Authenticate users to production portal system

At this new installation, portal wants to import roles/users from the production portal system, not prod BW.  Wonu2019t that cause errors for connections with u201Cuse SSO when refreshing reports at view timeu201D?  Note, we havenu2019t set up SNC yet.
Environment:
BOE XI 3.1 SP2
Solaris
NetWeaver Application Server
SAP Kit

Thanks Seb.  It looks like you can import roles from a nonBW system.  ... maybe as long as you've got the transports.
Yesterday BASIS successfully entitled the prod entriprise portal system, imported roles and users into CMC.  These users - like PEP~123/user - errored last night with
"The SAP SSO authentication process will fail because the current user doesn't have an alias that matches system DBWCLNT111.. (WIS 10901)"
... when I changed a DBW~111 connection to u201Cuse SSO when refreshing reports at view time"
BOE doesn't have DBW111 users.  If I did have roles/users from DBW111, BOE would think them different users than PEP~123 users.  Trying to alias them together (can't w/o Enterprise id or similar) one id at a time is a bad path to go down.
I'm not sure SNC will overcome.  ... like passing the id without the system qualifier.  Anybody know?

Similar Messages

  • How to add Popup message as soon as user logins to portal system?

    Hi,
    I want to display a popup message as soon as user logs on to the portal system.
    Regards,
    Anagha

    Anagha Bhat wrote:
    what do you mean by  "iView with the popup as the entry point" ?
    I think this means, iView's 'Launch in new window' property should be accordingly set..

  • How can I authenticate users against a WAS system from third-party app?

    We are looking at developing a third-party standalone web application e.g. in Rails (but it could be on any framework for that matter).
    How would we go about authenticating users against a SAP WAS backend? Are there some standard web services for this? What other means are there for authentication?
    Kind Regards,
    Martin

    From the comment in SUSR_LOGIN_CHECK_RFC you just need to pass user name and it will return if user can still log on. Only your system will know credentials for this user so an attacker won't be able to use this service for cracking passwords.
    This FM is in the same function group as:
    CREATE_RFC_REENTRANCE_TICKET
    SUSR_CHECK_LOGON_DATA
    SUSR_DELETE_OWN_PASSWORD
    SUSR_GENERATE_PASSWORD
    SUSR_GET_ADMIN_USER_LOGIN_INFO
    SUSR_GET_X509CERT_MAPPING_LIST
    SUSR_LOGIN_CHECK_RFC
    SUSR_USER_CHANGE_PASSWORD_RFC
    SUSR_USER_EXTID_DEL
    SUSR_USER_EXTID_GET
    SUSR_USER_EXTID_GET_ALL
    SUSR_USER_EXTID_LOOKUP
    SUSR_USER_EXTID_RENAME
    SUSR_USER_EXTID_SET
    SUSR_USER_EXTID_SET_ALL
    SUSR_USER_FROM_CERTIFICATE_RFC
    SUSR_USER_SETEXTID
    You would need to ensure that only the service exposing the "login check" can be called, and not the FM's in the group.
    BTW: SAP Java WAS can provide SAML 2.0 assersions (technically a component shipped with IdM, but you don't have to use the rst of the IdM if you don't want to..). If your applications are all web enabled ones (WDA?) then that is an option to consider, which is also strategically supported.
    SSO2 Logon tickets are not really a strategy anymore... and installing a double-stack system on all ECC sytems just to have SAML is not strategic either.. 
    I have heard several wishes for SAML authentication for SAPGui, but not seen anything official yet in that direction.
    Cheers,
    Julius

  • Issue with superadmin user (sap*) in portal

    Hi,
    I have issue with my superadmin user (SAP*) in portal system.
    When I activated superadmin user (sap) from configtool and tried to login to the system with sap it is not letting me to enter into portal instead it is asking whether I am new user and also giving me link for "register user".
    Please suggest.
    Regards,
    Chandra.

    Hi Chandra,
    I hope you performed all steps as discussed in the below link. Please cross check.
    http://help.sap.com/saphelp_nw70/helpdata/en/3a/4a0640d7b28f5ce10000000a155106/content.htm
    Thanks,
    Siva Kumar

  • If user login in portal we need to assign him, the  perticular system

    Hi all,
    i have the requirement
    if user logins in portal, depending on the user we need to assign him a system( bapi or rfc),
    the user database is maintained in a table in MDM. if an user login in portal it should check in MDM to which region(america, asia.europe....) it belog,s to. according to that we need to assign the system(rfc or bapi). if the user belong's to two regions we need to assign the two links(rfc's or bapi's) regions,
    help me in doing step by step
    Thanks in advance
    Best Regards
    charan

    Hi Charan,
    This is same thread as - Depending on the user we need to assign the system
    Regards,
    Sen

  • SU01 or ABAP SYSTEM - User Language on Portal

    Dear All,
    I am working on Portal Framework - Masthead and Footer PCD files in JSP enivronment. Now, I have a requirement where I have to fetch the Language of User present in ABAP SYSTEM- SU01 transaction. Can anyone help me how to fetch this._ With some code or some way to tackle the condition?_
    Thanks,
    Roshan

    Hi Roshan,
    Check this thread - User mapping certificate in UME (J2EE) with ABAP system as Backend (SNC)
    Best Regards,
    Sen

  • How do assign the user of Consumer Portal to the role of Product Portal?

    Hello All:
        Use FPN, now I want to assignment the role of Consumber Product Portal the user of Consumer Portal to  the user of Consumer Portal(RRA) .But because There are too many user that needed be configured.It is arduous work.
         So Pls help me and tell me how to import the role of Product portal to the user of Consumter Portal,
    Thanks In addvance.
    jideliang

    Thank all:
    Because I want assign the Remote Role of Produce to user of Consumer with FPN.Use:
    [Role]
    rid=Role1
    rdesc=Role description
    user=MarcPeters;JackSmith;Alan_Fox;
    group=HappyBuyersOf2003;HappyBuyersOf2002
    Can not import.
    I have find the document "How to Automate Content Creation via XML Content and Actions (NW7[1].0).pdf", it help me to use XML to import the role,the following format:
    <Action id="com.sap.portal.roleassignment">
    <Roles>
    <Role name="pcd:portal_content/myFolder/myRole" producer.alias = "myProducer">
    <Principal type="user" id="test"/>
    But when I import the XML file.There is a error.
    Have someone used it ?
    jideliang
    </Role>
    </Roles>
    </Action>
    How

  • How can authenticate users´portal in OIM?

    I have installed Aqualogic Interaction 6.5, and I want import and authenticate users from OIM(or another LDAP)? What i can do?
    I read that i must install Oracle webcenter identity services? It´s true? Where i can adquire?
    thanks

    I have not tried with 6.5, btu I think you just need to install one of the identity services which allow you to sync and authenticate against various sources (LDAP, AD, etc). See here for more info http://edocs.bea.com/alui/integration/

  • How to display the Portal System ID in a theme or iView?

    Hi everyone,
    I am trying to figure out a standard way to display the Portal system ID within the portal theme or within an iView.   The complaint from users is that, if they are working in both Production and multiple test systems simultaneously, it is very difficult to decipher which system they are actually in.
    Does anyone have experience with this previously?
    Thanks in advance.

    Hello Charles.
    A standard way is a modification of the Portal name which is displayed in a title bar of a browser's window.  For this you have to edit the Central Configuration:
    1. Open System Administration > System Configuration > Service Configuration;
    2. In Browse Tab open  Portal Runtime > Central Configuration;
    3. Locate and modify portal.html.head.title property.
    4. Save changes.
    5. Restart portal server.
    Best regards,
    Aliaksandr Zhukau

  • Production Portal is not starting...

    Hello All,
    I have a very serious problem with my production portal. Every after 2-3 days, the portal doesn't start properlly in the morning, It shows page can not be displayed. The only thing we can do for this is to restart the server.
    Can somebody please tell me what could be the problem and how to resolve this issue permanently. Also tell me where do I check for the logs that had generated at the time this issue happened.
    We are not using much roles and iviews. We just have 5-6 webdynpro applications which are running on our portal.
    We are on EP 7.00 SP9 and we use hostname and not the IP address to access portal.

    Hi Vaishali,
    I have checked the Default Log file and found some error messages. Can somebody please check and tell me the reason of portal misbehaviour.
    #1.5#00188B417A010069000000270000105400047270C85E9991#1251728630418#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/tcwddispwda#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#Guest#2####e737a720963911de85bf00188b417a01#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/System/Server/WebRequests#Plain###Processing HTTP request to servlet [dispatcher] finished with error.
    The error is: com.sap.tc.webdynpro.clientserver.session.SessionExpiredLongJumpException: Session has expired (current request: follow-up request). Please restart the application. Hint: HttpSession seems to be expired due to user inactivity or application is called with wrong URL parameter (sap-wd-norefresh=X).
    #1.5#00188B417A010054000002B700001054000472710734D5DE#1251729684684#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/tcwddispwda#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#BIL01#411##musaprd_PWC_6722350#BIL01#584fc300963c11de9c5b00188b417a01#SAPEngine_Application_Thread[impl:3]_20##0#0#Error#1#/System/Server/WebRequests#Plain###Cannot send an HTTP error response [500 Application error occurred during request processing. (details: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: The connection is closed.)].
    The error is: com.sap.engine.services.servlets_jsp.server.exceptions.WebIOException: An attempt to write after the stream had been closed.
    #1.5#00188B417A01006D0000001400001054000472722899E133#1251734539856#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#Guest#2####a9845500964711dea9a300188b417a01#SAPEngine_Application_Thread[impl:3]_28##0#0#Error##Plain###User Guest, IP address 64.181.47.118
    Cannot open the requested file <D:
    usr
    sap
    PWC
    JC00
    j2ee
    cluster
    server0
    temp
    webdynpro
    web
    &sap-cssversion=7.0.9.0.0&DynamicParameter=&com.sap.portal.reserved.wd.pb.restart=false&PagePath=pcd:portal_content
    com.musa.musa_dealer_connect
    com.musa.dealer_connect_roles
    com.musa.dealer_connect_order_management
    WholeGoods_PayTerm_N&sap-accessibility=&sap-locale=en_US&sap-wd-app-namespace=zzzz&sap-rtl=&sap-wd-tstamp=1251734534137>. Possible reason: the file does not exist, cannot be accessed, or is in use by another process.
    java.io.IOException: The filename, directory name, or volume label syntax is incorrect
    #1.5#00188B417A0100650000003D0000105400047273DE693570#1251741885090#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#sap.com/tcwddispwda#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#RIC04#1675##musaprd_PWC_6722350#RIC04#c075d610965811de9d0b00188b417a01#SAPEngine_Application_Thread[impl:3]_29##0#0#Error##Plain###Processing HTTP request to servlet [dispatcher] finished with error. The error is: java.lang.NullPointerException
    #1.5#00188B417A010053000000A00000105400047282B048D3BA#1251805535793#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#Guest#2####f6649a1096ec11de83c400188b417a01#SAPEngine_Application_Thread[impl:3]_27##0#0#Error#1#/System/Server#Plain###User Guest, IP address
    HTTP request processing failed. HTTP error [401] will be returned. The error is [Authentication did not succeed.No details available].#
    #1.5#00188B417A010062000000C6000010540004728382B9CD18#1251809066418#com.sapmarkets.bam.jmxadapter.AbstractLog#sap.com/tcwddispwda#com.sapmarkets.bam.jmxadapter.AbstractLog#Administrator#8391##musaprd_PWC_6722350#Administrator#7a4c65a096f311de9cd000188b417a01#SAPEngine_Application_Thread[impl:3]_35##0#0#Error#1#/System/Server#Plain###java.util.zip.ZipException: error in opening zip file
    Any help ?

  • Track Connections to support Multiple QA & Production Runtime Systems

    Hi,
    I've read the SAP Help and various other threads in this forum that describe how to configure track connections that will support deployment into multiple production runtime systems. Can the track design therefore support the following scenario :-
    Dev --> Consolidation ---> Multiple Pre-Production Runtime Systems --> Multiple Production Runtime Systems.
    If this scenario can be implemented in the NWDI Landscape Configurator what would be the best approach to define this ?.
    The reason I'm asking is our customer is planning multiple Portals in Production & Pre-Production due to the number of LDAP's currently being used to roll-out to the full user community.
    Regards,
    Brian.

    Hi Kiran,
    May be this thread will come in handy. I explained clearly the procedure to deploy to multiple systems
    transport to mulitple systems
    thanks

  • TLN missing for users in Federated Portal Network Setup

    Hello All,
    We are facing a weird problem in our Federated portal Production setup; when the users login to portal they are not able to see the TLN. On further investigating we found that this issue is happening when the user id is locked in any of the producer portals within our FPN environment due to which the users are not able to view roles related to other systems as well in which there id is active.
    This issue is reproducable but only occur once the ID are locked and password is expired in one of the assigned system.
    Our FPN setup is as below:
    Consumer C connects to Producers
    1. A (RDL)
    2. B (RDL)  - BI Dual Stack
    3. D (RRA)  -  BI Dual Stack
    In turn A (producer) connects to 4 ECC systems (F3, M1, R1, R5)
    We are using RRA and RDL both in our environment.We have connected all federated portal with P4 Port, so if required we
    can use RDL.
    Please note our consumer C is EHP1 SP5 and both BI systems B and D are EP 7 sp13. 
    Any help in this regard is highly appreciated as this is critical issue affecting users in our production environment badly.
    Regards,
    Priyanka

    Hello,
    This was an SAP bug. We raised an OSS message and it is taken care now. User now gets TLN and then portal runtime error if the id is locked.
    Regards,
    Priyanka

  • How to integrate the portal system with non-sap system

    Hi Gurus,
    How to integrate Portal system with non-SAP system?
    I know few ways .......Using Usermapping UIDPW method.
    Using Appintegrator .....and using Business repository objects in JCA?
    Is there anyother way to integrate if so please give me the names and steps for integrating it?
    Thanks in Advance,
    Dharani

    Hi Dharani,
    You can get information from the following links:
    http://help.sap.com/saphelp_nw04s/helpdata/en/43/d08b00d73001b4e10000000a11466f/frameset.htm
    https://www.sdn.sap.com/irj/sdn/thread?threadID=744043
    SAP CONNECTORS:- Basically Connectors are like middlewares , that we use to connect to the backend system including Non SAP systems also. Will try to explain it to u with some examples of SAP Connectors:-
    a) SAP Business Connectors:-
    A middleware application based on the B2B integration server from webMethods.
    The SAP Business Connector enables both bi-directional synchronous communication and asynchronous communication between SAP applications and SAP and non-SAP applications.
    The SAP Business Connector makes all SAP functions that are available via BAPIs or IDocs accessible to business partners over the Internet as an XML-based service.
    The SAP Business Connector uses the Internet as a communication platform and XML or HTML as the data format. It integrates non-SAP products by using an open, non-proprietary technology.
    b) SAP Java Connector:-
    SAP Java Connector (SAP JCo) is a middleware component that enables the development of SAP-compatible components and applications in Java. SAP JCo supports communication with the SAP Server in both directions: inbound calls (Java calls ABAP) and outbound calls (ABAP calls Java).
    SAP JCo can be implemented with Desktop applications and with Web server applications.
    SAP JCo is used as an integrated component in the following applications:
    1) SAP Business Connector, for communication with external Java applications
    2) SAP Web Application Server, for connecting the integrated J2EE server with the ABAP environment.
    SAP JCo can also be implemented as a standalone component, for example to establish communication with the SAP system for individual online (web) applications.
    To Know more go through,
    SAP Java Connectors
    II) ALE Concept:-
    ALE is not restricted to communication between SAP systems, it can also be used for connecting SAP Systems to non-SAP systems.
    By using IDocs as universal information containers, ALE can reduce the number of different application interfaces to one single interface that can either send IDocs from an SAP system or receive IDocs in an SAP system.
    SAP certified Translator Programs can convert IDoc structures into customer-defined structures.
    Alternatively, the RFC interface for sending and receiving IDocs can be used in non-SAP systems.
    In both cases you need the RFC Library of the RFC Software Development Kit (RFC-SDK).
    This link gives a great insight into landscape for Connectivity to Non-SAP systems:-
    SAP to Non-SAP systems
    III) Communication Between SAP Systems and External (Non-SAP) Systems using RFC:-
    When you use RFC for communication with an external (non-SAP) system, you can also implement the SAP Java Connector or the SAP .Net Connector for the conversion of data. However, there are no specific security requirements for these components, since they only perform internal system conversion functions.
    The additional security recommendations for communication with external systems in this section make particular reference to cases where an external system is used as a server (SAP calls the external system). If you use an external system as a client (the external system calls SAP), the appropriate SAP-specific security mechanisms are implemented on the SAP side.
    This link explains in detail all the security considerations you need to take for connecting to an External Non SAP system like, User administration, Network Security etc.
    Communication Between SAP Systems and External (Non-SAP) Systems using RFC
    Hope this helps,
    Regards,
    Rudradev Devulapalli
    Reward the points if helpful

  • How to restrice ananymous user access to portal link /irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default?

    Hi experts,
    We had an issue with portal access. I wonder if portal is venerable for security threats?
    Could you please let me how to restrict the unauthorized users (anonymous user) to the portal URL.
    https://HOST:50001//irj/servlet/prt/portal/prtroot/com.sap.portal.navigation.portallauncher.default .
    Appreciate your help.
    Regards
    Maruti

    Hi Maruti,
    Hope you are doing good.
    Can't you just amend the portal permissions so that this access is not possible.
    The PCD location should be:
    com.sap.portal.system/security/sap.com/NetWeaver.Portal/no_safety/com.sap.portal.navigation.portallauncher....
    Hope this helps.
    Thank you and have a nice day!
    Kind Regards,
    Hemanth

  • Getting error while creating the user in user administration in portal

    Hi folks,
         i am unable to create the user in user administration in portal due to the following error,
    could you please help regarding this issue
    "Current user has user creation permissions in the UME, but cannot create users in the back-end system (data source). The original and possibly untranslated message was: "No active writeable datasource found for user creation, check your Persistence Configuration.".

    Hi All,
    I am closing this thread as this is not in the correct forum.  This should be opened in LDAP or UME.  Please open the thread under the correct heading.
    Beth Maben
    EP - Senior Support Consultant
    AGS Primary Support, Business Suite & Technology
    Please see the UWL Wiki @
    http://www.sdn.sap.com/irj/scn/wiki?path=/display/bpx/uwl+faq  ***

Maybe you are looking for

  • HELP!! CC wont let me open CS6

    Hello, My CC subscription recently expired, so instead of renewing it I reinstalled my old CS6. Now, every time I try to open CS6 programs, I get the CC message saying they need to verify my subscription. Needless to say, I end up being unable to ope

  • Error during deployment of stateless session EJB using EJB 3.0

    having trouble deploying a stateless session bean to app server 10.1.3.1 oc4j container. deceided to go through oracles demo: How-To Develop a Stateless Session EJB using EJB 3.0 (http://www.oracle.com/technology/tech/java/oc4j/1013/how_to/how-to-ejb

  • GL Reconciled Script

    Hi All, I need a script that pulls only reconciled GL Accounts. Using the  GL reconciliation menu, you can reconcile GL accounts for unreconciled items. But I need to see just the reconcilied items from same window. Regards

  • Oracle Forms Runform has stopped working

    OS: Windows 7 Oracle forms 6.0.8.13 executables were running fine on Windows 7 upto Nov 19th. But after Nov 19th whenever we enter user name, pssword, database and hit connect, it gives oracle forms runform has stopped working error. Following is the

  • Is there a bluetooth adaptor for an old iPod classic (160 GB) that also works like a radio remote?

    Is there a bluetooth adapter for an old iPod classic (160 GB) that also works like a radio remote?  I have a bluetooth headset and I want to listen to FM radio on my iPod. Or is there a better way than to use an adapter in order to listen to  the rad