Calling Multiple (and parallel) ActiveX instances
I'm having a problem of running multiple activeX instances using LabVIEW (apparently the problem occurs with more than 4 instances). This problem doesn't happen when I do the same thing in C (Visual Studio). I can create as many instances as I wish, but when I run methods that hang or run for a long period of time, only 4 are able to run at each moment. If I stop any one of the methods, the next one starts running.
I attached an example (in LabVIEW 8.5.1) of using the excel activeX automation, but it happens with all of the activeX's I tried so far. It even happens when using several different activeXs.
Please notice, that the problem is not with creating the instances, but when running methods of the activeX in parallel at the same time (If you run short methods that finish executing fast, you won't notice the problem).
Attachments:
Instances of Excel1.vi 23 KB
I think you're running into the max number of threads LabVIEW allocates per execution system (4 by default). All of this code is running in one VI and hence one execution system. You can do a quick test to confirm this. Select one or more of your parallel instances and create separate subVIs from them. Then go into those subVI properties and go to the Execution category. Select various execution systems for the VIs. Make one DAQ, for instance, another Instrument I/O, and another Other 1 or whatever. When you rerun your test after that you'll see all six File IO dialogs pop up simultaneously.
Even though LabVIEW is using only four threads in each execution system, it will still multitask between various things to achieve as much parallelism as possible. This is what you saw when you said that as soon as one method finished, another one would start up.
I'm not too familiar with dealing with execution systems to achieve highly scalable applications, unfortunately. Most of the time LabVIEW gives you something really good out of the box without having to think about execution systems. And when you run applications on Timed Loops, that helps LabVIEW divide up application threads better as well.
But you could start by seeing if you can divide up your ActiveX routines somehow and then duplicate the code into subVIs that run in different execution systems.
Another option is to manipulate the TreadConfig VI that ships with LabVIEW. Check out the following VI:
<LabVIEW>\vi.lib\Utility\sysinfo.llb\threadconfig.vi
You can increase the number of threads LabVIEW will allocate for each execution system to up to 8.
Here's a help topic with more info.
Message Edited by Jarrod S. on 05-12-2008 09:30 PM
Jarrod S.
National Instruments
Similar Messages
-
Hello,
I am trying to run two Signal Recovery 3830 multiplexers using a single Labview VI, but I have run into repeated difficulties. The instrument manual says to simply open up multiple instances of the instrument's ActiveX library (SR3830Comms) to communicate with multiple multiplexers. However, some test VIs I wrote seem to connect to only one multiplexer at a time. Using a simple Windows test program, I have independently verified that both multiplexers are connected properly to the computer, and that I can connect to each individual one separately. I have attached my test program, which attempts to connect to both instruments and then allow for inputs to each of them. Am I coding this (in particular, the use of multiple ActiveX instances) properly? If not, how should I go about opening multiple ActiveX instances in parallel? Thank you for your help.
Note: this was written using Labview 2010.
Attachments:
two_mux_test.vi 20 KBMost of us (like me) aren't going to have that ActiveX installed, so it's hard to say. Other than your inputs are named the same, I see nothing glaringly wrong. I would name the inputs differently - such as tack on the serial numbers.
Have you tried opening & setting up the two ActiveX sessions in series, then read in parallel?
Richard -
Multiple call managers and clusters sharing one application server
Hi
I need to program my application such that it can be shared by multiple call managers and clusters. That is, I can only have one application server, and as a result I need to tell my application from which call manager / cluster this "request" is coming from.
My question is how do we do that? do we have access to some parameters / variables, similar to "#DEVICENAME#", which can be used to pass the call manager identity to the application?
TIAUse multiple instances of your application with different URIs (assuming the instances will not have to talk to each other), then, when configuring the service on each cluster, simply reference the specific URI of the application instance for that cluster. eg: Using Tomcat to host the PhoneMessenger application for Cluster1 and Cluster2, Deploy the same application twice: PhoneMessengerForCluster1 and PhoneMessengerForCluster2. The service URL on Cluster1 might be: http://app_server/PhoneMessengerForCluster1/servlet/PhoneMessenger , and for Cluster2 it could be http://app_server/PhoneMessengerForCluster2/servlet/PhoneMessenger
-
Finalize() method being called multiple times for same object?
I got a dilly of a pickle here.
Looks like according to the Tomcat output log file that the finalize method of class User is being called MANY more times than is being constructed.
Here is the User class:
package com.db.multi;
import java.io.*;
import com.db.ui.*;
import java.util.*;
* @author DBriscoe
public class User implements Serializable {
private String userName = null;
private int score = 0;
private SocketImage img = null;
private boolean gflag = false;
private Calendar timeStamp = Calendar.getInstance();
private static int counter = 0;
/** Creates a new instance of User */
public User() { counter++;
public User(String userName) {
this.userName = userName;
counter++;
public void setGflag(boolean gflag) {
this.gflag = gflag;
public boolean getGflag() {
return gflag;
public void setScore(int score) {
this.score = score;
public int getScore() {
return score;
public void setUserName(String userName) {
this.userName = userName;
public String getUserName() {
return userName;
public void setImage(SocketImage img) {
this.img = img;
public SocketImage getImage() {
return img;
public void setTimeStamp(Calendar c) {
this.timeStamp = c;
public Calendar getTimeStamp() {
return this.timeStamp;
public boolean equals(Object obj) {
try {
if (obj instanceof User) {
User comp = (User)obj;
return comp.getUserName().equals(userName);
} else {
return false;
} catch (NullPointerException npe) {
return false;
public void finalize() {
if (userName != null && !userName.startsWith("OUTOFDATE"))
System.out.println("User " + userName + " destroyed. " + counter);
}As you can see...
Every time a User object is created, a static counter variable is incremented and then when an object is destroyed it appends the current value of that static member to the Tomcat log file (via System.out.println being executed on server side).
Below is the log file from an example run in my webapp.
Dustin
User Queue Empty, Adding User: com.db.multi.User@1a5af9f
User Dustin destroyed. 0
User Dustin destroyed. 0
User Dustin destroyed. 0
User Dustin destroyed. 0
User Dustin destroyed. 0
USER QUEUE: false
INSIDE METHOD: false
AFTER METHOD: false
User Dustin destroyed. 1
User Dustin destroyed. 1
User Dustin destroyed. 1
User Dustin destroyed. 1
USER QUEUE: false
INSIDE METHOD: false
AFTER METHOD: false
User Dustin destroyed. 2
User Dustin destroyed. 2
User Dustin destroyed. 2
User Dustin destroyed. 2
User Dustin destroyed. 2
User Dustin destroyed. 2
User Dustin destroyed. 2
User Dustin destroyed. 2
USER QUEUE: false
INSIDE METHOD: false
AFTER METHOD: false
User Dustin destroyed. 3
User Dustin destroyed. 3
User Dustin destroyed. 3
User Dustin destroyed. 3
User Dustin destroyed. 3
User Dustin destroyed. 3
User Dustin destroyed. 3
User Dustin destroyed. 3
User Dustin destroyed. 3
USER QUEUE: false
INSIDE METHOD: false
AFTER METHOD: false
User Dustin destroyed. 4
User Dustin destroyed. 4
User Dustin destroyed. 4
User Dustin destroyed. 4
User Dustin destroyed. 4
User Dustin destroyed. 4
User Dustin destroyed. 4
User Dustin destroyed. 4
User Dustin destroyed. 4
USER QUEUE: false
INSIDE METHOD: false
AFTER METHOD: false
User Dustin destroyed. 5
User Dustin destroyed. 5
User Dustin destroyed. 5
User Dustin destroyed. 5
User Dustin destroyed. 5
User Dustin destroyed. 5
User Dustin destroyed. 5
User Dustin destroyed. 5
User Dustin destroyed. 5
USER QUEUE: false
INSIDE METHOD: false
AFTER METHOD: false
User Dustin destroyed. 6
User Dustin destroyed. 6
User Dustin destroyed. 6
User Dustin destroyed. 6
User Dustin destroyed. 6
User Dustin destroyed. 6
User Dustin destroyed. 6
User Dustin destroyed. 6
User Dustin destroyed. 6
User Dustin destroyed. 6
Joe
USER QUEUE: false
INSIDE METHOD: false
AFTER METHOD: false
User Dustin pulled from Queue, Game created: Joe
User Already Placed: Dustin with Joe
User Dustin destroyed. 7
User Dustin destroyed. 7
User Dustin destroyed. 7
User Dustin destroyed. 7
User Dustin destroyed. 7
User Dustin destroyed. 7
User Dustin destroyed. 7
User Dustin destroyed. 7
User Dustin destroyed. 7
User Dustin destroyed. 7
INSIDE METHOD: false
INSIDE METHOD: false
USER QUEUE: true
INSIDE METHOD: false
INSIDE METHOD: false
User Dustin destroyed. 9
User Joe destroyed. 9
User Dustin destroyed. 9
User Dustin destroyed. 9
User Dustin destroyed. 9
User Dustin destroyed. 9
INSIDE METHOD: true
INSIDE METHOD: false
USER QUEUE: true
INSIDE METHOD: false
INSIDE METHOD: false
INSIDE METHOD: true
INSIDE METHOD: false
USER QUEUE: true
INSIDE METHOD: false
INSIDE METHOD: false
It really does seem to me like finalize is being called multiple times for the same object.
That number should incremement for every instantiated User, and finalize can only be called once for each User object.
I thought this was impossible?
Any help is appreciated!Thanks...
I am already thinking of ideas to limit the number of threads.
Unfortunately there are two threads of execution in the servlet handler, one handles requests and the other parses the collection of User objects to check for out of date timestamps, and then eliminates them if they are out of date.
The collection parsing thread is currently a javax.swing.Timer thread (Bad design I know...) so I believe that I can routinely check for timestamps in another way and fix that problem.
Just found out too that Tomcat was throwing me a ConcurrentModificationException as well, which may help explain the slew of mysterious behavior from my servlet!
The Timer thread has to go. I got to think of a better way to routinely weed out User objects from the collection.
Or perhaps, maybe I can attempt to make it thread safe???
Eg. make my User collection volatile?
Any opinions on the best approach are well appreciated. -
ABAP OO and parallel processing
Hello ABAP community,
I am trying to implement a ABAP OO scenario where i have to take into account parallel processing and processing logic in the sense of update function modules (TYPE V1).
The szenario is definied as follows:
Frame class X creates a instance of class Y and a instance of class Z.
Classes Y and Z sould be processed in parallel, so class X calls classes Y and Z.
Classes Y and Z call BAPIS and do different database changes.
If classes Y or Z have finished, the status of processing is written into a status table by caller class X.
The processing logic within class Y and class Z should be a SAP LUW in the sense of a update function module (TYP V1).
Can i use events?
(How) Should i use "call function in upgrade task"?
(How) Should i use "call function starting new task"?
What is the best method to realise that behaviour?
Many thanks for your suggestions.Hallo Christian,
I will describe you in detail, whow I have solved this
problem. May be there is a newer way ... but it works.
STEPS:
I asume you have splitt your data in packages.
1.) create a RFC-FM: Z_WAIT
It return OK or NOT OK.
This FM: does following:
DO.
call function TH_WPINFO -> until the WPINFO has more
than a certain number of lines. (==> free tasks)
ENDDO.
If it is OK ==> free tasks are available
call your FM (RFC!) like this:
CALL FUNCTION <FM>
STARTING NEW TASK ls_tasknam " Unique identifier!
DESTINATION IN GROUP p_group
PERFORMING return_info ON END OF TASK
EXPORTING
TABLES
IMPORTING
EXCEPTIONS
*:--- Take care of the order of the exceptions!
COMMUNICATION FAILURE = 3
SYSTEM_FAILURE = 2
UNFORCED_ERROR = 4
RESOURCE_FAILURE = 5
OTHERS = 1.
*:--- Then you must check the difference between
*:--- the started Calls and the received calls.
*:--- If the number increases a certain value limit_tasks.
wait until CALLED_TASK < LIMIT_TASKS up to '600' seconds.
The value should be not greater then 20!
DATA-Description:
parameters: p_group like bdfields-rfcgr default 'Server_alle'. " For example. Use the F4 help
if you have defined the report-parameter as above.
ls_tasknam ==> Just the increasing number of RFC-Calls
as Character.
RETURN_INFO is a form routine in which You can check the results. Within this Form you must call:
RECEIVE RESULTS FROM FUNCTION <FM>
TABLES: ... " The tables of your <FM> exactly the same order!
EXCEPTIONS
COMMUNICATION FAILURE = 3
SYSTEM_FAILURE = 2
UNFORCED_ERROR = 4
NO_ACTIVATE_INFOSTRUCTURE = 1.
Her eyou must count the received Calls!
And you can save them into a internal table for checking!
I hope I could help you a little bit
God luck
Michael -
Fresh install of 11.1 and "sqlplus user@instance/password" does not work
new server, windows server 2008, fresh install of 11.1.0.7 with local instance.
can connect to the instance using "sqlplus user/password" since ORACLE_SID is set,
can connect to a 9.2 remote instance using "sqlplus user@remoteinstance/password".
can't connect using "sqlplus user@localinstance/password".
<command>
l:path>set oracle_sid=localinstance
l:path>sqlplus username/password
SQL*Plus: Release 11.1.0.7.0 - Production on Mon Nov 8 13:11:02 2010
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.1.0.7.0 - Production
SQL> exit
Disconnected from Oracle Database 11g Release 11.1.0.7.0 - Production
l:\path>sqlplus username@localinstance/password
SQL*Plus: Release 11.1.0.7.0 - Production on Mon Nov 8 13:11:21 2010
Copyright (c) 1982, 2008, Oracle. All rights reserved.
ERROR:
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor
l:\path>
l:\path>sqlplus username@remoteinstance/password
SQL*Plus: Release 11.1.0.7.0 - Production on Mon Nov 8 13:11:45 2010
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.8.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.8.0 - Production
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.8.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.8.0 - Production
l:\path>
</command>
what am i doing wrong?
many thanks in advance,
stephen.=================================
A couple of important points.
First, the listener is a server side only process. It's entire purpose in life is to receive requests for connections to databases and set up those connections. Once the connection is established, the listener is out of the picture. It creates the connection. It doesn't sustain the connection. One listener, with the default name of LISTENER, running from one oracle home, listening on a single port, will serve multiple database instances of multiple versions running from multiple homes. It is an unnecessary complexity to try to have multiple listeners or to name the listener as if it belongs to a particular database. That would be like the telephone company building a separate switchboard for each customer.
Additional notes on the listener: One listener is capable of listening on multiple ports. But please notice that it is the listener using these ports, not the database instance. You can't bind a specific listener port to a specific db instance. Similarly, one listener is capable of listnening on multiple IP addresses (in the case of a server with multiple NICs) But just like the port, you can't bind a specific ip address to a specific db instance.
Second, the tnsnames.ora file is a client side issue. It's purpose is for address resolution - the tns equivalent of the 'hosts' file further down the network stack. The only reason it exists on a host machine is because that machine can also run client processes.
Assume you have the following in your tnsnames.ora:
larry =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = curley)
)Now, when you issue a connect, say like this:
$> sqlplus scott/tiger@larrytns will look in your tnsnames.ora for an entry called 'larry'. Next, tns sends a request to (PORT = 1521) on (HOST = myhost) using (PROTOCOL = TCP), asking for a connection to (SERVICE_NAME = curley).
Where is (HOST = myhost) on the network? When the request gets passed from tns to the next layer in the network stack, the name 'myhost' will get resolved to an IP address, either via a local 'hosts' file, via DNS, or possibly other less used mechanisms. You can also hard-code the ip address (HOST = 123.456.789.101) in the tnsnames.ora.
Next, the request arrives at port 1521 on myhost. Hopefully, there is a listener on myhost configured to listen on port 1521, and that listener knows about SERVICE_NAME = curley. If so, you'll be connected.
What can go wrong?
First, there may not be an entry for 'larry' in your tnsnames. In that case you get "ORA-12154: TNS:could not resolve the connect identifier specified" No need to go looking for a problem on the host, with the listener, etc. If you can't place a telephone call because you don't know the number (can't find your telephone directory (tnsnames.ora) or can't find the party you are looking for listed in it (no entry for larry)) you don't look for problems at the telephone switchboard.
Maybe the entry for larry was found, but myhost couldn't be resolved to an IP address (say there was no entry for myhost in the local hosts file). This will result in "ORA-12545: Connect failed because target host or object does not exist"
Maybe there was an entry for myserver in the local hosts file, but it specified a bad IP address. This will result in "ORA-12545: Connect failed because target host or object does not exist"
Maybe the IP was good, but there is no listener running: "ORA-12541: TNS:no listener"
Maybe the IP was good, there is a listener at myhost, but it is listening on a different port. "ORA-12560: TNS:protocol adapter error"
Maybe the IP was good, there is a listener at myhost, it is listening on the specified port, but doesn't know about SERVICE_NAME = curley. "ORA-12514: TNS:listener does not currently know of service requested in connect descriptor"
Third: If the client is on the same machine as the db instance, it is possible to connect without referencing tnsnames and without going through the listener.
Now, when you issue a connect, say like this:
$> sqlplus scott/tigertns will attempt to establish an IPC connection to the db instance. How does it know the name of the instance? It uses the current value of the enviornment variable ORACLE_SID. So...
$> export ORACLE_SID=fred
$> sqlplus scott/tigerIt will attempt to connect to the instance known as "fred". If there is no such instance, it will, of course, fail. Also, if there is no value set for ORACLE_SID, the connect will fail.
check executing instances to get the SID
[oracle@vmlnx01 ~]$ ps -ef|grep pmon|grep -v grep
oracle 4236 1 0 10:30 ? 00:00:00 ora_pmon_vlnxora1set ORACLE_SID appropriately, and connect
[oracle@vmlnx01 ~]$ export ORACLE_SID='vlnxora1
[oracle@vmlnx01 ~]$ sqlplus scott/tiger
SQL*Plus: Release 10.2.0.4.0 - Production on Wed Sep 22 10:42:37 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing optionsNow set ORACLE_SID to a bogus value, and try to connect
SQL> exit
[oracle@vmlnx01 ~]$ export ORACLE_SID=FUBAR
[oracle@vmlnx01 ~]$ sqlplus scott/tiger
SQL*Plus: Release 10.2.0.4.0 - Production on Wed Sep 22 10:42:57 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux Error: 2: No such file or directory
Enter user-name: Now set ORACLE_SID to null, and try to connect
[oracle@vmlnx01 ~]$ export ORACLE_SID=
[oracle@vmlnx01 ~]$ sqlplus /scott/tiger
SQL*Plus: Release 10.2.0.4.0 - Production on Wed Sep 22 10:43:24 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR:
ORA-12162: TNS:net service name is incorrectly specifiedOk, that is how we get from the client connection request to the listener. What about the listener's part of all this?
The listener is very simple. It's job is to listen for connection requests and make the connection (server process) between the client and the database instance. Once that connection is made, the listener is out of the picture. If you were to kill the listener, all existing connections would continue. The listener is configured with the listener.ora file, but if that file doesn't exist, the listener is quite capable of starting up with all default values. One common mistake with the listner configuration is to specify "HOST=localhost" or "HOST=127.0.01". This is a NONROUTABLE ip address. LOCALHOST and ip address 127.0.0.1 always mean "this machine on which I am sitting". So, all computers are known as "localhost" or "127.0.0.1". If you specify this address, the listener will only be capable of receiving requests from the machine on which it is running. If you specified that address in your tnsnames file - on a remote client machine - the request would be routed to the machine on which the requesting client resides. Probably not what you want.
===================================== -
Main diff between call transaction and session method
hi frnds.
my friend went for an interview they asked her whts the diff between call tran adn session?
she told more thn one transaction we can call for an session she told itseems. but he told tht by cal tran also u cn call more thn one tran it seems... so please canu help me out regarding this question? how we hve to tell in interview?
in advance thanks....Hi
Batch Input and CALL TRANSACTION are both data transfer methods. Batch Input usually are used to transfer large amount of data. For example you are implementing a new SAP project, and of course you will need some data transfer from legacy system to SAP system. If there is no standard batch input program, direct input program, you would need to write your own data transfer program and it is going to be batch input program. CALL TRANSACTION methods is real-time method, whenever you run the program CALL TRANSACTION can be triggered. CALL TRANSACTION is used especially for integration actions between two SAP systems or between different modules. Users sometimes wish to do something like that click a button or an item then SAP would inserts or changes data automatically. Here CALL TRANSACTION should be considered. You use CALL TRANSACTION and you do everything automatically, collect necessary data, call transaction and so do database update. If any error occurs, show the user them.
Batch Input
With the Batch Input method, an ABAP program reads the external data that is to be entered in the R/3 System and stores the data in a batch input session. The session records the actions that are required to transfer data into the system using normal SAP transactions.
When the program has generated the session, you can run the session to execute the SAP transactions in it. You can explicitly start and monitor a session with the batch input management function (by choosing System - Services - Batch Input), or have the session run in the background processing session.
It offers management of sessions, support for playing back and correcting sessions that contain errors, and detailed logging. Your program prepares the data and stores it in a batch input session. A session is a collection of transaction data for one or more transactions. Batch input sessions are maintained by the system in the batch input queue. You can process batch input sessions in the background processing system.
Your program must open a session in the queue before transferring data to it, and must close it again afterwards. All of these operations are performed by making function modules calls from the ABAP program.
The most important aspects of the session interface are:
Asynchronous processing
Transfer data for multiple transactions
Synchronous database update. During processing, no transaction is started until the previous transaction has been written to the database.
A batch input processing log is generated for each session
Sessions cannot be generated in parallel. The batch input program must not open a session until it has closed the preceding session.
CALL TRANSACTION
In the second method, your program uses the ABAP statement CALL TRANSACTION USING to run an SAP transaction. External data doesnt have to be deposited in a session for later processing. Instead, the entire batch input process takes place inline in your program. With CALL TRANSACTION USING, the system process the data more quickly than with batch input sessions. Unlike batch input sessions, CALL TRANSACTION USING does not automatically support interactive correction or logging functions.
Your program prepares the data and then calls the corresponding transaction that is then processed immediately.
The most important features of CALL TRANSACTION USING are:
Synchronous processing
Transfer of data from an individual transaction each time the statement CALL TRANSACTION USING is called
You can update the database both synchronously and asynchronously. The program specifies the update type.
Separate LUW (Logical Units of Work) for the transaction. The system executes a database commit immediately before and after the CALL TRANSACTION USING statement.
No batch input processing log -
When not using EJBs can I make BD a Singleton and cache facade instances?
Hi,
In an application which does not use EJBs can I make BD(Business Delegate) a singleton?
I was very sure about doing this but when I tried Google on the same subject the answers were'nt supportive of this but that was in the context of applications which used EJBs. And also item 4 in Effective Java isnt very supportive of caching Objects at the drop of a hat.
When not using EJBs would it be an unnecessary thing to make BD a singleton and cahce Facade instances in a BD and DAO instances in a Facade? I am planning to use a array based blocking bounded buffer for the purposes of caching. Or would it be better to make both BD and a facade as SIngletons and just cache DAOs in a Facade?
Any suggestion would be of good help to me.
Thanks a lot.Not sure I understand all your design, but you seem
to describe an architecture where requests are queued
and handled serially.Sorry if I messed up while explaining it. No, it will not be handled serially. Since the BD is a singleton multiple threads can pass messages to it simulteanously, a bit like an object of the Action class in Struts. Since I dont see having any synchronized methods in a BD requests will be handled simulteanously.
The impact on throughput of handling requests
serially (as opposed to parallelizing them) probably
outweights by far the cost of instantiating one more
object per request...Yes, I understand that but as I explained above the reqests wont be handled serially.
To be more clear, I am thinking of using any one of these two things:
1) BD(Singleton)-->Facade(Singleton, caches DAOs in a thread safe data structure)
2)1) BD(Singleton, caches Facade instances in a thread safe data structure)-->Facade(caches DAOs in a thread safe data structure).
the thread safe data structure I am planning to have is a array based bounded buffer which blocks using wait and notify mechanism.
Thank you for the reply. -
Hi Experts,
Could you please give info on Multiple and single sign on directory settings ?
Regards
Sarahi sara,
have a look on this also. u can get better idea on sign on's
this is a very deep document.............
reward me points if its usefull.................dont forget
Single Sign-On in SharePoint Portal Server 2003
This is a sample chapter from the Microsoft SharePoint Products and Technologies Resource Kit. You can obtain the complete resource kit (ISBN 0-7356-1881-X), which includes a companion CD-ROM, from Microsoft Press.
Single sign-on is a new feature in Microsoft Office SharePoint Portal Server 2003 that provides storage and mapping of credentials such as account names and passwords so that the portal sitebased applications can retrieve information from the third-party applications and back-end systems, for example, Enterprise Resource Planning (ERP) and Customer Relations Management (CRM) systems. The single sign-on functionality is implemented by the Microsoft Single Sign-On (SSOSrv) service. SSOSrv is a credential storage service that allows the saving and retrieval of credentials. The use of single sign-on functionality stops users from having to authenticate themselves more than once when the portal sitebased applications need to obtain information from other business applications and systems.
In a single sign-on environment, these back-end applications and systems are referred to as enterprise applications. To enable customers to interact with an enterprise application directly from the portal site, SharePoint Portal Server 2003 stores and maps assigned credentials within an enterprise application definition. By using application definitions, you can automate, and secure the sign-on process to the corresponding enterprise applications from a portal sitebased application.
The single sign-on functionality enables scenarios where multiple Web Parts access different enterprise applications, which each use a different type of authentication. Each Web Part can automatically sign on to its enterprise application without prompting the user to provide credentials each time. There are endless uses of single sign-on functionality within an enterprise environment. For example, lets consider two different scenariosa human resources intranet site and a business intelligence site, as follows:
A standard human resources (HR) portal site or page might include several Web Parts that display employee information from a back-end employee management system. This employee data is stored in a dedicated HR database system, frequently based on SAP or PeopleSoft. These HR databases do not support Microsoft Windows IDs, might not run on Windows-based operating systems and, in fact, might include proprietary logon protocols. The Web Parts on the portal site should retrieve the individual employee data without prompting for a separate logon. In this example, the individual employee does not have a separate logon to the HR system, but uses a group account that provides generic read access to the database. In other words, the employee does not know the user name and password required to log on to the system he or she is accessing.
An executive might use a portal site to provide a dynamic, aggregated view of relevant business information. This data is stored in two places: Siebel stores the customer relationship information, and SAP tracks accounts and payments. To see an integrated view, the portal must log on to and access both back-end systems. Prompting the user for additional passwords is an unacceptable user experience. In this example, the executive does not need to know the user names and the passwords required for logon to the back-end systems. In addition, multiple Web Parts are used to ensure this integration. By default, each Web Part separately authenticates the user to the appropriate back-end system.
As these examples show, by using single sign-on you can centralize information from multiple back-end applications through a single portal that uses application definitions. In addition, SharePoint Portal Server 2003 provides a programming interface for developers to use and extend this feature.
Single Sign-On Architecture
For each enterprise application that SharePoint Portal Server connects to, there is a corresponding enterprise application definition configured by an administrator. This application definition is used by a Web Part to integrate with the enterprise application within a portal site. The application definition controls how credentials for a particular business application are stored and mapped. The code within the Web Part uses the application definition to retrieve credentials that are then used to integrate with an enterprise application. This process is transparent to the portal site users.
There are two primary types of enterprise application definitions used with the SSOSrv service, as follows:
Individual enterprise application definitions.
In this scenario, individual users know and can manage their own credentials stored within the enterprise application definition.
Group enterprise application definitions.
In this scenario, the individual user does not know his or her credentials stored within the enterprise application definition, but is associated with a managed group account.
The single sign-on administrator, rather than the individual user, chooses the account type when configuring the enterprise application definition.
The SSOSrv service stores encrypted credentials in a Microsoft SQL Server database. When you set up the single sign-on on the job server, you specify two settings for the single sign-on database: the name of the computer running SQL Server where the credentials store will be located, and the name of the database that will become the credentials store for your Web farm. These settings are stored in the SharePoint Portal Server configuration database.
All credentials in the credentials store are encrypted using the single sign-on encryption key. When you configure single sign-on for the first time, the encryption key is created automatically. You can regenerate the key if required and re-encrypt the credentials store; for example, you might have a policy to change the key after a certain amount of time.
How Single Sign-On Works
When individual enterprise definition is used, on the first access to the Web Part that integrates with the enterprise application, if a users credentials have not been stored in the single sign-on database, the user is redirected to the logon form that prompts the user for appropriate credentials for the enterprise application. The number, the order, and the names of the fields in the logon form are configured by the administrator within the application definition; the logon form is generated automatically based on these configuration settings. The developer needs to write the code within the Web Part to check whether the credentials exist in the database, and to redirect the user to the logon form if necessary. The user-supplied credentials are then stored in the credentials store and mapped to the Windows account that is this users account for SharePoint Portal Server. Then, the user is redirected back to the original Web Part. The code in the Web Part then submits the credentials from the credentials store to the application in the way that is relevant to this application, and retrieves the necessary information that is then presented to the user within the Web Part. This process is shown in Figure 26-1. The steps are as follows:
1. A user accesses the Web Part that integrates with the enterprise application for the first time. The Web Part code checks whether the user credentials for the required application are stored in the single sign-on database. If they are stored, the process continues from step 6 in this list.
2. If there are no credentials stored for this user for the required application, the users browser is redirected to the logon form for this application.
3. The user supplies credentials for the application.
4. The supplied credentials are mapped to the users Windows account and stored in the single sign-on database.
5. User is redirected to the original Web Part.
6. The Web Part retrieves the credentials from the single sign-on database.
7. The Web Part submits the credentials to the enterprise application and retrieves the necessary information.
8. The Web Part is displayed to the user.
On subsequent access, when the user requests the Web Part, to get the necessary data from the enterprise application the credentials are retrieved from the single sign-on database. The process is transparent to the user. (See Figure 26-1.)
Figure 26-1. Accessing an enterprise application using single sign-on
When group enterprise definition is used, the account mapping is configured by the administrator. The administrator specifies the credentials for accessing the enterprise applications that are valid for all members of a Windows group. If the user who accesses the Web Part belongs to the mapped Windows group, the access credentials are already stored in the single sign-on credentials store. The code in the Web Part retrieves the credentials, submits them to the enterprise application, and retrieves the necessary information. The Web Part is then displayed to the requesting user. In this scenario, the whole process is transparent to the user. The user is not aware of any authentication information required for the enterprise application; it is only known to the administrator.
Security Recommendations Regarding the Topology of the Server Farm
When using the single sign-on service, you can help enhance security by distributing your resources in the server farm. Specifically, the configuration of the front-end Web server, the job server, and the computer storing the single sign-on database can affect security.
Less secure configuration.
Everything is deployed on one server. This configuration is less secure because the front-end Web server, the single sign-on database stored in SQL Server, and the encryption key are on the same computer. This configuration is not recommended.
More secure configuration.
Two-computer configuration where one computer is the front-end Web server. The second computer is the job server containing the single sign-on database stored in SQL Server and the encryption key.
Recommended configuration for better security.
Configuration of three or more computers in which the front-end Web server, the job server containing the encryption key, and the server containing the single sign-on database stored in SQL Server are different computers.
If you are using single sign-on in a shared services scenario, the user credentials stored in the parent server farm are available to the administrators of all child server farms. It is recommended that you run applications using single sign-on on the parent portal site only and use an iFrame in the application for child portal sites. You should disable the single sign-on service on child server farms. We will discuss how to disable the SSOSrv service later in this chapter.
Configuring Single Sign-On
To configure single sign-on for the first time, you must complete the following tasks:
1. Determine and set up necessary Windows accounts.
2. Enable the single sign-on service on the job server.
3. Configure the single sign-on settings.
4. Create a new application definition.
5. Provide account information for the application definition.
6. Enable the single sign-on service on the front-end servers.
Step 1: Set Up Single Sign-On Accounts
The SSOSrv service uses the following four types of accounts:
Configuration account for single sign-on
Single sign-on administrator account
Single sign-on service account
Enterprise application manager account
Before configuring single sign-on, you must determine and, where necessary, create and set up these accounts.
Configuration Account for Single Sign-On
Configuration Account for single sign-on is the Windows account that will be used to configure the SSO. When setting up single sign-on, you use this account to log on to the job server. This account must meet the following requirements:
Be a member of the local Administrators group on the job server.
Be a member of the local Administrators group on the computer running SQL Server that stores the single sign-on database.
Be either the same as the single sign-on administrator account, or be a member of the group account that is the single sign-on administrator account. (The single sign-on administrator account is discussed in the next section.)
Single Sign-On Administrator Account
The single sign-on administrator account can be either the Windows Global group or the individual user account, and it will be used to set up and manage the single sign-on service. This account cannot be a local domain group account or a distribution list.
Make sure that the following requirements are met for the single sign-on administrator account:
The single sign-on service account must be this user or a member of this group.
The configuration account for single sign-on must be this user or a member of this group.
We will specify this account as the single sign-on administrator account in step 3, Configure the Single Sign-On Settings on the Job Server. After it has been configured, this user account or members of this group account will have full access to the single sign-on administration pages and will be able to make configuration and application definition changes.
Single Sign-On Service Account
The single sign-on service account is the user account that will run as the single sign-on service. Make sure the following requirements are met:
The single sign-on service account must be the same as the single sign-on administrator account or a member of the group account that is the single sign-on administrator account.
The single sign-on service account must be a member of the local group STS_WPG on all servers running SharePoint Portal Server 2003 in the server farm.
To make the user a member of STS_WPG, do the following:
1. On the taskbar, click Start, point to Administrative Tools, and then click Computer Management.
2. In the console tree, under the System Tools node, expand the Local Users and Groups node.
3. Click Groups.
4. Double-click STS_WPG.
5. In the STS_WPG Properties dialog box, click Add.
6. Add the user.
The single sign-on service account must be a member of the local group SPS_WPG on all servers running SharePoint Portal Server in the server farm.
To make the user a member of SPS_WPG, do the following:
1. On the taskbar, click Start, point to Administrative Tools, and then click Computer Management.
2. In the console tree, under the System Tools node, expand the Local Users and Groups node.
3. Click Groups.
4. Double-click SPS_WPG.
5. In the SPS_WPG Properties dialog box, click Add.
6. Add the user.
The single sign-on service account must be a member of the public database role on the SharePoint Portal Server configuration database.
On a single server deployment, if the single sign-on service runs under an account that is a member of the local Administrators group, you do not need to ensure that the user has the public right on the configuration database. However, for security reasons it is recommended that you do not run the service under an account that is a member of the local Administrators group.
To assign rights on the configuration database, do the following:
1. On the SQL Server computer, open SQL Server Enterprise Manager.
2. Expand the Microsoft SQL Servers node.
3. Expand the SQL Server Group node.
4. Expand the (local) (Windows NT) node.
5. Expand the Security node.
6. Click Logins, and then do one of the following:
7. If the logon name does not exist, right-click Logins, click New Login, and then in the Name box, type the account for the user in the format DOMAIN\user_name.
8. If the logon name already exists, right-click the logon name, and then click Properties.
7. Click the Database Access tab.
8. In the Specify which databases can be accessed by this login section, select the check box for the configuration database.
9. In the Database roles for database_name section, select the public check box.
10. Click OK.
11. Close SQL Server Enterprise Manager.
The single sign-on service account must be a member of the Server Administrators server role on the SQL Server instance where the single sign-on database is located.
On a single server deployment, if the single sign-on service runs under an account that is a member of the local Administrators group, you do not need to ensure that the user is a member of Server Administrators server role on the SQL Server instance where the single sign-on database is located. However, for security reasons, it is recommended that you do not run the service under an account that is a member of the local Administrators group.
To make the user a member of the Server Administrator role
1. On the SQL Server computer, open SQL Server Enterprise Manager.
2. Expand the Microsoft SQL Servers node.
3. Expand the SQL Server Group node.
4. Expand the (local) (Windows NT) node.
5. Expand the Security node.
6. Click Logins, and then do one of the following:
If the logon name does not exist, right-click Logins, click New Login, and then in the Name box, type the account for the user in the format DOMAIN\user_name.
If the logon name already exists, right-click the logon name, and then click Properties.
7. Click the Server Roles tab.
8. Select the Server Administrators check box.
9. Click OK.
10. Close SQL Server Enterprise Manager.
Enterprise Application Manager Account
The enterprise application manager account can be the Windows Global group account, or individual user account, that will be used to set up and manage application definitions. This account cannot be a local domain group or a distribution list.
You do not need to perform any configuration steps now; we will configure this account to become the enterprise application manager account in step 3, Configure the Single Sign-On Settings on the Job Server. However, it is useful to notice the rights that this account will have after it has been specified as the enterprise application manager account, as follows:
This account or members of this group have rights to create, modify, or delete application definitions from the single sign-on administration pages.
This account or members of this group do not have rights to configure single sign-on. Only members of the single sign-on administrator account can configure single sign-on.
Rights that this user or members of this group have are automatically contained in the single sign-on administrator account.
Step 2: Enable the Single Sign-On Service on the Job Server
To enable the SSOSrv service, do the following on the job server:
1. On the taskbar, click Start, point to Administrative Tools, and then click Services.
2. On the Services management console, double-click Microsoft Single Sign-on Service.
3. Click the Logon tab.
4. Under Log on as, click This account.
5. In the This account box, type an account name that you determined as a single sign-on service account in the previous step.
6. In the Password and Confirm password boxes, type the password.
7. Click Apply.
8. Click the General tab.
9. In the Startup type list, click Automatic.
10. In the Service status section, if the service status does not display Started, click Start.
11. Click OK.
Step 3: Configure the Single Sign-On Settings on the Job Server
To configure the single sign-on settings, you must be logged on as the configuration account on the job server. As we discussed earlier in step 1, Set Up Single Sign-On Accounts, this account must be a member of the local Administrators group on the job server, and must also be a member of the group account that you specify as the single sign-on administrator account.
You cannot configure single sign-on remotely. To configure single sign-on, go to the computer running as the job server, log on as the configuration account, and then do the following:
1. On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. On the Manage Settings for Single Sign-On for server_name page, in the Server Settings section, click Manage server settings.
3. On the Manage Server Settings for Single Sign-On page, in the Single Sign-On Settings section, in the Account name box, type the name of the single sign-on administrator account that you determined in step 1, Set Up Single Sign-On Accounts. The format of the account is DOMAIN\group_name or DOMAIN\user_name.
4. In the Enterprise Application Definition Settings section, in the Account name box, type the name of the enterprise application manager account that you determined in step 1, Set Up Single Sign-On Accounts. The format of the account is DOMAIN\group_name or DOMAIN\user_name.
5. In the Database Settings section, do the following:
6. 1. In the Server name box, type the name of the database server on which you want to store the settings and account information for single sign-on.
2. 2. In the Database name box, type the name of the single sign-on database.
If the database does not exist, it is created.
6. In the Time Out Settings section, do the following:
7. 1. In the Ticket time out (in minutes) box, type the number of minutes to wait before allowing a ticket, or access token, to time out.
2. 2. In the Delete audit log records older than (in days) box, type the number of days to hold records in the audit log before deleting.
7. Click OK.
8. If a message box appears stating that you have reconfigured single sign-on, click OK.
The audit log is overwritten after the number of days you specify. Because the log contains a record of any illicit operations or logon attempts, it is recommended that you maintain backup copies of the logs. The logs reside in the single sign-on database in the SSO_Audit table. This table is automatically backed up when you back up the database.
Step 4: Create an Application Definition
To create an application definition, you need to be logged on as a member of single sign-on administrator account or as an enterprise application definition manager account. To create an application definition, do the following:
1. On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. On the Manage Settings for Single Sign-On for server_name page, in the Enterprise Application Definition Settings section, click Manage settings for enterprise application definitions.
3. On the Manage Enterprise Application Definitions page, click New Item.
4. On the Create Enterprise Application Definition page, in the Application and Contact Information section, do the following:
5. 1. In the Display name box, type a display name for this application definition.
When administrator changes the settings for the application definition at a later stage, the application definition is listed using its display name.
The display name is what the user sees on the logon form when entering credentials on the first access.
If you enter a long name with no spaces in it for the display name, the entire name might not be displayed.
2. 2. In the Application name box, type an application name for the application definition. The application name is used by developers.
If you enter a long name with no spaces in it for the application definition name, the entire name might not be displayed.
3. 3. In the Contact e-mail address box, type an e-mail address for users to contact for this application.
5. In the Account Type section, do one of the following:
6. If you want all users to log on by using a single account, select Group.
Users do not need to enter any credentials with this option.
7. If you want users to log on by using their own account information, select Individual.
Each user will have to provide credentials when accessing the Web Part for the first time.
If you specify a group account as the account type, so that all users log on by using a single account, ensure that you have the appropriate number of client licenses for the application that you are accessing.
6. In the Logon Account Information section, select one or more fields to map to the required logon information in the necessary order for this enterprise application. The number and the order of the fields are defined by the enterprise application logon requirements. For each field, do the following:
7. 1. Type a display name for each field as a reminder of the required information. For an individual user application definition, the display name is what the users see on the logon form when entering their credentials for the enterprise application. For a group application definition, the display name of the field is what the administrator sees when entering the mapped group account credentials for the enterprise application.
2. 2. If the field contains sensitive information, such as a password, click Yes for Mask so that the information is not displayed within this field when it is being filled in or viewed.
For example, for access to Oracle, you might enter the following:
Field 1 = Oracle user name
Field 2 = Oracle user password (select Yes for the Mask option)
Field 3 = Oracle database name
If you need to access the SAP application, for SAP credentials you might enter the following:
Field 1 = SAP user name
Field 2 = SAP password (select Yes for the Mask option)
Field 3 = SAP system number
Field 4 = SAP client number
Field 5 = language
7. Click OK.
Step 5: Provide Account Information for an Application Definition
After you have created the application definition, for group application definition you have to specify the logon account credentials. For individual application definitions, you can specify credentials for the users or, alternatively, the users may enter their credentials in the logon form on the first access.
To specify the logon account information for the application definition, do the following:
1. On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. On the Manage Settings for Single Sign-On for server_name page, in the Enterprise Application Definition Settings section, click Manage account information for enterprise application definitions.
3. On the Manage Account Information for an Enterprise Application Definition page, in the Account Information section, do the following:
4. 1. In the Enterprise Application Definition list, select the name of the application definition. If you created the application definition to use an individual account, the User account name box is displayed on the page. If you created the application definition to use a group account, the Group account name box is displayed.
2. 2. In the User account name or Group account name box, type the account name that will be mapped to the application credentials.
3. 3. Click OK.
4. On the Provide application_definition_display_name Account Information page, in the Logon Information section, enter the credentials to be used for the logon to the enterprise application. The number, the order and the names of the fields displayed follow configuration in the Logon Account Information section of the application definition.
Step 6: Enable the Single Sign-On Service on the Front-End Web Servers
After you have configured the single sign-on settings on the job server, you need to enable the single sign-on service of the front-end Web servers. To enable the single sign-on service on each front-end Web server, follow the instructions given earlier in step 2, Enable the Single Sign-On Service on the Job Server.
Managing Single Sign-On
After you have configured the single sign-on for the first time, you are likely to need to perform administration tasks at a later stage, including the following:
Creating and deleting the application definitions
Managing account credentials mapped within the application definitions
Regenerating, backing up, and restoring the encryption key
Enabling auditing of the encryption key
Disabling the SSOSrv service
In this section, we will discuss the single sign-on administration tasks. If you need to change your single sign-on configuration, make sure you consider the following:
The single sign-on configuration and encryption key management tasks cannot be done remotely. To configure single sign-on or manage the encryption key, go to the computer running as the job server and specify the settings locally.
If you change the job server to another server, you must reconfigure single sign-on. After changing the job server, you must delete the entire registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ssosrv\Config on the old job server.
If you reconfigure single sign-on and you want to change the account that you specified for managing the single sign-on service (the single sign-on administrator account), the user who reconfigures the single sign-on and the single sign-on service account must be a member of both the current single sign-on administrator account that manages the service and the new account that you want to specify.
Editing an Application Definition
You can edit the display name, the e-mail contact, and the logon fields for an enterprise application definition. You cannot edit the application definition name or change the account type.
To edit an application definition, do the following:
1. On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Configure the Single Sign-on component and manage enterprise application definitions for portals.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. On the Manage Settings for Single Sign-On for server_name page, in the Application Settings section, click Manage settings for enterprise application definitions.
3. On the Manage Enterprise Application Definitions page, rest the pointer on the display name for the application definition, and then click the arrow that appears.
4. On the menu that appears, click Edit.
5. On the Edit Enterprise Application Definition page, in the Application and Contact Information section, you can edit the display name and the e-mail contact.
6. In the Display Name box, type a display name for this application definition. The display name is what the user sees.
7. In the E-mail Contact box, type an e-mail address for users to contact for this application.
8. In the Account Information section, select one or more fields to map to the required logon information for this application definition.
9. Type a display name for each field as a reminder of the required information. The display names for the fields will appear on the logon page for the application.
10. To ensure that sensitive information, such as a password, is not displayed when viewing account information, click Yes for Mask?
11. Click OK.
Deleting an Application Definition
When you delete an application definition, it is removed from the single sign-on database. In addition, all credentials associated with the application definition are removed. To delete an application definition, do the following:
1. On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Configure the Single Sign-on component and manage enterprise application definitions for portals.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. 2. On the Manage Settings for Single Sign-On for server_name page, in the Application Settings section, click Manage settings for enterprise application definitions.
3. 3. On the Manage Enterprise Application Definitions page, rest the pointer on the display name for the application definition, and then click the arrow that appears.
4. 4. On the menu that appears, click Delete.
5. 5. On the confirmation message box, click OK.
Managing Account Information for an Application Definition
You can update or delete individual account information for a single application definition, or you can remove an account from all application definitions.
For group application definitions, you can update the account information, but you cannot remove the Windows account from a group application definition because there is a one-to-one correspondence between a group application definition and the account. If necessary, you can delete the group application definition.
To manage account information for an application definition, do the following:
1. On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. On the Manage Settings for Single Sign-On for server_name page, in the Enterprise Application Definition Settings section, click Manage account information for enterprise application definitions.
3. On the Manage Account Information for an Enterprise Application Definition page, in the Account Information section, do the following:
4. 1. In the Enterprise Application Definition list, select the name of the application definition.
2. 2. If you created the application definition to use an individual account, the User account name box appears. If you created the application definition to use a group account, the Group account name box appears. In the User account name or Group account name box, type the account name to modify.
4. In the Enterprise Application Definition section, you can perform one of the three operations: update the account information for the application corresponding to this application definition, delete the stored credentials for this account for this application, and delete the stored credentials for this account from all application definitions.
For individual application definitions, all three options are available. For group application definitions only the update option is available; both delete options are grayed out.
To update the account information for this application, do the following:
1. Click Update account information.
2. Click OK.
3. On the Provide application_definition_display_name Account Information page, in the Logon Information section, enter the credentials to be used for the logon to the enterprise application. The number, the order, and the names of the fields displayed follow configuration in the Logon Account Information section of the application definition.
4. Click OK.
To delete the stored credentials for this user account from this application definition, do the following:
5. 1. Click Delete stored credentials for this account from this enterprise application definition.
2. 2. Click OK.
3. 3. To delete the user credentials, click OK on the confirmation message box.
To remove this user account credentials from all application definitions, do the following:
4. 1. Click Delete stored credentials for this account from all enterprise application definitions.
2. 2. Click OK.
3. 3. To delete the user credentials from all application definitions, click OK on the confirmation message box.
Creating the Encryption Key
The encryption key is used as part of the encryption process for credentials used with single sign-on. The key helps to decrypt encrypted credentials stored in the single sign-on database. The first time you configure single sign-on and enterprise application definitions on the Manage Server Settings for Single Sign-On page, the encryption key is created automatically. You can regenerate the key if the previous credentials are compromised or if you have a policy to change the key after a certain number of days.
When you create an encryption key, you can choose to re-encrypt the existing credentials with the new key. When you re-encrypt the SSOSrv service credential store, events are logged in the Microsoft Windows Server 2003 application event log. Once re-encryption is initiated, you can monitor the application event log to verify that the credential store has been re-encrypted. Event ID 1032 is recorded in the application event log when re-encryption is started. Event ID 1033 is recorded in the application event log when re-encryption has ended. If there are any failures during re-encryption, an event is recorded in the log.
If the job server is restarted or SSOSrv is stopped on the job server during the re-encryption process, you should look in the event log for errors. If the event log reports an error, you must restart the re-encryption process from the Manage Encryption Key page.
If the re-encryption process is preempted in any way, it will have to be re-run. If the re-encryption process is preempted, it reverts back to its original state
The re-encryption process is a long-running operation. It is recommended that you change or restore the encryption key during non-peak periods.
During the re-encryption process, Write operations such as updating credentials and changing application definitions are not allowed. Read operations such as retrieving credentials continue to work as normal.
To re-encrypt the existing credentials, the single sign-on service account must be a member of the Server Administrators server role on the SQL Server instance where the single sign-on database is located. For other requirements for single sign-on service account, refer to the section Single Sign-On Service Account earlier in this chapter.
You cannot create the encryption key remotely. To re-generate the encryption key, go to the computer running as the job server, log on as the single sign-on administrator account, and do the following:
1. On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. On the Manage Settings for Single Sign-On for server_name page, in the Server Settings section, click Manage encryption key.
3. On the Manage Encryption Key page, in the Encryption Key Creation section, click Create Encryption Key.
4. On the Create Encryption Key page, to re-encrypt the credentials for the single sign-on database, select the Re-encrypt all credentials by using the new encryption key check box, and then click OK.
If you do not re-encrypt the existing credentials with the new encryption key, users must retype their credentials for individual application definitions, and administrators for group application definitions must retype group credentials.
Backing Up the Encryption Key
After creating the encryption key, you should back it up. You must back up the key to a 3.5-inch floppy disk. You should lock up the backup disk for the encryption key in a safe place.
Because the encryption key is the key that decrypts the encrypted credentials stored in the single sign-on database, the backup copy of the key should not be stored with the backup copy of the database. If a user obtains a copy of both the database and the key, the credentials stored in the database could be compromised.
You cannot back up the encryption key remotely. To back up the encryption key, go to the computer running as the job server, log on as the single sign-on administrator account, and do the following:
1. On the SharePoint Portal Server Central Administration for server_name page, in the Component Configuration section, click Manage settings for single sign-on.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. On the Manage Settings for Single Sign-On for server_name page, in the Server Settings section, click Manage encryption key.
3. Insert a 3.5-inch disk into a disk drive on the computer running as the job server.
4. On the Manage Encryption Key page, in the Encryption Key Backup section, in the Drive list, click the letter of the disk drive, and then click Back Up to back up the encryption key.
5. In the completion message box that appears, click OK.
6. Remove the 3.5-inch disk from the disk drive.
Restoring the Encryption Key
You cannot restore the encryption key remotely. To restore the encryption key, go to the computer running as the job server, log on as the single sign-on administrator account, and do the following:
1. On the SharePoint Portal Server Central Administration for Server server_name page, in the Component Configuration section, click Manage settings for single sign-on.
Alternatively, click Start, point to All Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Single Sign-On Administration.
2. On the Manage Settings for Single Sign-On for Server server_name page, in the Server Settings section, click Manage encryption key.
3. Insert a 3.5-inch disk into a disk drive on the computer running as the job server.
4. On the Manage Encryption Key page, in the Encryption Key Restore section, in the Drive list, click the letter of the disk drive, and then click Restore to restore the encryption key.
5. Click OK.
When the restore completes, the Manage Settings for Single Sign-On for Server server_name page appears.
6. Remove the 3.5-inch disk from the disk drive.
Restoring the encryption key and re-encrypting the single sign-on credentials store with the restored key is a long-running process. It is recommended that you restore the encryption key during non-peak periods.
Enabling Auditing for the Encryption Key
You should enable auditing for the encryption key. Then, if the key is read or written to, there will be an audit trail in the security log in Microsoft Windows Server 2003 Event Viewer.
To enable auditing for the encryption key, you need to modify the registry using regedit and then enable auditing using Group Policy Object Editor.
To modify the registry, do the following:
1. On the taskbar, click Start, and then click Run.
2. Type regedit and then click OK.
3. In Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ssosrv\Config.
4. Right-click Config, and then click Permissions.
5. In the Permissions for Config dialog box, click Advanced.
6. In the Advanced Security Settings for Config dialog box, click the Auditing tab, and then click Add.
7. In the Select User, Computer, or Group dialog box, in the Enter the object name to select box, type everyone.
8. Click OK.
9. In the Auditing Entry for Config dialog box, in the Failed column, select the Full Control check box, and then click OK.
10. Click OK, and then click OK again to close all dialog boxes.
11. Close Registry Editor.
To enable auditing, do the following:
1. On the taskbar, click Start, and then click Run.
2. Type mmc and then click OK.
3. In the console, on the File menu, click Add/Remove Snap-in.
4. In the Add/Remove Snap-in dialog box, on the Standalone tab, click Add.
5. In the Add Standalone Snap-in dialog box, in the Available Standalone Snap-ins list, click Group Policy Object Editor, and then click Add.
6. In the Select Group Policy Object dialog box, ensure that Local Computer appears in the Group Policy Object box, and then click Finish.
7. In the Add Standalone Snap-in dialog box, click Close.
8. In the Add/Remove Snap-in dialog box, click OK.
9. Expand the following nodes:
Local Computer Policy
Computer Configuration
Windows Settings
Security Settings
Local Policies
Audit Policy
10. In the details pane, double-click Audit object access.
11. In the Audit object access Properties dialog box, select the Failure check box, and then click OK.
You can verify that auditing is working by doing the following:
12. 1. Log off.
2. 2. Log on as a user who should not have access to the registry key.
3. 3. Try to read the registry key.
4. 4. Look in the security log in Windows Server 2003 Event Viewer for audit entries.
Disabling the Single Sign-On Service
To disable the single sign-on service on the server farm, you must disable it on each front-end Web server, on the job server, and on any server running the single sign-on service.
If you want to delete all credentials associated with application definitions, you must delete each enterprise application definition.
To disable the single sign-on service, do the following on each front-end Web server, job server, and any server running the single sign-on service:
1. On the taskbar, click Start, point to Administrative Tools, and then click Services.
2. On the Services management console, double-click Microsoft Single Sign-on Service.
3. On the General tab, in the Startup type list, click Manual.
4. In the Service status section, click Stop.
5. Click OK.
Creating a Web Part That Uses Single Sign-On
After you have configured the single sign-on and created the application definitions, you need to develop a Web Part that implements the single sign-on functionality and retrieves information from the corresponding back-end application programmatically.
SharePoint Portal Server 2003 provides a programming interface for developers to use and extend the single sign-on feature. There are two namespaces provided solely for interaction with the single sign-on functionality, as well as one class in a more generic Microsoft.SharePoint.Portal namespace, as follows:
The Microsoft.SharePoint.Portal.SingleSignOn namespace contains core classes that allow you to work with account credentials and application definitions in the single sign-on credentials store. These core classes and their functionality are listed in Table 26-1. The required assembly is Microsoft.SharePoint.Portal.SingleSignon, located in Microsoft.SharePoint.Portal.SingleSignon.dll.
The Microsoft.SharePoint.Portal.SingleSignOn.Security namespace contains two classes that control the ability to access Single Sign-On resources programmatically from the code. These two classes and their functionality are listed in Table 26-2. The required assembly is Microsoft.SharePoint.Portal.SingleSignOn.Security, located in Microsoft.SharePoint.Portal.SingleSignOn.Security.dll.
The SingleSignonLocator class in the Microsoft.SharePoint.Portal namespace allows you to locate a URL for the logon form for the SSOSrv service. It has the GetCredentialEntryUrl(strAppName, [port]) method that returns the URL for the logon form for a given application definition. The method takes two parameters: strAppName, which is a name of an application that is configured in the corresponding application definition, and the optional port number for SSL. If you do not specify the port number, and SSL is not enabled on the server, the port number will default to port 80 (that is, the port value will be omitted from the URL). If the second parameter is absent and SSL is enabled on the server, the port number is assumed to be the standard SSL port 443. However, if you require the URL returned to be formatted for SSL on a particular port, you need to specify it. For example, you would pass the specified port when the system cannot detect which SSL port to use, such as when multiple SSL port mappings exist. The required assembly for this class is Microsoft.SharePoint.Portal, located in Microsoft.SharePoint.Portal.dll.
Table 26-1. Microsoft.SharePoint.Portal.SingleSignOn Namespace Core Classes
Class Description
Application Exposes functionality to add, get, and delete enterprise application definitions
Credentials Exposes functionality to manage user and group credentials and access tokens
SSOReturnCodes Contains all the return codes for SSOSrv service that the SingleSignonException class will throw
SingleSignonException Instantiates an exception from the SSOSrv ser vice with a specific error code
Table 26-2. Microsoft.SharePoint.Portal.SingleSignOn Security Namespace Classes
Class Description
SingleSignOnPermission Allows security actions for SingleSignOnPer mission to be applied to code using declarative security.
SingleSignOnPermissionAt tribute Represents a custom permission that controls the ability to access Microsoft SharePoint Products and Technologies resources to manage user and group credentials and access tokens.
For example, lets look into a code in the Web Part that retrieves the account credentials for a back-end enterprise application from the single sign-on credentials database. The corresponding application definition is configured to use individual accounts. The code checks whether a requesting users credentials have already been stored in the single sign-on credential database. If not, the user is redirected to the Single Sign-On logon form to enter the required credentials for accessing the back-end application.
The code should implement the following sequence:
1. Call the GetCredentials method of the Credentials class. Specify the application name for which the credentials need to be retrieved from the single sign-on database.
2. If the SSOSrv service cannot find credentials for the user for the enterprise application specified, the GetCredentials method throws a SingleSignonException. If the LastErrorCode property of the SingleSignonException is SSO_E_CREDS_NOT_FOUND, call the GetCredentialEntryUrl(String) methodor the GetCredentialEntryUrl(String, Int) methodof the SingleSignonLocator class to build the URL to the single sign-on logon form.
3. After the URL for the logon form has been retrieved, redirect the browser to this URL. The logon form is created by the SSOSrv service. It prompts the user to enter credentials for the enterprise application in a number of fields. The order, the number and the display names for these fields are configured within the application definition under Logon Account Information. For example, if the enterprise application uses user name and password for authentication, two fields will be present in the logon form. For SAP, you may need five fields. After the SSOSrv service saves the credentials, the form redirects control back to the original Web Part.
The code in your Web Part will be similar to the following example that shows how to redirect the user to the logon form to save credentials for an enterprise application called SampleApp:
protected override void RenderWebPart(HtmlTextWriter writer) //RenderWebPart
string[] rgGetCredentialData = null;
try
//Try to get the credentials for this application.
//Before running this code, make sure that an individual
//application definition for application called "SampleApp"
//has been added.
Credentials.GetCredentials(1,"SampleAPP", ref rgGetCredentialData);
catch (SingleSignonException ssoe)
//This exception will be thrown if this user does not have
//credentials for the "SampleApp" application.
if(SSOReturnCodes.SSO_E_CREDS_NOT_FOUND == ssoe.LastErrorCode)
//Send the user to the single sign-on logon form.
//The logon form will:
//- Prompt the user for credentials for this application
//- Save credentials for this user for this application
//- Then redirect the user back to this Web Part
string strSSOLogonFormUrl = SingleSignonLocator.GetCredentialEntryUrl
("MyIndividualApplicationID");
writer.Write("<a href=" + strSSOLogonFormUrl +">Click here to save your
credentials for the Enterprise Application.</a>");
writer.WriteLine();
After the user credentials for the enterprise application have been stored in the single sign-on database, the custom code in the Web Part should retrieve the credentials using GetCredentials method, then submit them to the enterprise application in a manner that is relevant to this application, then retrieve the necessary data from this application, and then finally render the data in the Web Part. Referring back to Figure 26-1 that shows eight steps described in the section How Single Sign-On Works, the preceding code corresponds to steps 1 through 5. In addition to this code, you have to implement steps 6 through 8.
Your code for interacting with the enterprise application such as submitting credentials and retrieving information will be different depending on the type of application you are accessing. You need to consider that in an enterprise environment, where a user interacts with many systems and applications, it is likely that the environment does not maintain the user context through multiple processes, products, and computers. This user context is crucial to provide single sign-on capabilities because it is necessary to verify who initiated the original request. To overcome this problem, SharePoint Portal Server provides ability to use a Single Sign-On (SSO) ticket (not a Kerberos ticket). An SSO ticket is an encrypted access token that can be used to get the credentials that correspond to the user who made the original request. Also, in the enterprise environment you might consider using Microsoft BizTalk Server as a transformation engine for the authentication requests, as well as requests for data, between your Web Part and a format that is understood by the enterprise application.
An example of such enterprise application integration (EAI) infrastructure is shown in Figure 26-2. In this scenario, a Web Part gets the information from a line of business (LOB) back-end application using BizTalk Server 2004. The LOB application requires authentication. In this example, we will assume that the enterprise application definition for the LOB application has already been created, and the user credentials have been stored in the SSO database.
The authentication process shown in Figure 26-2 consists of several steps, as follows:
1. The Web Part calls Microsoft.SharePoint.Portal.SingleSignon.Credentials.ReserveCredentialTicket() with the user. This method reserves a credential ticket for the user and then returns an encrypted access token (SSO ticket) to the calling Web Part.
2. The Web Part passes the SSO ticket to the BizTalk Server 2004 native SOAP adapter by calling a Web service that runs on BizTalk Server. The SSO ticket is passed within the header of the SOAP request. When the SOAP adapter receives a request containing an SSO ticket, the ticket is stored as the SSO Ticket property in the conte -
OSB example calling multiple business services using a single proxy service???
Hi,
I have three business services created using http urls i.e.
1. LoginBS
2. GetListBS
3. LogoutBS
My requirement is to get a list of names from GetListBS using a single proxy service and to call GetListBS I have to first call LoginBS then GetListBS i.e. after authentication and then finally logout.
Kindly help with a detailed example for this and I am new to OSB.
Thanks,
VikHi Eric,
Thanks for the response. We figured that it is possible to call multiple services with Split Join. However, we ran into the issue you described. We had a blocking call and had to wait until each of the services returned a response.
However, we needed a Async model for our design and felt that this might not be a right fit.
We are now looking at implementing the publish option with QoS configured as this fits our usecase better. Thanks for the help again.
Rudraksh -
VMWare Fusion and Parallels Desktop Benchmark Comparison
This is a quickie benchmark of VMWare Fusion and Parallels Desktop using Super PI, PC Mark 05, and Passmark.
VMWare Fusion 36932
Parallels Desktop 3094 Beta 2
Notes:
Both virtual machines were allocated with large 10+ GB virtual disks and 640MB of RAM. The VMWare CPU was configured with two processors. The Parallels CPU was configured with 1 (two is not available). VMWare reported the CPU as 1 physical, 2 logical processors running at 2.66 GHz while Parallels reported 1 physical, 1 logical processor running at 9.6 GHz (the combined speed of all four cores on the Mac Pro). The max observed CPU utilization in activity monitor when running under VMWare was 200% and max under Parallels was 173%.
I chose not to compare 1 VMWare CPU vs. 1 Parallels CPU. While Parallels does not support SMP or multithreaded processes on multiple processors the CPU utilization on the Mac went well above 1 core (173%). For this comparison, I wanted to see results of max processing based on what the two vendors have delivered, as opposed to benchmarking the underlying "virtual or hypervisor cpu" on a 1:1 basis. This explains why VMWare was 2x faster than Parallels on some CPU tests.
Both of these products are beta. VMWare is running in debug mode (can not be turned off in this beta).
Caveat emptor on these stats. This was an unscientific exercise to satisfy my curiosity. Some of the extraordinary differences are highlighted with <--.
Platform:
Mac Pro 2.66 GHz, 2GB RAM, Nvidia 7300GT
Disk 1 - OS X, 73GB Raptor
Disk 2 - dedicated disk where each virtual machine image was created separate from the OS or any OS-related virtual memory files.
VMWare and Parallels guest OS: Windows XP Professional, SP 2
Comparison Benchmrk
VMWare Fusion 36932 and Parallels Desktop 3094 Beta 2
Super PI Parallels VMWare
512K 8s 9s
1M 20s 21s
4M 1m 57s 2m 03s
PC Mark 05 Parallels VMWare
CPU Test Suite N/A N/A
Memory Test Suite N/A N/A
Graphics Test Suite N/A N/A
HDD Test Suite N/A N/A
HDD - XP Startup 5.0 MB/s 19.54 MB/s <--
Physics and 3D Test failed Test failed
Transparent Windows Test failed 69.99 Windows/s
3D - Pixel Shader Test failed Test failed
Web Page Rendering 3.58 Pages/s 2.34 Pages/s
File Decrypt 71.73 MB/s 67.05 MB/s
Graphics Memory - 64 Lines 179.92 FPS 111.73 FPS
HDD - General Usage 4.82 MB/s 42.01 MB/s <--
Multithread Test 1 / Audio Comp N/A N/A
Multithread Test 1 / Video Encoding Test failed Test failed
Multithread Test 2 / Text Edit 152.85 Pages/s 138.48 Pages/s
Multithread Test 2 / Image DeComp 5.91 MPixels/s 35.4 MPixels/s <--
Multithread Test 3 / File Comp 3.22 MB/s 6.03 MB/s
Multithread Test 3 / File Encrypt 19.0 MB/s 33.26 MB/s <--
Multithread Test 3 / HDD - Virus Scan 27.91 MB/s 25.49 MB/s
Multithread Test 3 / Mem Lat - Rnd 16MB 5.34 MAcc/s 6.63 MAcc/s
File Comp N/A N/A
File DeComp N/A N/A
File Encrypt N/A N/A
File Decrypt N/A N/A
Image DeComp N/A N/A
Audio Comp N/A N/A
Multithread Test 1 / File Comp N/A N/A
Multithread Test 1 / File Encrypt N/A N/A
Multithread Test 2 / File DeComp N/A N/A
Multithread Test 2 / File Decrypt N/A N/A
Multithread Test 2 / Audio DeComp N/A N/A
Multithread Test 2 / Image DeComp N/A N/A
Memory Read - 16 MB N/A N/A
Memory Read - 8 MB N/A N/A
Memory Read - 192 kB N/A N/A
Memory Read - 4 kB N/A N/A
Memory Write - 16 MB N/A N/A
Memory Write - 8 MB N/A N/A
Memory Write - 192 kB N/A N/A
Memory Write - 4 kB N/A N/A
Memory Copy - 16 MB N/A N/A
Memory Copy - 8 MB N/A N/A
Memory Copy - 192 kB N/A N/A
Memory Copy - 4 kB N/A N/A
Memory Lat - Rnd 16 MB N/A N/A
Memory Lat - Rnd 8 MB N/A N/A
Memory Lat - Rnd 192 kB N/A N/A
Memory Lat - Rnd 4 kB N/A N/A
Transparent Windows N/A N/A
Graphics Memory - 64 Lines N/A N/A
Graphics Memory - 128 Lines N/A N/A
WMV Video Playback N/A N/A
3D - Fill Rate Multi Texturing N/A N/A
3D - Polygon Throughput Multiple Lights N/A N/A
3D - Pixel Shader N/A N/A
3D - Vertex Shader N/A N/A
HDD - XP Startup N/A N/A
HDD - Application Loading N/A N/A
HDD - General Usage N/A N/A
HDD - Virus Scan N/A N/A
HDD - File Write N/A N/A
Processor Intel Core 2 9653 MHz Processor Unknown 2661 MHz
Physical / Logical CPUs "1 Physical, 1 Logical" "1 Physical, 2 Logical"
MultiCore 1 Processor Core Multicore 2 Processor Cores
HyperThreading N/A N/A
Graphics Card Generic VGA Generic VGA
Graphics Driver Parallels Video Driver VMWare SVGA II
Co-operative adapters No No
DirectX Version 9.0c 9.0c
System Memory 640 MB 640MB
Motherboard Manufacturer N/A Intel Corporation
Motherboard Model N/A 440BX Desktop Reference Platform
Operating System Microsoft Windows XP Microsoft Windows XP
Passmark Parallels VMWare
CPU - Integer Math (MOPS) 112.35 230.31 <--
CPU - Floating Point Math (MOPS) 280.46 588.33 <--
CPU - Find Prime Numbers (OPS) 446.37 676.99 <--
CPU - SSE/3DNow! (MMPS) 2118.56 4737.13 <--
CPU - Comp (KB/s) 2994.16 5952.34 <--
CPU - Encrypt (MB/s) 18.09 36.27 <--
CPU - Image Rotation (IRPS) 598.21 1184.41 <--
CPU - String Sorting (TPS) 2118.81 3672.59 <--
Graphics 2D - Lines (TPS) 220.71 25.15 <--
Graphics 2D - Rectangles (TPS) 189.74 61.8 <--
Graphics 2D - Shapes (TPS) 39.54 13.71 <--
Graphics 2D - Fonts and Text (OPS) 190.39 75.88 <--
Graphics 2D - GUI (OPS) 439.77 63.72 <--
Memory - Allocate Small Block (MB/s) 2533.83 2526.21
Memory - Read Cached (MB/s) 1960.5 1906.27
Memory - Read Uncached (MB/s) 1871.79 1826.08
Memory - Write (MB/s) 1687.81 1545.43
Memory - Large RAM (OPS) 60.99 46.37
Disk - Sequential Read (MB/s) 102.11 76.45 <--
Disk - Sequential Write (MB/s) 58.33 50.9
Disk - Rnd Seek + RW (MB/s) 51.4 40.4
CPU Mark 711.08 1432.72 <--
2D Graphics Mark 743.31 176.5 <--
Memory Mark 599.94 580.38
Disk Mark 766.11 606.7
PassMark Rating 557.27 637.35<br>Thanks for posting these numbers - it's an interesting comparison.
I would expect the final VMWare fusion performance numbers to be quite a bit better than that of Parallels - they have almost a decade's worth of experience more than the Parallels folks in this arena, and a much larger development team to boot.
Once VMWare Fusion is released to the public, I think that you'll see a clearer distinction between the two products. VMWare will continue to appeal to the professional customer, with a more robust feature set and corporate-friendly features (and a correspondingly higher price tag); Parallels will fall more into the consumer/VirtualPC-replacement market. It will be interesting to see how Parallels will be affected when (and if) VMWare player is ported to OS X.
Interesting about the Parallels performance stats on a native partition - looks like almost enough reason to avoid the bootcamp partition approach altogether. Sharing a native windows installation with a VM in parallels is a pretty scary situation in any case, as the two environments have entirely different hardware configurations. Do-able, but there is some black magic involved (if you want to see an example of what I mean, try to move a windows installation from one machine to another w/different hardware sometime - it ain't pretty); I wouldn't try this in a production scheme unless I had REALLY good backups. -
How can I call multiple records(40) at same time as webservice ?
Hi All
My scenario is some thing like calling SOAP(Webservice) to Rfc(BAPI)
Thing is how can i call multiple records at the same time using the SOAP
adapter i.e i need to make a request to BAPI and in the BAPI response
based on the fields, i need to send to different records....it is Sync call
Can any explain me how to implement this scenario ?
Regards
Kiran lvsHI,
Please see the below link
http://help.sap.com/saphelp_nw04/helpdata/en/42/ed364cf8593eebe10000000a1553f7/content.htm
Regards
Chilla.. -
I'm calling 5 identical web service calls using a parallel for loop in BPM. Obviously the data in each slightly differs. Why would this call suspend the process and give the following errors:
handleCommunicationError( ErrorContextData, Throwable, TransitionTicket ): A technical error occurred.
Interface namespace = myNamespace
Interface name = myService
Operation name = myOperation
Connectivity type = WS
Application name = myAppName
Reference name = 8bd95deb-8cf1-453d-94e5-0576bb385149
Message Id = null
WS style = DOC
Start time of WS call = 2014-02-26 17:51:23.297
Return time of WS call = 2014-02-26 17:51:23.412
Principal name = SAP_BPM_Service
Root error message = local part cannot be "null" when creating a QName
Error message = Could not invoke service reference name 8bd95deb-8cf1-453d-94e5-0576bb385149, component name myComp application name myappname
com.sap.engine.interfaces.sca.exception.SCADASException: Could not invoke service reference name 8bd95deb-8cf1-453d-94e5-0576bb385149, component name
myCompname
at com.sap.engine.services.sca.das.SCADASImpl.invokeReference(SCADASImpl.java:341)
at com.sap.glx.adapter.app.ucon.SCADASWrapperImpl.invoke(SCADASWrapperImpl.java:101)
at com.sap.glx.adapter.app.ucon.UnifiedWebServiceCallObject.invokeWebServiceOperation(UnifiedWebServiceCallObject.java:101)
at com.sap.glx.adapter.app.ucon.UnifiedWebServiceCallClass.invoke(UnifiedWebServiceCallClass.java:178)
at com.sap.glx.core.dock.impl.DockObjectImpl.invokeMethod(DockObjectImpl.java:657)
at com.sap.glx.core.kernel.trigger.config.Script$MethodInvocation.execute(Script.java:248)
at com.sap.glx.core.kernel.trigger.config.Script.execute(Script.java:798)
at com.sap.glx.core.kernel.execution.transition.ScriptTransition.execute(ScriptTransition.java:78)
at com.sap.glx.core.kernel.execution.transition.Transition.commence(Transition.java:196)
at com.sap.glx.core.kernel.execution.LeaderWorkerPool$Follower.run(LeaderWorkerPool.java:163)
at com.sap.glx.core.resource.impl.common.WorkWrapper.run(WorkWrapper.java:58)
at com.sap.glx.core.resource.impl.j2ee.J2EEResourceImpl$Sessionizer.run(J2EEResourceImpl.java:261)
at com.sap.glx.core.resource.impl.j2ee.ServiceUserManager$ServiceUserImpersonator$1.run(ServiceUserManager.java:152)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at com.sap.glx.core.resource.impl.j2ee.ServiceUserManager$ServiceUserImpersonator.run(ServiceUserManager.java:149)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:185)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:302)
Caused by: java.lang.IllegalArgumentException: Could not process message for operation myOperation in web service plugin module.
at com.sap.engine.services.sca.plugins.ws.WebServiceImplementationInstance.accept(WebServiceImplementationInstance.java:228)
at com.sap.engine.services.sca.das.SCADASImpl.invokeReference(SCADASImpl.java:314)
... 19 more
Caused by: java.lang.IllegalArgumentException: local part cannot be "null" when creating a QName
at javax.xml.namespace.QName.<init>(QName.java:246)
at javax.xml.namespace.QName.<init>(QName.java:190)
at com.sap.engine.services.webservices.espbase.client.dynamic.impl.DInterfaceImpl.getInterfaceInvoker(DInterfaceImpl.java:126)
at com.sap.engine.services.webservices.espbase.wsdas.impl.WSDASImpl.<init>(WSDASImpl.java:43)
at com.sap.engine.services.webservices.espbase.wsdas.impl.WSDASFactoryImpl.createWSDAS(WSDASFactoryImpl.java:39)
at com.sap.engine.services.sca.plugins.ws.tools.wsdas.WsdasFactoryWrapper.createWsdas(WsdasFactoryWrapper.java:30)
at com.sap.engine.services.sca.plugins.ws.WebServiceImplementationInstance.initWsdas(WebServiceImplementationInstance.java:256)
at com.sap.
Surely if it was the service group unassign then reassign issue then none of the calls would have worked?Hi David,
While a random error is still an error it will be difficult for support to find a problem for an error which is not reproducible. It is always a faster resolution if you can determine how to provoke the error and provide those details. If we can reproduce an error on internal systems then we can fix the problem quickly and without having to access your system.
regards, Nick -
Hi All,
We are trying to access the Create Deployment method stated below
http://msdn.microsoft.com/en-us/library/windowsazure/ee460813
We have uploaded the Package in the blob and browsing the configuration file. We have checked trying to upload manually the package and config file in Azure portal and its working
fine.
Below is the code we have written for creating deployment where "AzureEcoystemCloudService" is our cloud service name where we want to deploy our package. I have also highlighted the XML creation
part.
byte[] bytes =
new byte[fupldConfig.PostedFile.ContentLength + 1];
fupldConfig.PostedFile.InputStream.Read(bytes, 0, bytes.Length);
string a = Encoding.UTF8.GetString(bytes, 0, bytes.Length);
string base64ConfigurationFile = a.ToBase64();
X509Certificate2 certificate =
CertificateUtility.GetStoreCertificate(ConfigurationManager.AppSettings["thumbprint"].ToString());
HostedService.CreateNewDeployment(certificate,
ConfigurationManager.AppSettings["SubscriptionId"].ToString(),
"2012-03-01", "AzureEcoystemCloudService", Infosys.AzureEcosystem.Entities.Enums.DeploymentSlot.staging,
"AzureEcoystemDeployment",
"http://shubhendustorage.blob.core.windows.net/shubhendustorage/Infosys.AzureEcoystem.Web.cspkg",
"AzureEcoystemDeployment", base64ConfigurationFile,
true, false);
<summary>
/// </summary>
/// <param name="certificate"></param>
/// <param name="subscriptionId"></param>
/// <param name="version"></param>
/// <param name="serviceName"></param>
/// <param name="deploymentSlot"></param>
/// <param name="name"></param>
/// <param name="packageUrl"></param>
/// <param name="label"></param>
/// <param name="base64Configuration"></param>
/// <param name="startDeployment"></param>
/// <param name="treatWarningsAsError"></param>
public static
void CreateNewDeployment(X509Certificate2 certificate,
string subscriptionId,
string version, string serviceName, Infosys.AzureEcosystem.Entities.Enums.DeploymentSlot deploymentSlot,
string name, string packageUrl,
string label, string base64Configuration,
bool startDeployment, bool treatWarningsAsError)
Uri uri = new
Uri(String.Format(Constants.CreateDeploymentUrlTemplate, subscriptionId, serviceName, deploymentSlot.ToString()));
XNamespace wa = Constants.xmlNamespace;
XDocument requestBody =
new XDocument();
String base64ConfigurationFile = base64Configuration;
String base64Label = label.ToBase64();
XElement xName = new
XElement(wa + "Name", name);
XElement xPackageUrl =
new XElement(wa +
"PackageUrl", packageUrl);
XElement xLabel = new
XElement(wa + "Label", base64Label);
XElement xConfiguration =
new XElement(wa +
"Configuration", base64ConfigurationFile);
XElement xStartDeployment =
new XElement(wa +
"StartDeployment", startDeployment.ToString().ToLower());
XElement xTreatWarningsAsError =
new XElement(wa +
"TreatWarningsAsError", treatWarningsAsError.ToString().ToLower());
XElement createDeployment =
new XElement(wa +
"CreateDeployment");
createDeployment.Add(xName);
createDeployment.Add(xPackageUrl);
createDeployment.Add(xLabel);
createDeployment.Add(xConfiguration);
createDeployment.Add(xStartDeployment);
createDeployment.Add(xTreatWarningsAsError);
requestBody.Add(createDeployment);
requestBody.Declaration =
new XDeclaration("1.0",
"UTF-8", "no");
XDocument responseBody;
RestApiUtility.InvokeRequest(
uri, Infosys.AzureEcosystem.Entities.Enums.RequestMethod.POST.ToString(),
HttpStatusCode.Accepted, requestBody, certificate, version,
out responseBody);
<summary>
/// A helper function to invoke a Service Management REST API operation.
/// Throws an ApplicationException on unexpected status code results.
/// </summary>
/// <param name="uri">The URI of the operation to invoke using a web request.</param>
/// <param name="method">The method of the web request, GET, PUT, POST, or DELETE.</param>
/// <param name="expectedCode">The expected status code.</param>
/// <param name="requestBody">The XML body to send with the web request. Use null to send no request body.</param>
/// <param name="responseBody">The XML body returned by the request, if any.</param>
/// <returns>The requestId returned by the operation.</returns>
public static
string InvokeRequest(
Uri uri,
string method,
HttpStatusCode expectedCode,
XDocument requestBody,
X509Certificate2 certificate,
string version,
out XDocument responseBody)
responseBody =
null;
string requestId = String.Empty;
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri);
request.Method = method;
request.Headers.Add("x-ms-Version", version);
request.ClientCertificates.Add(certificate);
request.ContentType =
"application/xml";
if (requestBody != null)
using (Stream requestStream = request.GetRequestStream())
using (StreamWriter streamWriter =
new StreamWriter(
requestStream, System.Text.UTF8Encoding.UTF8))
requestBody.Save(streamWriter,
SaveOptions.DisableFormatting);
HttpWebResponse response;
HttpStatusCode statusCode =
HttpStatusCode.Unused;
try
response = (HttpWebResponse)request.GetResponse();
catch (WebException ex)
// GetResponse throws a WebException for 4XX and 5XX status codes
response = (HttpWebResponse)ex.Response;
try
statusCode = response.StatusCode;
if (response.ContentLength > 0)
using (XmlReader reader =
XmlReader.Create(response.GetResponseStream()))
responseBody =
XDocument.Load(reader);
if (response.Headers !=
null)
requestId = response.Headers["x-ms-request-id"];
finally
response.Close();
if (!statusCode.Equals(expectedCode))
throw new
ApplicationException(string.Format(
"Call to {0} returned an error:{1}Status Code: {2} ({3}):{1}{4}",
uri.ToString(),
Environment.NewLine,
(int)statusCode,
statusCode,
responseBody.ToString(SaveOptions.OmitDuplicateNamespaces)));
return requestId;
But every time we are getting the below error from the line
response = (HttpWebResponse)request.GetResponse();
<Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Code>BadRequest</Code>
<Message>The specified configuration settings for Settings are invalid. Verify that the service configuration file is a valid XML file, and that role instance counts are specified as positive integers.</Message>
</Error>
Any help is appreciated.
Thanks,
ShubhenduPlease find the request XML I have found it in debug mode
<CreateDeployment xmlns="http://schemas.microsoft.com/windowsazure">
<Name>742d0a5e-2a5d-4bd0-b4ac-dc9fa0d69610</Name>
<PackageUrl>http://shubhendustorage.blob.core.windows.net/shubhendustorage/WindowsAzure1.cspkg</PackageUrl>
<Label>QXp1cmVFY295c3RlbURlcGxveW1lbnQ=</Label>
<Configuration>77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4NCjwhLS0NCiAgKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKg0KDQogIFRoaXMgZmlsZSB3YXMgZ2VuZXJhdGVkIGJ5IGEgdG9vbCBmcm9tIHRoZSBwcm9qZWN0IGZpbGU6IFNlcnZpY2VDb25maWd1cmF0aW9uLkNsb3VkLmNzY2ZnDQoNCiAgQ2hhbmdlcyB0byB0aGlzIGZpbGUgbWF5IGNhdXNlIGluY29ycmVjdCBiZWhhdmlvciBhbmQgd2lsbCBiZSBsb3N0IGlmIHRoZSBmaWxlIGlzIHJlZ2VuZXJhdGVkLg0KDQogICoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioNCi0tPg0KPFNlcnZpY2VDb25maWd1cmF0aW9uIHNlcnZpY2VOYW1lPSJXaW5kb3dzQXp1cmUxIiB4bWxucz0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS9TZXJ2aWNlSG9zdGluZy8yMDA4LzEwL1NlcnZpY2VDb25maWd1cmF0aW9uIiBvc0ZhbWlseT0iMSIgb3NWZXJzaW9uPSIqIiBzY2hlbWFWZXJzaW9uPSIyMDEyLTA1LjEuNyI+DQogIDxSb2xlIG5hbWU9IldlYlJvbGUxIj4NCiAgICA8SW5zdGFuY2VzIGNvdW50PSIyIiAvPg0KICAgIDxDb25maWd1cmF0aW9uU2V0dGluZ3M+DQogICAgICA8U2V0dGluZyBuYW1lPSJNaWNyb3NvZnQuV2luZG93c0F6dXJlLlBsdWdpbnMuRGlhZ25vc3RpY3MuQ29ubmVjdGlvblN0cmluZyIgdmFsdWU9IkRlZmF1bHRFbmRwb2ludHNQcm90b2NvbD1odHRwcztBY2NvdW50TmFtZT1zaHViaGVuZHVzdG9yYWdlO0FjY291bnRLZXk9WHIzZ3o2aUxFSkdMRHJBd1dTV3VIaUt3UklXbkFrYWo0MkFEcU5saGRKTTJwUnhnSzl4TWZEcTQ1ZHI3aDJXWUYvYUxObENnZ0FiZnhONWVBZ2lTWGc9PSIgLz4NCiAgICA8L0NvbmZpZ3VyYXRpb25TZXR0aW5ncz4NCiAgPC9Sb2xlPg0KPC9TZXJ2aWNlQ29uZmlndXJhdGlvbj4=</Configuration>
<StartDeployment>true</StartDeployment>
<TreatWarningsAsError>false</TreatWarningsAsError>
</CreateDeployment>
Shubhendu G -
A few questions about MacBooks and Parallels Desktop.
I have a few questions about MacBooks and Parallels Desktop.
1) I understand I need at least 1GB of RAM to run Parallels Desktop but what about the hard drive, is the stock 60GB drive big enough?
2) Related to question 1, even if it was big enough to allow me to install and run Windows would the 60GB drive be enough if I wanted to install a Linux distribution as well?
3) This has nothing to do with Parallels Desktop but thought I'd ask it here anyway, do Apple Stores carry just the stock MacBooks, or do they carry other configurations?
Thanks
Keith1. Depend on how intensive you use that HD for saving data on both Mac OS and XP. For standard installation on both OS X and XP, the space of 60 Gb is enough.
2. Same answer as no 1. You can install all three on that HD space, but the extra spacce available will be less and less for your data. You can save your data on external or back up on cd/dvd and erase it from the HD to keep the free space.
Remember to leave at least 2 or 3 Gb for virtual memory usage.
3. Just call them, maybe they don't have it in store stock, but by appointment they might configure one for you before your pick-up date.
Good Luck
Maybe you are looking for
-
Unable to expand Essbase server in EAS console
Hi All, I have recently installed and configured Oracle Hyperion EPM Essbase 11.1.2.2 in a distributed virtual environment (One Foundation/WLServer VM, One Essbase VM, One Oracle11g DB VM). Host OS: MS Win server 2008 x64 (SP1). I am using Native Dir
-
Reference to a specific place in document
Hello, I have a document with more than 1 page consisting of a sheet and a text. I need it to behave similarly as HTML document with elements <A name=...> and <A href=...#...>. This document consists of a sheet with a description of its elements (tex
-
Hi All, I want dynamically to output in adobe print form some fields from a table in this way. Description:<b>Text1</b> <b>text2 text3</b> Description2:<b>Text2</b> Description3: <b>Text3</b> I want to use rich text but it does not work for me . Coul
-
Transfer kodak emailed photos to iphoto
my newest question is how do you get photos emailed to you in kodak's email photo gallery to transfer to iphoto ? there is no attachment to click on or save button
-
Hi folks, I want to create a BPM which can be used for 2 different IDOCS - they are both being mapped towards the same XML flavour and then send out ... I created a "ForEach" step with 2 branches , put necessary branches to "1" and defined a receive