Solution : https://service.sap.com/sap/support/notes/1631354 (SAP Service marketplace login required)
Summary :
Security note 1616058 has been updated to replace previous workaround instructions with permanent correction instructions due to an incompatible change in the SPML service. This change now requires SPML requests to have a specific HTTP header ("X-Requested-With": "XMLHttpRequest"). Patches are available, and if unable to update, users can deactivate the header check by modifying the UME property. Enhanced security measures such as URL filters through ICM, load balancers, or firewalls are recommended if this property is disabled. Users should revert any temporary fixes and update their AS Java to apply these corrections effectively.
Key words :
icm/http/mod_0 = prefix=/, sap netweaver identity management, previously provided workaround instructions, workaround previously provided, uniform resource locator, formore information check, cluster restart isrequired, sp patch level, details andavailable patches, profile file remove
Related Notes :
| 1647267 | Solution Manager adaptation to Java UME security |
| 1621289 | SPML Connection Between SAP NW IdM and NW AS Java Fails |
| 1616058 | XSRF possible in SPML Services in AS Java |