Access & Control a system process
hello,
I have little confusion about the system process and java environment.
How can we access or control the the system process or any application which is currently running in system using java.
Like,,, Calculater.exe is running and I want to handle all functionality of calculator using java program, without accessing calculator.exe gui.
suppose my program sends request to calc.exe to perform a sum and it returns the result,,,,
rpworld wrote:
Like,,, Calculater.exe is running and I want to handle all functionality of calculator using java program, without accessing calculator.exe gui.
suppose my program sends request to calc.exe to perform a sum and it returns the result,,,,It's possible, if the program provides an API and is designed to do that kind of things. As for getting calculator.exe to do your calculations. No way José.
As far as I know it neither provides an API or was designed to do calculations for external programs.
Similar Messages
-
Are GRC Access Control, Process Control and Risk Management separate?
Are these 3 different modules that you have to purchase separately or are they included in one suite?
Hi Anne,
If you are refering to GRC Access Controls 5.3, Process Control 3.0 and Risk Management 3.0 - All 3 are separate.
A new version of GRC 10.0 has been launched which is currently in ramp up. This has all the above 3 in one suite.
Thanks and Best Regards,
Srihari.K -
UWL Integration - Process Control & Access Control
Hello Community,
Has anyone worked on UWL integration of Access Control 5.3 & Process Control 3.0?
Is this feasible by developing UWL custom connectors? Any hints?
(NW2004s - EP7.0)
Thanks!
DhanzHi
Even though you set risk analysis to be done at single in RAR , it will automatically consider following type if done from CUP
1. SOD conflict
2.Critical action
3. Critical Permission
If you want to have only SOD risk analysis ,then deactivate all critical action rules in RAR OR create a new ruleset and assign all SOD risk to it and use with CUP .
Thanks & Regards
Asheesh -
Users in different systems GRC Access Controls
Hello
Today we have more than 40 systems (dev, quality, prod)
We use access enforcer for provisioning to all these 40 systems.
Is there a way for us to find out if a user account exists in these 40 systems (connectors)?
Example:
User RAMSEY exists in quality, fix, prod r3
exists in prod bw etc.,
Can we find this information in any of the GRC Access Controls products?
ThanksSorry, Prakash. This fuctionality does not exist in CUP. It used to exist in early versions of Access Enforcer (AE.NET). This is a good feature and lots of cutomers want this feature. I hope SAP includes it.
You can find the user using RAR (CC) but again it will be maunal process. You can go to informer -> risk analysis. Over there you can select the system and search for user. If the user exists, it will show up. This will not work, if you have not done user sync from SAP system to RAR.
Regards,
Alpesh Parmar
SAP GRC Manager (PwC) -
We just wrote an AE program and is called through the vanilla SYSTEM PROCESS REQUEST.
It's running on a daily basis ie. with RECURRENCE.
Now we need to call the same program through the regular page run control request.
But we are not how to recognize from inside the AE program if whether it's been called from SYSTEM PROCESS REQUEST or RUN CONTROL REQUEST.
Any of you might have suggestion ?
Any technique or workaround is also appreciated.
THANKS in Advance .This AE pgm is currently automatically called from SYSTEM PROCESS REQUEST on a daily basis to load data from an input file deposited on the server ready for pickup.
We would like to use the same AE pgm ( thus using the same validation and loading logic ) to load the same file format but defined by the user ( via attachment load ) as needed any time during the day.
The user will initiate this AE pgm online ( ie. from a page with his parameters ).
Currently, the pgm now already runs automatically daily and we wish to make it also available to be run by user anytime in the day
To achieve that, we would need to know:
Is the AE pgm ran by (a) the user or by the (b) SYSTEM PROCESS REQUEST so that the program can decide of where to take input file.
(a) Take from an attachment defined by user or (b) from the input file already deposited on the server for pickup
That is the reason why we try to detect who called the AE pgm in order decide where to pickup the input file.
Your help is much appreciated as I do researches but so far haven't gotten a concluded decision.
Thank you.
Message was edited by: Kel_123 -
Link does not work for
End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System 5.4
How do we get Cisco to fix?
see attachmentGive it a couple of days - it looks like they just sent out the notification before the notice was published on the public page.
Once the ACS 5.4 EoS/EoL notice is published you should see it linked from this page. -
Integrating with external access control system
Hi,
I am new at the network but have read a lot recently about the above subject as much as I could. However, I am a bit mixed up at something. I understand in order to update SAP HR module with employees time and attendance logs I need to interface with a certified PDC interface => (SAP ECC - PLANT DATA COLLECTION - TIME & ATTENDANCE AND EMPLOYEE EXPENDITURES (HR-PDC)
I wish to develop a system that updates the the SAP HR with employee attendance logs. In addition I also wish enroll new employees into my access control system database by polling the SAP HR database.
Now my question is if I use .NET connector:
1. Does the connector it include functions that can help with the above requirements?
2. Is the use of PDC interface here still a must?
ThanksFor time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
I hope this answer will help. -
Integrating SAP HCM with third party Access Control System
Hi Experts,
We have client using SAP HCM and intend procuring an Access Control Solution to manage her people.
What the client wants to avoid though is having to create a new employee in SAP HCM and manually creating same in the Access Control Software. Is there a way this can be automated such that upon recruitment of new staff, the data is updated in the Access Control DB which uses MS SQL? If this is possible, what is required to get this working well.
Thanks for your support in this regard.
Regards
JohnFor time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
I hope this answer will help. -
Process to activate access control dynamiclly
Hello,
I would like to make a process that activate the access control to a specific button, page..etc dynamically according to a condition, something like:
" Assign access control (view,edit,admin) of (page#, button..) to user (x) when (condition)"
How can I do that?
Thanks in advance,
Edited by: Najla on Jan 17, 2013 12:19 AMHi Najla,
you can use authorization schemes:
http://docs.oracle.com/cd/E37097_01/doc/doc.42/e35125/sec_authorization.htm#BABEDFGB
Br,
Marko Goricki
http://apexbyg.blogspot.com/ -
Access Control- Maximum number of RTA systems to connect to Access Control
Hi,
Is there a limit to the maximum number of RTA systems that can be connected to the GRC Access Control server ?
Thanks And Regards.
andg.Dear Andg and Himadama,
The most recent SAP GRC Access Control 5.3 Installation Guide, published September, 2009, references the break-down of JCo connector information in Section 5. Post-Installation Configuration:
5.1.1 Creating JCo Connections to Backend Systems:
http://www.service.sap.com/
http://service.sap.com/swdc
http://help.sap.com
http://service.sap.com/bestpractices
http://www.sap.com/bestpractices
Perhaps this excerpt may clarify the utilization options for SAP JCo connections in GRC Access Control 5.3 as of SP09.
Thank you,
Shiela
Edited by: Shiela Maria Mangravito on Apr 1, 2010 1:50 PM -
System Process Running out of Control - Overheating!
The other day I arrived home and went to check my e mail and found my computer running at full tilt with the fans going all out and the case quite hot. I thought maybe I had left dashboard open all day as I have done this before with similar results, but this was not the case.
I quit all programs and re started and the computer started to run at close to full process.
I ran software update and installed the RAW and system update that was available, re started still there. I ran disk utility to check/repair permissions until they were good.
I ran the onyx cleaning set of stuff that clears cashes and histories.
When looking at the process monitor it shows the processor running at close to 3/4 but even with programs open in the background it shows them using little to none as expected with the process monitor on top of the list using some processor, but the little color chart below that shows process separated by programs and system show the system process running quite high.
Lastly I noted that when I restart and then let the computer sit for a few minutes at the log in screen the system must be running hard again because the fans come on. I do not know what is causing this or what next step I should take to remediate it, please help!
JeromeHi, C Jerome. If your Powerbook were actually overheating, it would put itself to sleep, so you needn't worry that it's in danger of damaging itself. I can understand your interest in calming and quieting it, though.
First, how full is your hard drive? At least 10% of its capacity or 5GB, whichever is larger, should be free at all times. If you get down to much less than that, the processor and hard drive must work very hard cycling data in and out of virtual memory, and you run a substantial risk of system crashes, hard drive directory corruption and consequent loss of data.
Do you have disk indexing turned on? Indexing your drive is only useful if you use Find By Content searches (I'm not sure that's what Spotlight calls them, because I don't use Tiger). Indexing can consume an enormous amount of processor cycles and generate a lot of heat, in addition to taking up a significant amount of hard drive space. If you don't need it, turn it off. -
We have a problem when execute the next steps in GRC Access Control 10.0
SPRO-->Governance, Risk and Compliance>Access Control--> Access Risk Analysis--> Batch RisK Analysis
We applied the next note, but problem is the same.
1563583 - SYSTEM_NO_TASK_STORAGE dump on AIX
Category
ABAP Programming Error
Runtime Errors
ASSERTION_FAILED
ABAP Program
CL_GRRM_DASHBOARD_MENU_AUTH===CP
Application Component GRC-RM
Date and Time
13.03.2013 11:50:04
|Short text
|
|
The ASSERT condition was violated.
|
|What happened?
|
|
In the running application program, the ASSERT statement recognized a
|
|
situation that should not have occurred.
|
|
The runtime error was triggered for one of these reasons:
|
|
- For the checkpoint group specified with the ASSERT statement, the
|
|
activation mode is set to "abort".
|
|
- Via a system variant, the activation mode is globally set to "abort"
|
|
for checkpoint groups in this system.
|
|
- The activation mode is set to "abort" on program level.
|
|
- The ASSERT statement is not assigned to any checkpoint group.
|
|What can you do?
|
|
Note down which actions and inputs caused the error.
|
|
|
|
|
|
To process the problem further, contact you SAP system
|
|
administrator.
|
|
|
|
Using Transaction ST22 for ABAP Dump Analysis, you can look
|
|
at and manage termination messages, and you can also
|
|
keep them for a long time.
|
|Error analysis
|
|
The following checkpoint group was used: "No checkpoint group specified"
|
|
|
|
If in the ASSERT statement the addition FIELDS was used, you can find
|
|
the content of the first 8 specified fields in the following overview:
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|
" (not used) "
|
|How to correct the error
|
|
Probably the only way to eliminate the error is to correct the program.
|
|
|
|
|
|
If the error occures in a non-modified SAP program, you may be able to
|
|
find an interim solution in an SAP Note.
|
|
If you have access to SAP Notes, carry out a search with the following
|
|
keywords:
|
|
|
|
"ASSERTION_FAILED" " "
|
|
"CL_GRRM_DASHBOARD_MENU_AUTH===CP" or "CL_GRRM_DASHBOARD_MENU_AUTH===CM001"
|
|
"IF_GRFN_MENU_ITEM_AUTH~IS_AUTHORIZED"
|
|
|
|
If you cannot solve the problem yourself and want to send an error
|
|
notification to SAP, include the following information:
|
|
|
|
1. The description of the current problem (short dump)
|
|
|
|
To save the description, choose "System->List->Save->Local File
|
|
(Unconverted)".
|
|
|
|
2. Corresponding system log
|
|
|
|
Display the system log by calling transaction SM21.
|
|
Restrict the time interval to 10 minutes before and five minutes
|
|
after the short dump. Then choose "System->List->Save->Local File
|
|
(Unconverted)".
|
|
|
|
3. If the problem occurs in a problem of your own or a modified SAP
|
|
program: The source code of the program
|
|
In the editor, choose "Utilities->More
|
|
Utilities->Upload/Download->Download".
|
|
|
|
4. Details about the conditions under which the error occurred or which
|
|
actions and input led to the error.
|
|
|
|
|
|System environment
|
|
SAP Release..... 702
|
|
SAP Basis Level. 0012
|
|
|
|
Application server... "KIO13701"
|
|
Network address...... "172.20.1.137"
|
|
Operating system..... "AIX"
|
|
Release.............. "7.1"
|
|
Hardware type........ "00F6C78E4C00"
|
|
Character length.... 16 Bits
|
|
Pointer length....... 64 Bits
|
|
Work process number.. 10
|
|
Shortdump setting.... "full"
|
|
|
|
Database server... "KIO13701"
|
|
Database type..... "DB6"
|
|
Database name..... "DGR"
|
|
Database user ID.. "SAPDGR"
|
|
|
|
Terminal.......... "192.168.0.5"
|
|
|
|
Char.set.... "C"
|
|
|
|
SAP kernel....... 720
|
|
created (date)... "Jul 8 2012 19:43:01"
|
|
create on........ "AIX 2 5 00092901D600"
|
|
Database version. "DB6_81 "
|
|
|
|
Patch level. 300
|
|
Patch text.. " "
|
|
|
|
Database............. "DB6 08.02.*, DB6 09.*, DB6 10.*"
|
|
SAP database version. 720
|
|
Operating system..... "AIX 2 5, AIX 3 5, AIX 1 6, AIX 1 7"
|
|
|
|
Memory consumption
|
|
Roll.... 0
|
|
EM...... 8379584
|
|
Heap.... 0
|
|
Page.... 16384
|
|
MM Used. 6205712
|
|
MM Free. 2170976
|
|User and Transaction
|
|
Client.............. 100
|
|
User................ "LVELASCO"
|
|
Language key........ "E"
|
|
Transaction......... " "
|
|
Transaction ID...... "51400164B1F00C40E1008000AC140189"
|
|
|
|
EPP Whole Context ID.... "5140015EB1F00C40E1008000AC140189"
|
|
EPP Connection ID....... "5140F9B0B19C1150E1008000AC140189"
|
|
EPP Caller Counter...... 1
|
|
|
|
Program............. "CL_GRRM_DASHBOARD_MENU_AUTH===CP"
|
|
Screen.............. "SAPMHTTP 0010"
|
|
Screen Line......... 2
|
|
Debugger Active..... "none"
|
|Server-Side Connection Information
|
|
Information on Caller of "HTTPS" Connection:
|
|
Plug-in Type.......... "HTTPS"
|
|
Caller IP............. "192.168.0.5"
|
|
Caller Port........... 44300
|
|
Universal Resource ID. "/sap/bc/webdynpro/sap/grfn_service_map"
|
|
|
|
Program............. "CL_GRRM_DASHBOARD_MENU_AUTH===CP"
|
|
Screen.............. "SAPMHTTP 0010"
|
|
Screen Line......... 2
|
|
|
|
Information on Caller ofr "HTTPS" Connection:
|
|
Plug-in Type.......... "HTTPS"
|
|
Caller IP............. "192.168.0.5"
|
|
Caller Port........... 44300
|
|
Universal Resource Id. "/sap/bc/webdynpro/sap/grfn_service_map"
|
|Information on where terminated
|
|
Termination occurred in the ABAP program "CL_GRRM_DASHBOARD_MENU_AUTH===CP" -
|
|
in "IF_GRFN_MENU_ITEM_AUTH~IS_AUTHORIZED".
|
|
The main program was "SAPMHTTP ".
|
|
|
|
In the source code you have the termination point in line 59
|
|
of the (Include) program "CL_GRRM_DASHBOARD_MENU_AUTH===CM001".
|
|Source Code Extract (Source code has changed)
|
|Line |SourceCde
|
| 29|
lv_dashboard = lv_value.
|
| 30|
|
| 31|
TRANSLATE lv_dashboard TO UPPER CASE.
|
| 32|
|
| 33|
CASE lv_dashboard.
|
| 34|
WHEN 'HEATMAP'.
|
| 35|
lv_report = 'GRRM_HEATMAP'.
|
| 36|
|
| 37|
WHEN 'LOSS_OVERVIEW' OR 'LOSS_STRUCTURE' OR 'OB_LOSS_OVERVIEW' OR 'OB_LOSS_STRUCTU|
| 38|
lv_report = 'GRRM_LOSS_ANALYSIS'.
|
| 39|
|
| 40|
WHEN 'OVERVIEW'.
|
| 41|
lv_report = 'GRRM_OVERVIEW'.
|
| 42|
|
| 43|
WHEN OTHERS.
|
| 44|
ASSERT 1 = 2.
|
| 45|
|
| 46|
ENDCASE.
|
| 47|
|
| 48|
EXIT.
|
| 49|
|
| 50|
ENDLOOP.
|
| 51|
|
| 52|
WHEN 'GRRM_LOSS_MATRIX' OR 'GRRM_LOSS_MATRIX_NEW'.
|
| 53|
lv_report = 'GRRM_LOSS_ANALYSIS'.
|
| 54|
|
| 55|
WHEN 'GRRM_HEATMAP_REPORT'.
|
| 56|
lv_report = 'GRRM_HEATMAP'.
|
| 57|
|
| 58|
WHEN OTHERS.
|
|>>>>>|
ASSERT 1 = 2.
|
| 60|
|
| 61| ENDCASE.
|
| 62|
|
| 63| TRY.
|
| 64|
lv_regulation_id = cl_grfn_api_regulation=>if_grfn_api_regulation~get_regulation_id( i|
| 65|
|
| 66|
ev_authorized = cl_grfn_util_rep_auth=>has_rep_auth(
|
| 67|
io_session
= io_session
|
| 68|
iv_regulation_id = lv_regulation_id
|
| 69|
iv_report
= lv_report
|
| 70|
iv_activity
= grfn0_c_activity-print
|
| 71|
|
| 72|
|
| 73|
CATCH cx_grfn_exception.
|
| 74|
ev_authorized = abap_false.
|
| 75|
|
| 76| ENDTRY.
|
| 77|
|
| 78|ENDMETHOD.
|
|Contents of system fields
|
|Name
|Val.
|
|SY-SUBRC|4
|
|SY-INDEX|2
|
|SY-TABIX|1
|
|SY-DBCNT|1
|
|SY-FDPOS|0
|
|SY-LSIND|0
|
|SY-PAGNO|0
|
|SY-LINNO|1
|
|SY-COLNO|1
|
|SY-PFKEY|
|
|SY-UCOMM|
|
|SY-TITLE|HTTP Control
|
|SY-MSGTY|
|
|SY-MSGID|
|
|SY-MSGNO|000
|
|SY-MSGV1|
|
|SY-MSGV2|
|
|SY-MSGV3|
|
|SY-MSGV4|
|
|SY-MODNO|0
|
|SY-DATUM|20130313
|
|SY-UZEIT|115004
|
|SY-XPROG|SAPCNVE
|
|SY-XFORM|CONVERSION_EXIT
|
|Active Calls/Events
|
|No. Ty.
Program
Include
Line |
|
Name
|
| 34 METHOD
CL_GRRM_DASHBOARD_MENU_AUTH===CP
CL_GRRM_DASHBOARD_MENU_AUTH===CM001
59 |
|
CL_GRRM_DASHBOARD_MENU_AUTH=>IF_GRFN_MENU_ITEM_AUTH~IS_AUTHORIZED
|
| 33 METHOD
CL_GRFN_API_MENU_ITEM_ELA=====CP
CL_GRFN_API_MENU_ITEM_ELA=====CM001 126 |
|
CL_GRFN_API_MENU_ITEM_ELA=>IF_GRFN_MENU_AUTH~ITEM_AUTH
|
| 32 METHOD
CL_GRFN_API_MENU==============CP
CL_GRFN_API_MENU==============CM003
34 |
|
CL_GRFN_API_MENU=>IF_GRFN_MENU_AUTH~ITEM_AUTH
|
| 31 METHOD
CL_GRFN_LAUNCHPAD_UIBB========CP
CL_GRFN_LAUNCHPAD_UIBB========CM006
60 |
|
CL_GRFN_LAUNCHPAD_UIBB=>IF_FPM_GUIBB_LAUNCHPAD~MODIFY
|
| 30 METHOD
CL_FPM_LAUNCHPAD_UIBB_ASSIST==CP
CL_FPM_LAUNCHPAD_UIBB_ASSIST==CM001
76 |
|
CL_FPM_LAUNCHPAD_UIBB_ASSIST=>INIT_FEEDER
|
| 29 METHOD
/1BCWDY/T2POSMRSKMLY9L6LJP5Z==CP
/1BCWDY/B_T2POSBAR6C8HPR0XTR4P
410 |
|
CL_COMPONENTCONTROLLER_CTR=>WDDOINIT
|
|
Web Dynpro Component
FPM_LAUNCHPAD_UIBB
|
|
Controller
COMPONENTCONTROLLER
|
| 28 METHOD
/1BCWDY/T2POSMRSKMLY9L6LJP5Z==CP
/1BCWDY/B_T2POSBAR6C8HPR0XTR4P
181 |
|
CLF_COMPONENTCONTROLLER_CTR=>IF_WDR_COMPONENT_DELEGATE~WD_DO_INIT
|
|
Web Dynpro Component
FPM_LAUNCHPAD_UIBB
|
|
Controller
COMPONENTCONTROLLER
|
| 27 METHOD
CL_WDR_DELEGATING_COMPONENT===CP
CL_WDR_DELEGATING_COMPONENT===CM004
9 |
|
CL_WDR_DELEGATING_COMPONENT=>DO_INIT
|
| 26 METHOD
CL_WDR_CONTROLLER=============CP
CL_WDR_CONTROLLER=============CM00V
3 |
|
CL_WDR_CONTROLLER=>INIT_CONTROLLER
|
| 25 METHOD
CL_WDR_COMPONENT==============CP
CL_WDR_COMPONENT==============CM019
24 |
|
CL_WDR_COMPONENT=>INIT_CONTROLLER
|
| 24 METHOD
CL_WDR_CONTROLLER=============CP
CL_WDR_CONTROLLER=============CM002
7 |
|
CL_WDR_CONTROLLER=>INIT
|
| 23 METHOD
CL_WDR_CLIENT_COMPONENT=======CP
CL_WDR_CLIENT_COMPONENT=======CM00E
24 |
|
CL_WDR_CLIENT_COMPONENT=>INIT
|
| 22 METHOD
CL_WDR_CLIENT_COMPONENT=======CP
CL_WDR_CLIENT_COMPONENT=======CM00A
42 |
|
CL_WDR_CLIENT_COMPONENT=>IF_WDR_COMPONENT_FACTORY~CREATE_COMPONENT
|
| 21 METHOD
CL_WDR_COMPONENT_USAGE========CP
CL_WDR_COMPONENT_USAGE========CM009
67 |
|
CL_WDR_COMPONENT_USAGE=>IF_WD_COMPONENT_USAGE~CREATE_COMPONENT
|
| 20 METHOD
CL_FPM_COMPONENT_MANAGER======CP
CL_FPM_COMPONENT_MANAGER======CM003
81 |
|
CL_FPM_COMPONENT_MANAGER=>ADD_COMPONENT
|
| 19 METHOD
CL_FPM_COMPONENT_MANAGER======CP
CL_FPM_COMPONENT_MANAGER======CM004
19 |
|
CL_FPM_COMPONENT_MANAGER=>ATTACH_COMPONENT_TO_USAGE
|
| 18 METHOD
CL_FPM========================CP
CL_FPM========================CM005
89 |
|
CL_FPM=>PROCESS_EVENT
|
| 17 METHOD
CL_FPM========================CP
CL_FPM========================CM00C
34 |
|
CL_FPM=>RUN_EVENT_LOOP
|
| 16 METHOD
CL_FPM========================CP
CL_FPM========================CM002
5 |
|
CL_FPM=>IF_FPM~RAISE_EVENT
|
| 15 METHOD
CL_FPM========================CP
CL_FPM========================CM003
11 |
|Hi Alberto,
The below Notes should resolve!
1428775
1744179
Hope this helps,
Luciana -
Hello,
I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment. I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
way. I've followed these instructions (among many other resources found along this journey) :
http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error. I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output. Please explain how to fix if you're able.
Please Note: I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
Also Note: I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
Here's my ULS output:
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request.
IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Deployment acjjg Medium The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
= 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrv Medium redirectLaunUrl after getting it from query
string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens} 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General aib0n High trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrw Medium redirectLaunUrl after getting token replacement:
https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsry Medium m_oauthAppId after NormalizeAppIdentifier()
i:0i.t|ms.sp.ext|[email protected]8df36d5d. Now getting app principal info. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr0 Medium decided that we need to do a POST to the
app. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr1 Medium m_redirectMessage: EndpointAuthorityMatches
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr2 Medium realm matched attempting to get app token
using GetAccessToken() 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth advzm High Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr3 High App token requested from appredirect.aspx
for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it. This may be a case when we do not need a token or when the app principal was not properly set up. LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
Exception Message:The Azure Access Control service is unavailable. Stacktrace: at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest().
Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General ajlz0 High Getting Error Message for Exception Microsoft.SharePoint.SPException:
The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext) at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth aib0p Medium Doing appredirect from appredirect.aspx:
in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
Execution Time=26.5933938531294 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
Your help is very much appreciated.
With Respect,
LarryYes, actually - I was able to resolve it.
However I don't know how, unfortunately. I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing. It was a daunting task, but I finished it successfully.
If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
NOTE: I'm not all impressed with the way this forum works. This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions. Completely lame. Boooooo Microsoft. -
ESYU: R12 - Order Management를 위한 Multi Org Access Control(MOAC) setup 방법
Purpose
Oracle Order Management - Version: 12.0 to 12.0
Information in this document applies to any platform.
R12의 Order Management에 대핸 Multi Org Access Control(MOAC) setup 방법에 대해 알아본다.
Solution
일반적인 MOAC Setup:
1. HRMS에서 Security Profile을 정의:
a. HRMS Management responsibility 선택
b. HRMS Manager> Security> Profile로 이동
c. Security Profile이 정의되어 있는지 확인 (OM responsibility 혹은 Site level로)
d. 만일 아직 setup 되어져 있지 않다면 Operating Units를 입력
e. 저장
Note: 만일 위 d step과 같이 새로운 security profile을 생성하였다면 concurrent program 'Security List Maintenance'를 꼭 실행해야 한다.
그렇지 않으면 multiple operating units가 OM forms의 LOV에 나타나지 않을 것이다.
이 program은 multi-org access를 validating 하기 위해 사용하는 table에 data를 생성한다.
Navigation: HRMS Management> HRMS Manager> Processes & Reports> Submit Process & Report> Security List Maintenance
2. MO Profile Options setup:
a. MO: Security Profile - 이 profile setting은 MOAC functionality를 활성화 한다.
b. MO: Default Operating Unit - 이 Operating Unit는 OM forms과 report에서 default가 될 것이며, 이를 clear 하거나 변경하기 위해 LOV를 사용할 수 있다.
Keep the MO profiles in sync:
MO: Security Profile은 site와 responsibility level로 setting 할 수 있다.
MO: Default Operating Unit은 site, responsibility, user level로 setting 할 수 있다.
Application이 원하는대로 동작되지 않는것을 발견하면 이 profile options의 setting 값을 확인한다.
3. OM setup:
R12 upgrade 시 OM Profile에서 migrate 된 새로운 OM System Parameters를 확인:
Order Management Super User> Setup> System Parameters> Values
(See <<NOTE 393646.1>>-R12 Readiness Cheat Sheet: Migrated OM Profile Options)
4. Form에서 hidden field 'Operatin Unit'를 활성화시키고 default folder로 저장:
Sales Order and Order Organizer forms
Quick Sales order and Organizer forms
Sales Agreement forms
Pricing and Availability form
Other forms
Note: Sales Order form에서 hidden field 'Operating Unit'를 'Show' 하기 전에 fotm안에 이 field를 위한 공간을 만들어 놓아야 한다.
예를 들면 Customer Number field를 짧게 하거나 Operating Unit field로 이 field를 덮어씌울수 있다.
Reference
Note 393634.1Hi Larry,
Have you considered adding the exec apps.mo_global.set_policy_context call to your connection's start-up script?
Tools -> Preferences -> Database -> Filename for connection startup scriptNot the most flexible approach, so I'm not sure if it is appropriate for your application, but just a thought. You might create distinct connection names with different start-up scripts for each org_id.
Regards,
Gary
SQL Developer Team -
Creating SOD matrix with the help of Access control default ruleset
I am creating the SOD matrix for the existing roles of CRM and HR modules. As I am the security consultant therefore does not have the functional knowledge about the conflicts for CRM and HR transactions. My question is can I use the function/actions/risks conflicts provided with the Access control 5.3 default ruleset. We are not using Access control for these systems, so I want to know whether I can take the help of AC 5.3 default risks to create the SOD matrix based on it.
For e.g, like H001 default HR risk, I would make sure not to assign PA30(maintain HR data) with the PA03/PA04(maintain personal control record) as this will result in the providing conflict "Modify payroll master data and then process payroll".
Once I have the SOD list based upon AC 5.3, I can consult the Business approver/auditor to verify and modify as per the business requirement.
Maybe I am thinking the wrong way, please provide your inputs so I can work on it. Any help appreciated.
Thanks,
Sanjay DesaiThe most important thing to keep in mind is that you need to build a rule set that reflects the customers real business risk!
What you build there will influence the way the customer will be able to continue work, assign access and perform control activities. The input HAS to come from the business!
You can use the SAP standard risk definitions as a starting point for discussions, and the HR functions are an excellent building block to identify the transactions and necessary authorization objects that allow users to perform the actions.
But the real challenge is to identify the risks as perceived/accepted by the business!
Frank.
Maybe you are looking for
-
Photoshop CS6 won't open new or existing files
I've had Photoshop CS6 for several months now and never had any problems. Until today; I can no longer open files or create a new one using either method: (File -> New) or (File -> Open). I restarted my computer this afternoon and am wondering if an
-
Move music from itunes library to ipad?
move music from itunes library to ipad?
-
Parameter in HTTP receiver adapter
Hey My requirements are: I am sending an XML to an external system. Documentation says: "XML should be in a parameter in your request called 'xmlInput'". How do I actually put my XML in this parameter? Does this have anything to do with the URL Param
-
I tried to update iOS to 7.0.6 and It says "an error occured"
I attempted to update my iphone to iOS 7.0.6 from the phone and I says "an error occurred", it gives me the option to close it or go to settings I have also attempted to update it on my macbook and it said error -50 make sure your connecting is acti
-
Error when updating thumpnails
After turning off iCloud account on Mac, and then restarting, when opening iPhoto 11, I receive a message that says library needs to be updated. Then I am asked to find missing photos that were in the librarry. I have quite a few to cancel as a re