Configuration Issue in User Mapping ..

Hi,
Pls help resolve this issue..
When i go to <b>" UserMapping "</b> option using the <b>"Personalize "</b> link , i get the following error msg..
"There is a configuration issue which leads to problem when accessing user mapping data for the selected backend system"
Also , if i go thru "User Administration -> User Mapping "
then it says,
--"There is a configuration issue which leads to problem when accessing user mapping data for the selected backend system  .
Usually reason is user mapping being configured for Strong encryption, but necessary additional files might be missing.Check Security log file for information "--
I am not able to solve this problem..Pls help
Thanks in advance

Hi Venkat,
<b>Here the quick and dirty solution</b>:
In your portal go to 'System Administration' -> 'System Configuration' -> 'UM Configuration' -> 'Direct Editing'.
There locate the parameter 'ume.usermapping.unsecure', set it to 'TRUE' and restart your server.
I would rather recommend to install the unlimited strength jurisdiction policy files.
For more info on this, check this thread:
JCE Jurisdiction does not allow Portal to start
Hope this helps,
Robert

Similar Messages

  • Issue with user mapping and SAP reference system

    Hello Gurus,
    I have this strange system behaviour when preparing my system for single sign-on using user mapping.
    Case 1.
    In the user management property category, I have the following defined.
    Authentication Ticket Type - SAP Logon Ticket
    Logon Method - UIDPW
    User Mapping Fields  -
    User Mapping Type - admin, user
    In the alias editor, I defined the default alias as SAP_PRD
    Result= when I go to identity management to assign the reference system (the default alias - SAP_PRD)...I do not see the system alias there.
    Case 2:
    In the user management property category, I have the following defined
    Authentication Ticket Type - SAP Logon Ticket
    Logon Method - SAPLOGONTICKET
    User Mapping Fields  -
    User Mapping Type - admin, user 
    In the alias editor, I defined the default alias as SAP_DEV
    Result, when I go to the identity management to assign the refernce system (the default alias - SAP_DEV), I see it there.
    What might be my issue? Does it mean I can't assign SAP reference if I am using UIDPW as logon method?
    Please help me.

    Hi Mahesh,
    Thanks for the feedback. I am relatively new to EP...so please I won't mind if you can guide me on how to go about this.
    This is what I did...
    I chose System Administration > Permissions
    In the PCD, I located my system with the alias, SAP_PRD
    It opened up the permission assignment area.
    Now I have these permissions set
    Administrator - Full Control
    Administrators - Full control
    com.sap.caf.eu.gp.roles.superuser - Full control
    Everyone (built in group) - Full control
    Everyone (Everyone role)- Full control
    super_admin_role - Owner
    For all the above End User box is checked.
    I can't find anyone end user group .
    Once I pick UIDPW, the alias disapperars from the reference system list.
    Please help.

  • Problem in user mapping

    Hi
    I have created one user in UME - USER1 and another in backend R3 system - USER2. Then by going to Identity Management and going to USER1, I have gone to User Mapping for System Access tab and i've given below details -
    System Selection - Selected the System alias TESTSYSTEM for R3 system
    Mapping Data - user credentials for USER2
    That is all i did for user mapping. Now, in portal, developed customised codes. And, inside code, I have hard coded USER1 and TESTSYSTEM for doing the connectivity for all the users who are trying to access backend data. Code is as below -
    IUserFactory userFact = UMFactory.getUserFactory();
    IUser myUser = userFact.getUserByLogonID("USER1");
    con = cgservice.getConnection("TESTSYSTEM", cp);
    ix = con.createInteractionEx();
    ixspec = ix.getInteractionSpec();
    Then calling BAPI.
    And i have created the system for r3 correctly. But, now i am getting below problem -
    exceptioncom.sapportals.connector.connection.ConnectionFailedException: Connection Failed: Nested Exception. Failed to get connection. Please contact your admin. error in closing connection java.lang.NullPointerException
    Please help.
    Thanks - prodyut

    Hi Naga,
    have you seen this thread from yesterday:
    Configuration Issue in User Mapping ..
    Hope it helps you resolve your problem too,
    Robert

  • SPNego for user mapping

    Hi All,
    How to use SPNego for user mapping?
    Please tell me how to configure SPNego for USer Mapping?
    Kumar

    Update User Mapping ID api
    i followed the above thread and wrote the code in a java file as below
    IPortalComponentRequest req = (IPortalComponentRequest) this.getRequest();
    IUserMappingService umapser = (IUserMappingService)
    PortalRuntime.getRuntimeResources().getService(IUserMappingService.KEY);
    IUser userid = req.getUser();
    IUserMappingData iumdata = umapser.getMappingData ("System Alias", userid);
    Map map = new HashMap ();
    try {
    map.put("user","userid");
    map.put("mappedpassword","password");
    iumdata.storeLogonData(map);
    } catch (Exception e) {response.write(e.getMessage());}
    but problem is it is throwing compilation error for  IPortalComponentRequest req = (IPortalComponentRequest) this.getRequest();(getReques() cannot be used for the type classname)
    please help me in resolving this issue
    points will be rewarded for sure.

  • User Mapping failing for SharePoint Integration..

    HI
    I am trying to integrate Sharepoint document library with SAP KM as WebDAV repository but stuck with the single sign on issue using User Mapping. It gives authorization error when try to access the library via KM and even creating a simple URL iview with the sharepoint URL gives Authorization issue. Not sure what could be the issue here. Seems like its failing somewhere at the IIS proxy level.
    The versions are EP 7.0, Sharepoint 2007, IIS6
    All the pre-reqs are done at the KM level (HTTP system, WebDAV Manager, WebDAV System, ). Also have defined the user mapping in the User's profile level. But still cant get rid of the authorization issue.
    Any pointer is really appreciated.
    Thanks
    Sandip

    Dear All
    Any pointers? Your help is really appreciated.
    Thanks
    Sandip

  • User mapping autentication with different address

    hello everybody,
    we have a SAP NTW portal version 7.0
    address is http://portal.xxx.it/irj
    inside we have some url iview with user mapping autentication.
    the iview work correctly but we decided to have a second address for portal:
    http://portal.yyy.it/irj
    when we use this address then iview don't work (not paramenter was passed to autentication).
    Configuration is correct (user mapping, system configuration, permission, etc etc)
    We have problem only when we use second address
    any suggestion?

    Hi,
    use HTTPWatch or Firebug to find out what the browser / portal submits to the URL.
    br,
    Tobias

  • Security and user mapping

    Hi all,Sorry if this is going to be an obvious answer but I’m having a few difficulties in understanding the permissions within clustered mode.I’m just trying to clarify something with regards to security at volume level. If I set up vol1 with Unix style security (all permissions eg read/write and so on) and vol2 with NTFS security (again all permission), if I set up user mappings (windows to unix and unix to windows), essentially the security style doesn’t matter as my windows mapped account can still access vol1 (unix) and my unix account can still access vol2 (ntfs security)…Is that correct?Thanks
    Aaron

    It is true that both systems will be able to access data on both volumes (assuming you have licenses for both protocols and both are configured) provided your user mapping is correct. Just keep in mind that the unix volume will always have unix permissions and the NTFS volume will have windows permissions setup. You can't add NT ACLs to the unix partition etc... Note that by default the filer will map usernames that match on both systems so you only need usermap entries when they don't match. --rdp

  • User mapping issue using SAP net weaver developer studio

    Dear All,
    I am getting below error when updating user mapping in SAP Enterprise Portal. I was able to update the data through SAP portal but not through the below code.
    Code:
    userMapData.setSystemAlias(“WebEx”);
    mappingData.put(UmeConstants.USERNAME, "user id");
                                                                   mappingData.put(UmeConstants.PASSWORD, "pasword");
    if (!userMapData.setMappingData(newUser, mappingData,logger)) {
    errorMessage = new ErrorMessage("Set user maaping data for + " + newUser.getDisplayName() + " failed.", "ApolloUMECreateUser.setUserMappingData()");
    public boolean setMappingData(IUser iUser, Map logonData, UmeLog logger) {
            //logonData needs to be able to be null to clear the user mapping!
            if (iUser != null) { 
                try {
                      IUserMappingData mappingData = iUserMapping.getUserMappingData(systemAlias, iUser, logonData);
                    //IUserMappingService iums = (IUserMappingService)PortalRuntime.getRuntimeResources().getService(IUserMappingService.KEY);
                    //IUserMappingData mappingData = iums.getMappingData (systemAlias, iUser);
                    mappingData.storeLogonData(logonData);
                            return true;
                catch (IOException ioe) {
    return false;
                catch (Exception e) {
                            return false;
            return false;
    Error:
    #1.5#00155D007802007D0000417100000B480004F636722D1228#1396613610296#com.sap.security.core.umap.imp.UserMappingDataImp#ibm.com/ibm.com.tivoli.im.umeagent#com.sap.security.core.umap.imp.UserMappingDataImp.saveLogonDataInternal(Map, boolean)#Guest#0##n/a##88b1fdb2bbf211e3a6ac00000032f136#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###Cannot save logon data for principal {0} because there is no mapped backend user ID in the logon data map to save.#1#"user id, password" (unique ID: "USER.PRIVATE_DATASOURCE.un:aujastest31")#
    #1.5#00155D00780200740000411600000B480004F636722D12D8#1396613610296#System.err#ibm.com/ibm.com.tivoli.im.****umeagent#System.err#Guest#0##n/a##88cc4ee9bbf211e3b0a300000032f136#SAPEngine_Application_Thread[impl:3]_33##0#0#Error##Plain###Apr 4, 2014 5:43:30 PM com.ibm.tim.agents.UmeAgent [SAPEngine_Application_Thread[impl:3]_33] Info: Created the Writer
    #1.5#00155D007802007D0000417200000B480004F636722D18DA#1396613610296#com.sap.security.core.umap.imp.UserMappingDataImp#ibm.com/ibm.com.tivoli.im.umeagent#com.sap.security.core.umap.imp.UserMappingDataImp#Guest#0##n/a##88b1fdb2bbf211e3a6ac00000032f136#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###storeLogonData(Map)
    [EXCEPTION]
    {0}#1#com.sap.security.api.UMException: Mapped backend user ID not specified.
          at com.sap.security.core.umap.imp.UserMappingDataImp.saveLogonDataInternal(UserMappingDataImp.java:280)
          at com.sap.security.core.umap.imp.UserMappingDataImp.saveLogonData(UserMappingDataImp.java:251)
          at com.sap.security.core.umap.imp.UserMappingDataImp.storeLogonData(UserMappingDataImp.java:223)
          at com.ibm.tivoli.integration.im.agents.umeagent.sap.usermapping.UserMapData.setMappingData(UserMapData.java:106)
          at com.ibm.tivoli.integration.im.agents.umeagent.sap.UMECreateUser.setUserMappingData(UMECreateUser.java:381)
          at com.ibm.tivoli.integration.im.agents.umeagent.sap.UMECreateUser.UMECreateSAPUser(UMECreateUser.java:118)
          at com.ibm.tim.agents.UmeAgent.UMEProcessAddRequest(UmeAgent.java:207)
          at com.ibm.tim.agents.UmeAgent.processRequest(UmeAgent.java:134)
          at com.ibm.tim.agents.UmeAgent.doPost(UmeAgent.java:89)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
          at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
          at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
          at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
          at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
          at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
          at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
          at java.security.AccessController.doPrivileged(Native Method)
          at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
          at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

    Thanks Rodrigo for you reply.
    In Data Base user is exist and manually user mapping is working only through code i am getting error. Using code user is creating but mapping is not happening. I am sending ep6User user as iUser please find requested code.
    Please suggest Thanks in advanced!!!
    public UmeUser processRequest(com.ibm.dsml2.parser.AddRequest addRequest) {
            UmeUser ep6User = null;
            try {
                Enumeration enumAddRequestAttr = addRequest.enumerateAttr();
                Properties userAttributes = new Properties();
                while (enumAddRequestAttr.hasMoreElements()) {
                    com.ibm.dsml2.parser.Attr attr = (com.ibm.dsml2.parser.Attr) enumAddRequestAttr.nextElement();
                   if (attr.getValueCount() == 1) {
                        userAttributes.put(attr.getName(), getAttributeValue(attr));
                    else {
                        List list = new ArrayList(attr.getValueCount());
                        for (int i = 0; i < attr.getValueCount(); i++) {
                            list.add(getAttributeValue(attr, i));
                        userAttributes.put(attr.getName(), list);
                ep6User = new UmeUser(userAttributes, logger);
            catch (Exception e) {
                logger.log(this.getClass().getName(), e);
            return ep6User;

  • User Mapping Issue

    I get the following error message when mapping a user
    <b>User Mapping not fully available..
    Exception id: 10:25_16/02/06_0015_35280350
    See the details for the exception ID in the log file</b>
    Any ideas?

    Hi,
    maybe some background info would be interesting to know:
    User mapping is not fully available by default, because SAP does not ship cryptographic libraries with the product (for legal reasons). If these are not present, the stored passwords cannot be encrypted in the portal database.
    A workaround would be to tell EP to store the passwords unencrypted. For this, set the parameter as Juan suggested.
    A better approach imho would be to install the required security libraries (SAP Java Cryptographic Toolkit) for having craptography support on the system. The libraries are available on service marketplace.
    Regards,
    Dominik

  • User Mapping issue with custom system

    Hello,
    We have an iView that allows user's to store credentials to a back end system. We have created a sytem for this, that stores custom values (not the default user / mappedpassword). The code snippet below is used:
    mappingData = UMFactory.getUserMapping().getUserMappingData(systeme, user);
    Map map = new HashMap();
    map.put(BUSINESS_UNIT, bu);
    map.put(RACF_USERNAME, username);
    map.put(RACF_PASSWORD, passwd);
    mappingData.storeLogonData(map);
    This code has worked fine in both EP6 SP2, and with our migration to NW04 (now up to SPS17). However, when we upgraded to NW04s SPS12, I get the following error:
    Exception: Doug Test - setCredentials: java.io.IOException: com.sap.security.api.UMException: Mapped backend user ID not specified.
    If I add the following line to my code above, it works again:
    map.put("user", username);
    Any ideas on why I need to specify the user field in NW04s when I did not need to previously?
    Thanks in advance for any help.

    Doug,
    the following link might be helpful for working with NW04s UserMappingData object.
    <a href="https://help.sap.com/javadocs/NW04S/current/se/com/sap/security/api/umap/IUserMappingData.html">IUserMappingData - NW04S</a>
    Regards,
    Shubhadip

  • SSO to Exchange without user mapping

    I have Exchange configured for collabration groupware integration, and it works fine. I can get my calander entries without a problem when I have a user mapping set for the Exchange Transport. I have SSO enabled using the iis_proxy.dll authenticating via Active Directory also without a problem. I can also connect to OWA without any issue. The only thing I don't like is that I need a user mapping for the calander availabity.
    Does anyone know of a way to make this more automatic? I don't want the users to need to maintain their own mappings.

    We are in the exact same situation. I thought that the SSO22KerbMap ISAPI filter would do just that but the user mapping is required no matter what, unless I'm missing something in my config. The Exchange and Active Directory users are the same so a user mapping should not be required.

  • User Mapping to R/3 - admin.pwdprotection=false but still pwd field appears

    <br />
    Hello All,<br />
    I am doing SSO using user mapping to R/3 system from Portal as the ids are different for Portal and R/3.<br />
    I can access a transaction iview from R/3 successfully using user mapping(in SSO) but the problem is everytime a user changes his R/3 password, the mapped password is to be changed in Portal.Otherwise, unable to access transaction iview.<br />
    1) I have changed the property ume.usermapping.admin.pwdprotection=false in configtool but still in User Admin > User mapping for system access , the password field is populated and while accessing the R/3, the password is being verified. I have seen in another system where the password field is not being asked after modifying the property to false, only id field is present. From the end user, under Personalize > User Profile > User Mapping for system, no systems are present as expected for mapping. Logon method in system is uidpw and mapping type is "Admin".<br />
    Versions - Portal is NW7.0 SP18 and ECC is .0 EhP3.<br />
    anybody faced the same problem? Is there a note to fix it?<br />
    2)Also, in the User Admin > User mapping for system access , in the dropdown I can see the system aliases I have created in systems but not in System admin> sys config > Ume config > under User Mapping , I do not find any reference system. <br />
    After first restart it was not there, after some time it has come, later it was coming as configured but invalid beside the system in braces in dropdown like abc(configured but invalid). Once I unselected, now it is no more available in dropdown.<br />
    3) I have used diagtool to identify the problem. In the ticket, how do I see the mapped user?<br />
    I am seeing only the following details.From the log - <br />
    The created ticket is: <br />
    [ [Ticket [initialized]<br />
      Ticket Version  = 0<br />
      Ticket Codepage =  (Encoding=1100)<br />
      User = 121444<br />
      Issuing System ID     = EPD  ( Portal name)<br />
      Issuing System Client = 000<br />
      Creation Time = 200905150649<br />
      Valid Time    = 8 h 0 min<br />
      Signature (length=261 bytes)<br />
      InfoUnit id=32, name=portal_user, content=portal:121444, length=16<br />
      InfoUnit id=136, name=authscheme, content=basicauthentication, length=19<br />
      InfoUnit id=1, length=9<br />
      InfoUnit id=2, length=3<br />
      InfoUnit id=3, length=3<br />
      InfoUnit id=4, length=12<br />
      InfoUnit id=5, length=4<br />
      InfoUnit id=10, length=9<br />
    ]. <br />
    Authentication stack: [ticket].<br />
    <br />
    Does this have an entry for mapped user of target R/3 system also?<br />
    If I am not finding the userid/pwd in ticket, how is SSO working? based on user mapping only?<br />
    Thanks,<br />
    Isvarya<br />

    Thanks Anja for the quick response.
    My primary objective is to use SSO with logon tickets to backend which is independent of user passwords.
    regarding 1)
    From the link -
    http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
    Features
    ●      Either users or administrators can perform user mapping.
    ¡        Users must always enter a password to validate their mapped user ID.
    This password is not stored, but is used to confirm that the user is entering a user ID with which he or she has access to the ABAP-based system.
    ○       Administrators can enter a password to validate their entries.
    The UME property ume.usermapping.admin.pwdprotection defines whether or not the administrator must enter a password. By default the administrator must enter one.
    is also in the same lines.
    But as per the SAP library link, I do not find a reference system  because of problem 2 in the initial post.
    Also, I have a screenshot of user admin where the password field itself is not present. If you can share your email id, I will send the scrnshot without pwd and mine with password.
    2)I have seen this note. But, none of the 3 cases mentioned are applicable to me..user mapping is working just fine..Only reference system is not populated. 
    3) Becuase of 1, I was expecting to see mapped id alone or mapped id along with system name in logon tickets.
    Thanks for the response.

  • Question about Logon ticket with user mapping at BI-JAVA environment

    We're implementing BI 7.0 including BI Java and SAP EP for end user
    access.
    I have two question about SSO method when we're using BI Java.
    I know we can simply configure SSO logon ticket with BI-Java(EP
    included) and BI-ABAP through BI template installer and we already
    succeeded in that case.
    But the problem is we want to change it to user mapping SSO method for
    some our internal reason.
    After we configure user mapping SSO, we've got SSO failed error when we
    call BI-Java stuff like BEx Web Application iView.
    After many testing implemented, we found SSO Logon ticket with user
    mapping (using SAP reference system). It seems working now.
    But our question is "Is it no problem when we use SSO logon ticket with
    user mapping?" Is there any restriction or issue?
    One more question is we can ONLY use user base mapping when reference
    system used. How can we assign BI-ABAP users to EP Group?

    Using an SAP Reference system is allright. But if the reason u r going for this is because of different usernames in EP and BI, why dont you go for user mapping.
    Anyways, on restriction of reference syetms is that you can have ONLY ONE reference system defined in portal. In you case you can only have the BI system defined.
    Hope this helps!!

  • Users mapping between EP and ABAP system

    Hello
    I'd like to ask for some guidance in my quest
    Current situation looks like this:
    I've configured UME in AS Java to work with LDAP as read only data source. Then I've configured SPNego to run SSO - It works, users from MS AD can log into portal.
    Now I have application in WD which authorizes via EP/AD - works fine.
    And next step is users mapping between AD and ABAP backend (serving some BAPI's for WD app)
    I've found a bunch of help pages starting from
    http://help.sap.com/saphelp_nwce711/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
    But somehow it's quite complicated to achieve this mapping. I've tried to set RFC destinations logon type to user mapping but without succes.
    Can anyone point me to some more clear example or give path to configure this scenario? Is there a way of configuring this with NWA or some XML file editing is required?
    Any help will be appreciated.
    BTW: whole environment is in version 7.11
    Best regards
    Maciej

    There is no equivalent to SPNEGO on the ABAP side.
    If your goal is to propagate the user, then possible options are:
    -> Wait for SAML 2.0 or invest now in a SAML 1.0 provider.
    -> Use the same kerberos ticket for the EP as what your ABAP system will accept: route = SNC and 3rd party libraries.
    -> Issue SAP logon tickets for the ABAP system from the EP, and use these in your WDA.
    Another option is to expose the service with saved logon data in the ICF. If the service is just a wrapper for the BAPI, then you can also consider using trusted RFC between the service and the backend, but this might not be acceptable for your service.
    I have only done experimental stuff with this and some of the above is not released yet. Also consider the consequences, even if it "does work"...
    Cheers,
    Julius

  • Not able to do user Mapping with the backend System

    Hello all,
    I am trying to Map a user to a windows based KM System but getting an error like
    "There is a configuration issue which leads to problems when accessing user mapping data for the selected backend system 'KM_Test_System'. Usually, the reason is user mapping being configured for strong encryption, but the necessary additional files being missing. Check the security log file for further information and hints on how to solve the problem."
    Can somebody tell me what could be the possible reason for this and how to handle this. I dont have access to the Portal server right now , so not able to see the security log.
    Thanks to all,
    Regards,
    Sarabjeet Singh.

    Hi Sarbjeet,
    I believe this links will help you understand and solve your problem:
    user mapping is not saved
    and
    http://help.sap.com/saphelp_nw04/helpdata/en/04/d246215f1d4f588d1d9c49391acb01/frameset.htm
    Hope this helps,
    Robert

Maybe you are looking for