Authenticate Portal user using AD

Similar Messages

• Create portal user using web dynpro abap application

  Dear All,
  I would like to know is it possible to create portal user-id through web dynpro abap application.
  My requirement is
  > I have to create a web dynpro abap application. In the web dynpro abap application I have name email-id and phone number as entry fields.
  > I will click on submit, one unique id will get created. This unique id will be the login id for portal.
  I found how to create portal user using web dynpro java, but i could not find regarding web dynpro abap.
  If it is possible to create the portal users using web dynpro abap pls share the code as well.
  Regards,
  Swapnil Indulkar

  Hi swapnil,
  I think by using BAPi.. BAPI_USER_CREATE1 you can create.
  Please check this...
  Create portal user from webdynpro abap
  Creating user and assigning a group through code
  user administration su01
  How can i get the portal user id from logon ticket in the webdyn 4 ABAP
  Cheers,
  Kris.
  Edited by: kissnas on May 21, 2011 8:47 AM

• To get the Roles, Worksets, iviews assigned to portal user using webdynpro

  Hi..
  I need to display the roles, worksets, pages and iviews that are assigned to a particular portal user using WebDynpro.
  I tried to search in SDN and found a few blogs on this... but all are for DynPages. I could not find any inputs on how to achieve this in Webdynpro.
  I am listing down the blogs for your reference :
  1) /people/prakash.singh4/blog/2005/07/28/browse-roles-folders-pages-iviews-assigned-to-a-user-ep6-sp9-and-higher
  2) /people/prakash.singh4/blog/2005/09/06/create-a-sitemap-for-your-portal
  Please provide me your suggestions on how to display the roles, worksets, pages and iviews that are assigned to a particular portal user using WebDynpro.
  Thanks and Regards,
  Sayan Ghosh

  Please use following code to get all roles assigned to user:
       IWDClientUser wdUser = WDClientUser.forceLoggedInClientUser();
       IUser user = wdUser.getSAPUser();
       String strRoleID = "", strRoleDesc = "";
       IRoleFactory iRoleFactory;
       iRoleFactory = UMFactory.getRoleFactory();
       // Get All the Roles of the User
       Iterator iteratorRoles = user.getRoles(true);//prtRequest.getUser().getRoles(true);
       // Loop through all the Roles
       while(iteratorRoles.hasNext())
            strRoleID = iteratorRoles.next().toString();
            try
                 strRoleDesc = iRoleFactory.getRole(strRoleID).getDescription();
                 wdComponentAPI.getMessageManager().reportSuccess("Role: "+strRoleDesc);
            catch(Exception e)
                 wdComponentAPI.getMessageManager().reportException("Exception e: "+e, false);

• Using Exchange 5.5 to authenticate Portal Users

  I have searched through the forums and metalink for examples
  and/or instuctions on how to successfully use the Exchange 5.5
  LDAP directory to authenticate users, to no avail. I have tried
  a number of different methods with no success.
  Has anybody out there successfully acheived this and if so can
  you please post details regarding the process.

  I have the ports setup it's the FW policy that I'm having issues with.
  when I attempt to login I'm watching the ACS logs and don't see connection attempt failures from the device. I was hoping someone with the same FW has gone through this so I could compare notes and see where I have gone astray in my rule configuration.
  ej

• Adding New Portal User using PLSQL APIs

  I am trying to use the PLSQL APIs to add a new user based. Please let me know if I am on the right track. I am using Portal 3.0.8
  1) At the portal30_sso schema, I used wwwsso_ls_private.ls_create_user and it works.
  2) At the portal30 schema, I used wwsec_api.add_portal_user and it works.
  3) I used the activate_user api and it works.
  4) Still can't log on using my user name and password. The message is "Error: Authentication failed. Please try again. (WWC-41419)"
  Please help.
  null

  Here are the steps I have taken to set up Self Registration using the PL/SQL API
  1st Solution...
  1) At the portal30_sso schema, I used wwwsso_ls_private.ls_create_user and it works.
  2) At the portal30 schema, I used wwsec_api.add_portal_user and it works.
  3) I used the activate_user api and it works.
  4) Still can't log on using my user name and password. The message is "Error: Authentication failed. Please try again. (WWC-41419)"
  2nd Solution
  1st Solution...
  1) At the portal30_sso schema, I used WWSSO_API_USER_ADMIN.create_user and it works.
  2) At the portal30 schema, I used wwsec_api.add_portal_user and it works.
  3) I used the activate_user api and it works.
  4) Still can't log on using my user name and password. The message is "Error: Authentication failed. Please try again. (WWC-41419)"
  Here is a code sample of step 1.
  declare
  v_user portal30_sso.sso_user_type;
  v_err number;
  begin
  portal30_sso.wwsso_api_user_admin.create_user
  p_username => 'NEWUSER2',
  p_password => 'PASSWORD',
  p_error_code => v_err
  end;
  It would really help me out if I can get a response to see if it is possible or not to create a self-registration feature for Portal. Thank you for your help.
  null

• Deleting portal users using APIs

  Hi
  We are deleting users from portal through a java class using
  JBDC( using prepareCall and executeUpdate) . We can successfully
  delete the user from the login server using the procedure
  PORTAL30_SSO.WWSSO_API_USER_ADMIN.DELETE_USER(). However, when
  we try to delete the user from portal30 using
  PORTAL30.WWSEC_API.DELETE_PORTAL_USER()
  we get the following errors
  ERROR at line 1:
  ORA-01086: savepoint 'DELETEUSER_SAVEPOINT' never established
  ORA-06512: at "PORTAL30.WWSEC_API", line 1471
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30.WWCTX_SSO", line 849
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30.WWCTX_SSO", line 669
  ORA-06502: PL/SQL: numeric or value error
  ORA-06512: at line 1
  We can run the delete_portal_user procedure successfully as
  portal30(the owner of the portal30 schema). But when we try to
  delete a user as another dba user, we get the error shown above.
  This user has full sysdba priveleges on the portal30 schema. The
  workaround is to create another database connection in the Java
  class for the portal30 user. However they prefer to run it
  as the dba who have created the user but not as portal30.
  I checked in the JPDK documentation but there is no API to delete
  users.
  Any help is greatly appreciated.
  Many Thanks
  Raja

  I get the same thing would any answer this question please ?

• Authenticate SSAS user using ADFS

  Hi,
  We have developed some SSAS cubes, but client is not able to access then as the client is on a different domain. We need to expose our OLAP services over HTTPS and authenticate client using ADFS claims.
  Please let me know if this is possible, and how to host/ setup OLAP services over HTTPS using IIS.
  Regards,
  Ritesh

  Hi Ritesh,
  According to your description, the users and the SQL Server Analysis Service server are not on the same domain, what you want is that let user enable browse the cube data, right?
  In this case, here is a blog which describe how to connecting to SQL Server Analysis Services using a Different Domain Account that the user currently log on (SSAS on Different Domain and the user logon to another Domain), please see:
  http://blogs.technet.com/b/nraja/archive/2011/09/19/connecting-to-sql-server-analysis-services-using-a-different-domain-account-that-the-user-currently-log-on-ssas-on-different-domain-and-the-user-logon-to-another-domain.aspx
  Regards,
  Charlie Liao
  TechNet Community Support

• Portal Users using server realm

  Does anyone know to config users in server realm for portal?
  many thanks!

  "Cat Wong" <[email protected]> wrote:
  >
  Does anyone know to config users in server realm for portal?
  many thanks!Trying adding this line to your start weblogic script
  set JAVA_OPTIONS=%JAVA_OPTIONS% -Dcom.bea.p13n.usermgmt.AuthenticationProviderName=beaAuthenticator
  where beaAuthenticator is your custom authentication provider.
  Andy

• Authenticate partial SSO users using LDAP

  Hi all,
  Is it possible to authenticate a group of the Portal users using an LDAP server, i.e. not to authenticate all the users using the LDAP server. I want to do this because we have a large number of customers (over 100,000) which are already defined in the LDAP server and I donot want to re-create them into the Portal login server, also I have many Portal users defined normally using the Portal "Add User". And if there is no such option, then is it smooth to move from database authentication to the LDAP server authentication (reference for the steps is appreciated)? We are using iPlanet LDAP server which is LDAP v3 compliant.
  Best to all

  Of course, Single Sign-On implies that you are using a portal, or a cunningly-configured BSP. NTLM is only an option if using a Windows-based IIS as a proxy to your Unix box. Otherwise, you need to use the SPNEGO login module, which is not on general release (it is available on a consulting basis only - see Michael Sambeth at SAP).
  Until SAP use UME within the ABAP core, I don't see an elegant solution to this.
  - Darren

• Use User-certificates to authenticate a user?

  Hi,
  I have hit a big road block and so decided to reach for some help and information.
  I figured out later that blazeds forum can be the best place to get some channelset authentication questions answered
  I am using blazeds & Spring security on the server. As of now my application using channelset.login(username,password) to authenticate the user.
  A new requirement has been introduced to authenticate the user using  user-certificates derived from a smart card.
  I can use spring-security filters to pass the certificate to the server and the validate it. But I have open questions about channelset authentication.
  1. Is it required to call the channelset.login method inorder to use AMF Channels & StreamingAMFChannels?
  2. Can I pass user-certificate instead of password in a login call and still authenticate the channelset?
  3. I have to use the channelsets , so is there way to bypass username , Password based authentication?
  Thanks,

  Hi,
  I have hit a big road block and so decided to reach for some help and information.
  I figured out later that blazeds forum can be the best place to get some channelset authentication questions answered
  I am using blazeds & Spring security on the server. As of now my application using channelset.login(username,password) to authenticate the user.
  A new requirement has been introduced to authenticate the user using  user-certificates derived from a smart card.
  I can use spring-security filters to pass the certificate to the server and the validate it. But I have open questions about channelset authentication.
  1. Is it required to call the channelset.login method inorder to use AMF Channels & StreamingAMFChannels?
  2. Can I pass user-certificate instead of password in a login call and still authenticate the channelset?
  3. I have to use the channelsets , so is there way to bypass username , Password based authentication?
  Thanks,

• Unable to get Portal User in a Remote DB

  Hello,
  We are developing an application with Portal on Instance A and the application tables on Instance B. We have DB triggers on the application tables in B and would like to capture the Portal USER using wwctx_api.get_user. Have created a DB link and PUBLIC SYNONYM in B to access the package in A. However, when we call the function in B, we get the following error -
  ORA-00164: autonomous transaction disallowed within distributed transaction.
  Has anyone tried something similar?
  Thanks.

  Hi,
  If you submit your form to a procedure in the portal instance you can get the portal user inside of this procedure.
  you can then send this value to the table in the other instance.
  Regards
  Michael

• Mapping between portal user and business partner

  Hello all,
  I would like to store data of portal users using a business partner in an ERP system. How to map a portal user to a business partner? My idea was to store the business partner ID in a field of the portal user. But there is no such field.
  Thanks for your help!
  Felix

  Hi Felix,
  user mapping involves creation of a system object and the corresponding system alias, and then assigning this system alias to the user( this is what is called user mapping in this context). and then you create a corresponding iView for the same and assign this iView to a role where the user is already having this role.
  This is the common steps for user mapping when connecting with external landscapes. I hope the partner mentioned is a specific type
  <a href="https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/4361">Try this link</a>
  under this concentrate on the system object creation area.
  and I hope you have a particular role already assigned to your role.
  Cheers

• Creating users using portal30.wwsec_api_add_portal_user

  I am running 3.0.9.8.2 on 9.0.1 on Windows 2000.
  I have attempted to create a portal user using portal30.wwsec_api.add_portal_user (run as portal30). I then attempt to activate the account using portal30.wwsec_api.activate_portal_user. However, although both execute successfully, when I login as portal30, I can't see the user I have just created.
  Also, if I attempt to run the routine again, the portal30.wwsec_api.user_exists_exception is raised (which makes sense but doesn't solve the problem).
  Any ideas? Am I missing something fundamental?
  Also, is the initial password set to the username when this routine is used?
  Thanks for your help,
  Gillian

  I change the code to include "portal30.wwctx_api.get_user()" that way I know now that the user without login is "PUBLIC" so I change the permissions to include ANY_USERS/CREATE and ANY_GROUP/MANAGE but I'm still receiving the "portal30.wwsec_api.access_denied_exception" exception.
  What else can I do?
  Regards
  Alejandro Chirinos
  [email protected]

• Can I use SAP HR to drive ESS Portal user creation?

  Hello
  We are implementing a new instance of SAP HR and Portal for ESS and MSS and I am not sure of all the steps that need to be completed so any guidance / tips would be greatly appreciated.
  Company currently has an LDAP - but not used extensively. Not all employees currently in LDAP as not all have network ids. All employees will have a SAP account to enable ESS (via Kiosks etc).  ESS iViews in Portal will call SAP HR and possibly SAP BW.  We have an instance of SAP already and user admin maintained via CUA - this will continue.
  Scenario:
  My initial thoughts are that we try to use SAP HR as the leading system to drive the ESS Portal users and access.  Basically I want to create the user in SAP and assign them an ESS SAP role... then through syncronization have the user created in the Portal and have the correct ESS Portal assigned (in the Portal)
  My thinking so far is to go the following way;
  1) Create User Master Record in SAP (SU01)
  2) Hire employee into the org structure (via HR processes)
  3) Populate Infotype 0105 with SAP username
  4) Populate Infortype 1016 - with SAP role to be assigned to allow ESS access (not sure about this aspect) or role could be assigned in 1) above
  I am not sure of the next steps - I think there must be a way in an SAP table to map the ESS SAP role to the ESS Portal Role (is this via WP3R?)
  then I am hoping that a standard job can be run (is this RSLDAPSYNC_USER) that will create the user in the Portal (UME?) and assign the correct Portal role ?
  (obviously configuration needed)
  For MSS and HR Power users - we would continue to assign SAP roles via SU01.
  Can anyone assist with;
  - Is my thinking correct in terms of how this should / could work?
  - in SAP how can I map SAP Roles to Portal Roles ?
  - will syncronization in SAP create the user in Portal and assign the role ? what do I need to configure?
  Thanks in advance

  Dear Michale,
  I just dont know if this can throw some light on your prob.'
  In our Orgn we had around 250 ess users and 200 sapr/3 users. Some of the r/3 users also logon to ess via their r/3 uname and password.
  What we have done is like follows:
  1. Created a role for only the ess users ZHRESS. For this i asked the HR functional people with sap_all profile to do all the job which the ESS users are supposed to do and tracer the authorization via tcode st01. We created the role on the basis of this trace report.
  2. For the purely ESS users we created the users via tcode HRUSER and assigned then with the above role.
  3. For the R/3 users who are supposed to avail the ess facility we assigned them with the role ZHRESS role in addition to the other roles assigned to them to carry out their normal R/3 transactions. Then we mapped their R/3 uname to their employee no via PA30 infotype 105.
  4. Tcode HRUSER saved time  which would have consumed had we done it via su01 and moreover it picked Name etc data from the HR master table. In HRUSER tcode , setting the user attributes helps to define what roles the users are to be assigned, what should be their initial password etc.
  Pl let me know if it satisfies you querry.
  Regards

• Creating users using custom made class/UI in portal

  This is what i have to achieve,
  I need to create an interface in portal which will,
  1. Create users in the OID where the users extend a class which i have created in OID with my custom attributes.
  2. Then create them in portal and then assign them to default groups which will depend on a parameter in the user creation form.
  From reading various documents in Metalink and OTN i have understood that the wwsec_api package allows us to do all this except that it is all for a user which will extend a predefined set of classes.
  So i decided to do this
  1.Make entries into the OID using the DBMS_LDAP package using commands like
  emp_vals(1) := p_first_name;
  DBMS_LDAP.populate_mod_array(emp_array,DBMS_LDAP.MOD_ADD,'firstName',emp_vals);
  retval := DBMS_LDAP.add_s(emp_session,emp_dn,emp_array);
  2.Fire the wwsec_api.add_portal_user to create the portal user and then activate and assign him to the default group after running the provsyns.sql file
  The problem i face is that i get errors when i execute the said procedure from any other schema other than portal.
  When the procedure is recreated in the portal schema and executed it works fine.
  So i decided to create the entire package in the portal schema itself.
  Now the problem i face is that the proc would execute fine on the sql prompt but fail when called from the form created in portal based on this procedure.
  I found out that the execution fails when the wwsec_api.xxx calls are made.
  The exceptions are not specific and have the error code 1 => user defined exception
  To have a workaround for this i directly inserted into the wwsec_person$ table with no values for the GUID column( I know this is not recommended but i gave it a try)
  The insert worked fine but i still had to set his default group.I tried updating the rows for the user to set the default_group column but there seems to be a trigger on it which causes the update to fail.
  Also when i check up the wwsec_person$ table there two rows for each user that i created ,one without the GUID/default_group and the other with the GUID/default_group.I guess this is because of the trigger.
  If i try using the wwsec_api.set_defaultgroup api, the proc fails.
  It is quite interesting to note that all the steps mentioned above, grant access to the user to portal.
  But the place it fails is while setting the default group for the same which is of prime importance to me.
  Also because I am inserting directly into the tables i have also to delete them when the user is deleted, this is because i again cannot execute the delete_portal_user in the wwsec_api package from the browser.
  Surprisingly the wwsec_api.create_list function works fine.
  Once i have created the users all the manipulations like changing group memberships etc become easy as i just modify the required details in the OID itself.
  What i need is a proper/safe way to do what i have just mentioned above.
  Please help out ASAP as this is urgent.
  Regards,
  KK

  Based on your requirements, you should go about things a little differently...
  You have written your custom DBMS_LDAP code to create and populate the user entry including your custom objectclasses - good.
  You don't need to create the user profile in the Portal schema at all.
  To set the default group, just set the orcldefaultprofilegroup attribute in the user entry in OID. This should be set to the DN of the default group.
  When the user logs on, his profile will automatically be created, and the default group will also sync up with the user entry in OID (patch required - 2830252).
  Also, you should have DIP provisioning running so that updates to the orcldefaultprofilegroup attribute in OID are subsequently conveyed to the portal schema. It will also take care of automatically deleting the user profile from the portal if the user is removed from OID.
  Please see the Portal Configuration Guide on how to enable and activate the Directory Integration Platform (DIP) provisioning integration between OID and Portal