEOUT=15

PROT=HTTP, PORT=80, TIMEOUT=30, EXTBIND=1, HOST=prd.sap.de

PROT=HTTPS, PORT=443, TIMEOUT=15, PROCTIMEOUT=45, VCLIENT=0

PROT=HTTPS, PORT=443, SSLCONFIG=ssl_config, ACLFILE=[file name for access control list]

PROT=SMTP, PORT=25000, TLS=2, AUTHMECHANISMS=PLAIN;EXTERNAL, AUTHUSERS=SMTPAUTH1;SMTPAUTH2

You May Also Like

jstartup/shutdown_timeout : Timeout for the jstart controller process to wait for shutdown of child processes

jstartup/security_level : Security level for jcontrol

jstartup/sdm_properties : Path to SDM properties file

jstartup/recorder : Flight recorder configuration

Leave a Reply?