Connection object to Anonymous users ?

Similar Messages

• Authorization Issue with Custom Pending Value Object and Anonymous Users

  Hi,
  I am just converting my demo from version 7.1 to 7.2. I am not doing upgrade. The demo uses a custom pending value object USER_REQUEST. The idea is that new employee goes to Java AS as anonymous user and enters her details and store where she will work. After submitting request there is an approval process using custom entry type USER_REQUEST. If the request is approved then IdM converts USER_REQUEST into MX_PERSON entry. This works nice in 7.1 but I am having problems with replicating this in 7.2. I created new UI task accessible by anonymous that creates new USER_REQUEST entry. I also assigned role idm.anonymous with UME action idm_anonymous to UME built in group Anonymous users.
  My problem is with the field STORE. This field is a reference field to another custom entry type STORE (this entry type will be used in context based assignment). Every new employee must selects a store where she will work. The problem is when user clicks on button "Select". Web dynpro terminates and returns authorization error. I also tested this with entry type MX_ROLE. I added attribute MXREF_MX_ROLE and same issue. So it seems that just assigning UME action idm_anonymous is not enough to list objects from identity store. I found a workaround for this issue. When I assign also UME action idm_authenticated to Anonymous users then it does not dump and I get a pop up window where I can search for store. It does not seem right to assign idm_authenticated to anonymous users.
  Another issue is with display task for entry type USER_REQUEST. I assigned a display task to entry STORE and I set that Anonymous have access to this task in Access control tab. I assigned default value to the field store. So when a user opens page she can see a hyper link to display already assigned store. When user clicks on this hyper link it opens a new pop up window and user must authenticate against Java AS. After successful authentication the display task for entry STORE is displayed. I would assume that anonymous user can display it without authentication.
  So to me it seems like authorization checks have been changed in 7.2 versions and are more strict for anonymous tasks. Hence my question is how can I implement my scenario. Am I missing some configuration or what's the proper solution to my two issues? I don't count assigning idm_authenticated to Anonymous users as a solution. This workaround does not solve my second issue.
  Thanks

  Some of the folks from Trondheim labs check, but rather infrequently.  There's another person who I guess is in consulting that also checks from time to time.
  Sorry I can't help you with your main question...
  Matt

• Access to WPC Web Pages by Anonymous Users?

  Hello,
  i want to give anonymous users access to Web Pages that were created with the Web Page Composer.
  In did the following:
  1. create the Web Pages,Site Navigation etc....
  2. edited the permissions of the site: grant anonymous users Read Access.
  3.included the site navigation into the navigation of the anoymous users
  When i access the portal as anonymous users and try to open a Web Page, i get a logon screen for Authentification.
  I think that there is a problem, that i didn't find any way to set the Authentification Scheme for these Web Pages to "Anonymous". This is the way it has to be done with other iViews.
  When i am accessing the page with an authenticated users, i have no problem with displaying the same Web Pages.
  Is there anywhere an attribute i need to set? Or is it currently not supported?
  Regards,
  Marcus
  Message was edited by:
          Marcus Böhm

  1. Configuration in PCD - go to Content Administration -> Portal Content-> Portal Content -> Web Page Composer -> Container iViews -> WPC
  Default Containers. All of the iViews in this location should have the
  "anonymous" authentication scheme. The next location which should be
  checked is Content Administration -> Portal Content -> Portal Content ->Web Page Composer -> iView Templates. Again all of the iViews should
  have the "anonymous" authentication scheme. The same applies to all the
  templates which reside in Content Administration -> Portal Content ->
  Portal Content -> Web Page Composer -> Page Layout Templates. Finally
  check if all the pages which reside in Content Administration -> Portal
  Content -> Portal Content -> Web Page Composer -> Page Layouts have the
  "anonymous" authentication scheme.
  2. Configuration in KM - make sure that all the pages, which should be
  displayed to an anonymous user have in their permissions the Anonymous
  Users Group.
  3. Security zones - if you go to System Administration -> Permissions ->Security Zones -> com.sap.nw.wpc -> wpc -> no_safety and you open the
  permissions of this object, the Anonymous Users group must be added in
  the list.
  If all mentioned objects have their setting as described and you still
  experience problems (e.g. you see a browser dialog window for
  authentication), the reason most probably is, that the KM is not
  configured for anonymous access. A full description of the needed steps
  is provided with note 837898.

• Unassing a Premise froma Connection Object

  Hi ISU Experts!
  I juste wanted to ask you if it is possible to unassing a Premise from a Connection Object.
  A user created a new ConnObject/Premise/Installation, but when creating the Premise he assigned it to another Connection Object. Is it possible to reassing the premise? Or Unassign the Premise from the Actual Connection Object?
  Or the should create a new Premise/installation again?
  Thak you very much in advance,
  Best regards
  LUCAS

  Hi,
  There is no reversal process where you can reverse the assignment of a premise with connection object. You need to create a new set of these technical master data once more.
  You can set the 'Delete' flag available at connection object/premise/installation level. It will be archived from the system during archive run.
  Thanks.
  Nirmalya

• WPC - MIME object in web article with anonymous user doesn't work correctly

  Hi all,
  we have a problem with the Web Page Composer (NW07 SP14 + Patch 01) and contents for anonymous users.
  We have define a site with the following elements: article (with text and jpg), paragraph (with text and pdf link) and a jpg image. All texts and the "standalone" jpg (not used in article/paragraph) are displayed correctly. The jpg in the article and the pdf link does not work correctly ("broken" link, PDF link requires a login name ?).
  The direct image in the website has the following link:
  <server>/irj/go/km/docs/wpccontent/Sites/alogis_v01_home/Site%20Content/graphics/bild01.jpg
  (short url is turned off for error search...)
  The jpg in the article has the following link (this is the same jpg as the previous picture bild01.jpg):
  <server>/irj/servlet/prt/portal/prtroot/docs/guid/10c76155-d8c8-2a10-a4a5-fa0a0c7246fc
  And the PDF link is:
  <server>/irj/servlet/prt/portal/prtroot/docs/guid/707470fb-e3c8-2a10-94b4-972b06419c40
  For anonymous users the last two urls are not reachable. These urls require a login (the first link not). The links work correctly with a registered user, not with an anonymous user.
  Does anybody have an idea? Is there someone who had this problem before and solved it?
  Many thanks in advance.
  Mirko Galetzka

  Hi,
  I'm not sure if you're aware, but there is a 3.0 beta version of Data Modeler.
  You can download it freely from here :
  http://www.oracle.com/technetwork/developer-tools/datamodeler/overview/index.html
  There are many bugs fixed there.

• WPC for Anonymous user

  Dear All,
  We are on SAP NW 7.3 and trying to provide the WPC page for anonymous users.
  Have designed the WPC content, connected to a role and gave the role to anonymous user, but when we go to portal
  http://<host>:<port>/irj/portal/anonymous it gives a logon page. To resolve the issue have gone thru all the posts and recommendations but still the same error.
  Tried to follow the blog 'Webpage composer Anonymous User access' but in NW 7.3 can find the PCD location 'WebpageComposer', - but in templates we have the WPC Templates and have given the required permissions
  Also the security zones are changed.
  Has it something to do with the 'Staging Area' folder  (Navigating through the role Accesible Area Management -> content Editor), because when we create any new Area/Page(WPC Area/Page) it creates the same in this folder, which is present as a KM Folder. This folder does not allow to set the permissions (Accesible Area Management -> Content Library -> Staging Area -> Details -> Permissions)
  Your valuable suggestions would really help me to resolve this issue.
  Thanks,
  Srv

  Dear All,
  Got the reply from SAP to perform the below steps and its working fine for us.. just in case any one of you needs this info.
  1. Add the "authentication scheme" property to the WPC design time page template: a. Go to "System Administration" ' "Content Model Management" ' "Property Classification" b. Under "Object Type" select "Page" c. Under "Template" select "WPC Design Time Page" d. Under "Available Properties" locate "Authentication Scheme" and add it to the "Selected Properties" 2. Go to the Area Management Role and locate the area and the page that you would like to be available to anonymous users 3. Set End User permissions for "Anonymous" group on the area 4. Publish the page(s) and the area 5. Navigate to "Content Administration". Make sure the "Area Management"role isn't open in some other tab or browser window 6. In the Portal Content Catalog, locate the role which is available to anonymous users and has the WPC area connected to it. 7. Open the role, open the connection 8. For each page under the workset (area): a. Open the page b. For each iview and page under the page, open the iview/page and navigate to its properties: i. Locate the "Authentication Scheme" property and change it to "anonymous" ii. Save the object iii. For pages, open the page and perform the same process for each iview under the page iv. Save

• Errors while consuming secured portlet on anonymous user

  Hello,
  I'm trying to configure security end-to-end Portlet as in this link http://fusionsecurity.blogspot.com/2010/09/hands-on-wsrp-security-in-oracle-fusion_04.html.
  I got WSRP security with authenticated users, but when I try to consume the portlet on anonymous users (unauthenticated), I receive the error below:
  Caused By: javax.xml.rpc.soap.SOAPFaultException: FailedAuthentication : The security token cannot be authenticated.
                  at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:669)
                  at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:475)
                  at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:149)
                  at oracle.portlet.wsrp.v2.soap.runtime.WSRP_v2_Markup_Binding_SOAP_Stub.initCookie(WSRP_v2_Markup_Binding_SOAP_Stub.java:343)
                  at oracle.portlet.wsrp.v2.WSRP_v2_Markup_PortTypeJaxbToSoap.initCookie(WSRP_v2_Markup_PortTypeJaxbToSoap.java:671)
                  at oracle.portlet.wsrp.v2.ServerToWSRPv2.initCookie(ServerToWSRPv2.java:22225)
                  at oracle.portlet.client.connection.wsrp.ActivityServerWrapper.initCookie(ActivityServerWrapper.java:1125)
                  at oracle.portlet.client.techimpl.wsrp.WSRPInitCookiePipe.execute(WSRPInitCookiePipe.java:130)
                  … more
  We have the following usecase:
  1) Created an ADF application with one JSP page and converted to portlet.
  2) Created a consumer application (Webcenter Portal Framework Application).
  3) In the consumer app, created a WSRP connection for this portlet (to register the producer).
  - In the "Configure Security Attributes" in the WSRP portlet producer wizard, we have selected the following:
  - Token Profile: WSS 1.0 SAML Token with Message Protection
  - Configuration: Default
  - Default user: anonymous
  4) Drag and drop the portlet on the consumer page and run.
  Would anyone tell me how do I set the permission for an anonymous user?
  Thanks.

  Hi Bijesh,
  Yes, I have tried not specifying a default user and I got the error below:
  <Feb 3, 2015 2:53:48 PM BRST> <Notice> <Stdout> <BEA-000000> <<Feb 3, 2015 2:53:48 PM BRST> <Error> <oracle.wsm.resources.security> <WSM-00008> <Web service authentication failed.
  javax.security.auth.login.LoginException: wsrp:minimal
                  at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:127)
                  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                  at java.lang.reflect.Method.invoke(Method.java:597)
                  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                  at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
                  at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
                  at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
                  at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:184)
                  at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:325)
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User wsrp:minimal javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User wsrp:minimal denied
                  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
                  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
                  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
                  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                  at java.lang.reflect.Method.invoke(Method.java:597)
                  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  I’ve set ADF Security for my Portlet Application following the steps below:
  Create an Enterprise Role ‘Participante’. (The authenticated user has this group 'Participante' in LDAP)
  Create an Application Role ‘participante-role’ and map to the enterprise role ‘Participante’.
  Assign ‘participante-role’ to Web Page or Task Flow in Resources Grants.
  Those steps work well when I am using Task Flows. If I use Portlets based on Page instead of Task Flow, the security does not work.
  I have already tested the second option (create a guest user). The problem here is that the user has the authenticated-role associated to it.
  Thanks for help.

• Anonymous user can't access WPC pages in TREX search result list

  An anonymous user can use TREX service to enter query string in search iView and to get the list of results.
  But when he tries to open a page (web_paragraph or web_article ) generated by WPC (by clicking on the page link in result list) a logon screen appears in a popup window.
  The URL of the window is /irj/servlet/prt/prtroot/...  rather than irj/go/km/u2026 .
  How to work around this?
  At the same time he can see Word, Excel documents and XML Forms (News).
  We use light framework.

  Hi
  You need to change PCD Permission for the objects the anonymous used.
  And change the parametrer Authentication Scheme to Anonymous.
  Good Luck
  Eduardo Grilo

• Anonymous User Login

  Hi All,
  I have an issue with 'Forgot Password' button in the end user login. When a Forgot Password button is clicked, a Question Login workflow will trigger (I think I am right?) .Now I would like to customize the 'Question Login' workflow as per my requirements, but unfortunately I am not, I modified the system configuration object, but still with no luck I am not able to customize that workflow.
  So I thought of using anonymous login page and I can launch my own workflow as per my requirements. I have registered my workflow at 'anonymous end user tasks'. and I try to launch the anonymous login page using the url 'http://localhost:8080/idm/user/anonlogin.jsp'. I am getting the following errors.
  An unrecoverable error has occurred processing the request. Contact your system administrator.
  Syslog ID = LG-1111-024933.
  Only the Reset Administrator may access this view.
  I don't know, where I am doing wrong. For the first time I am trying to use anonymous login page.
  Did anybody faced similar problems?
  Can anybody please post some points, like what is the procedure to use a Anonymous login page?
  Thanks in advance

  Well, first, I visited Configure > User Interface, and enabled Anonymous Enrollment.
  Next, I went to user/login.jsp, and saw "Request Account". I clicked on it, and up popped the user/anonEnrollment.jsp page. (I was looking at using this for one of our requirements; turned out I didn't need it, and did something else).
  Anyway, a quick check with Live HTTP Headers for Firefox shows that the post was directly to anonEnrollment.jsp; anonEnrollment.jsp has this at the top:
  String anonUser = LoginHelper.getAnonymousUser(session);
  if (anonUser == null) {
      String url = "user/login.jsp";
      LoginHelper.redirect(req, out, url);
      return;
  }Not a huge amount of help. However, it does establish that there is an "getAnonymousUser" method, which is documented to return "the currently registered anonymous user name if any". And reading the Workflows, Forms, and Views manual, it states that the anonymous main page is for "... when a user who does not have a Identity Manager account logs in, an Identity Manager user object is created ...". Basically, if you're using pass through auth, and have a source system that will let a user authenticate, they can then set themselves up.
  So, I visited "anonmain.jsp" after clearing all cookies, and up popped "anonlogin.jsp", with a login box. I entered "anonymous", and lo!, I was logged in, and saw the anonymous user menu. In other words, I was "provisionally" logged in with an account that doesn't really exist (anonymous).
  However, I had to provide that extra bit of information, namely, my "fake" user name of "anonymous". I don't know how you'd do that without JSP customization.
  Basically, "anonymous" means "has a username, but we don't have an account", rather than "truely anonymous" as near as I can tell. The system will do it for you in the case of "Request Account" (the generated login page has some Javascript code to redirect to anonEnrollment.jsp), but it doesn't seem to be an exposed API.
  You might get somewhere with customizing the "Request Account" string in the messages catalogue, and then customizing the anonymous enrollment workflow.

• Anonymous User Help

  I have configured an anonymous user and created a new framework page to display the content. When the page first loads, the correct framework page, theme, and content appear. However, if I click on one of the content tabs (even if it is the first one, which is currently showing correctly), I get the error "No portal desktop is defined for this user.If this problem persists, contact your system administrator."
  I have checked all permissions on everything to ensure that they are set correctly. Is there some type of session management that needs to be configured for anonymous users? It seems to load great the first time, and then after that is when the error occurs. Logged in users do not have this error.
  Thanks for any help offered.

  Hi,
  . Changing the Main Rules
  o Go to Portal content --> Portal Administrators -->Super administrators -->Main rules.
  o Right click and select edit object.
  o Click "Add IF Expression". Another IF statement is added. Already existing IF statement is necessarry.
  o Here you select If user = some user
  o Click the "Then" Statement. Now go to the Portal desktop you created and right click the portal desktop and select "Add portal desktop to expression".
  o Now save the rule collection.
  You are done for the user. Now close the browser and loggin with the specific user.
  Also, check these links for further assistance.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/8d9d9c90-0201-0010-e9a4-ed82031e1908
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/e549a890-0201-0010-3f8b-d3b852457ebd
  regards,
  Sandeep
  Message was edited by:
          Sandeep Tudumu

• SSO (SPNego) Configured, but  Anonymous user´s page doesn´t work

  Hello,
  I configured Single Sign-On between Portal and windows using SPNego (working OK) but when we try to connect to Portal using anonymous user I ca´n´t do it ( my pc user is automatically loged), Any idea to filter the anonymous user?
  Kind regards

  Hi,
  What you need to do is create an alias of the server on the DNS.
  Example:
  http://portal.client.com:50000 is the normal portal access with SPNEGO. You have set the SPN to this server (setspn) to use SPNEGO
  On the DNS you need to create another alias to the same server but you don't map it to the SPN user.
  http://portalNOSPNEGO.cliente.com:50000
  As it is not mapped to use kerberos... it won't use the SSO.
  If you want to access anonymous user or with any other user on your domain you will access the new portal URL http://portalNOSPNEGO.client.com:50000
  There is a problem accessing this with IE6.0.. it might appear a Windows popup authentication window. In order to get rid of this.. you have to change the Internet Explorer Security Level.
  Option a) Include the portalNOSPNEGO site on the Trusted Sites. On the security level of the trusted sites select "Anonymous Logon". Include the portal.client.com site on the Intranet Sites... the security level of this sites should be "Authentication only on Intranet Sites"
  Option b)Upgrade to IE 7.0
  For the external users that have nothing to do with your domain..
  Option a)the security level for the Internet sites should be "Anonymous Logon".... or
  Option b)Uncheck de Integrted Windows Authentication
  Option c)Upgrade to IE7.0

• Image asking for Logon (Userid/Password) for an anonymous user

  Hello,
     I have created the HTML file in <b>Portal -> Content Administration-> KM Content -> root -> documents -> MyFolder</b> which I have access through an KM Document iView which contains the <b>text</b> and <b>image</b>. Also I have changed the Authentication Scheme property of iView to anonymous for an anonymous user.
  Now the problem is that when I click on the KM iView for an anonymous user, then I am able to see the text of the HTML file but image does not comes, instead it asks for Logon ie User Id and Password.
  Can someone tell me how I can see both the image and text.
  Best Regards,
  Nivedita

  Hi ,
  I also faced the same problem .
  Solved by doing the following.
  Open the PCD Editor as Content Administrator: Content Administration > Portal Content > Portal Content > Portal Users > Standard Portal Users > Standard User Role > Open > Object
             a) Navigate to Home (note the tooltip "com.sap.km. home_ws") > Hidden > URL Access.
             b) Open all contained iViews (Basic Search, Details, Document, Highlighted Content) for editing
             c) Select the property category "Advanced"
             d) Change the property "Authentication Scheme" to "anonymous"
             e) Save your changes.
  Regards
  Naveed Ahmed

• How many Connections objects????

  Hi
  I am creating a GUI application which contains several GUI classes(e.g. frames and dialog boxes) which are instantiated depending on the choice of the user. I also have a Database class which contains the code which enables the connection to the database. The code creating the connection is within the constructor,therefore creating a connection whever I create an instance of the database class.
  Most of the GUI classes need to obtain or update information held in a database.
  Currently I create an instance of the Database class in every GUI class which needs to access the database. Obviously however every time a new database object is created, a new connection is also created.
  I am worried about all these database objects all containing their own connections.
  Should I have just one connection object in existence at any one time?
  If so,can I declare the Connection variable in the Database class as static?
  Any help/comments would be gratefully received.
  LGS

  From what I know, there should be no problem with maintaining multiple connections to the database. This is a property of the database itself, most allow about 256 connections. The only problem you face is a lost transaction. As long as you keep the queries serialized, you shouldn't encounter any problems.
  If you did want to only have one connection open... why not have another class for that (DBConn) and not instantiate a new connection in the constructor of your Database class. This way, each Database object can use the one connection by all referencing the DBConn object.
  Just a thought...

• Accessing anonymous user in web dynpro application

  Hi All,
    I have created one web dynpro application for internet site (Anonymous user). While trying to retrieve the Iuser through web dynpro application, it is coming <b>null</b> coz user is Anonymous if i am not wrong.
  So I am not able to read the property file from the KM and based on the value coming from the property file i am setting in the drop down.
  Regards,
  Nelly
  Message was edited by: Nelly
          nelly khare

  hi,
  i did the same thing den code is working and values are coming from the property file but i m going to place this application in the Internet.
  There i can't ask user to enter User-Id and PWD.
  I tried to use IWDClient's object and through this i m accessing getSAPUser().
  here is the code that i m using:-
  <b>wdClientUser = WDClientUser.getCurrentUser();
  manager.reportSuccess("wdclientuser-"+wdClientUser);-value is coming for that
  sapUser = wdClientUser.getSAPUser();
  manager.reportSuccess("sapUser -"+sapUser );Null is coming for that
  //create an ep5 user from the retrieved user
  ep5User = WPUMFactory.getUserFactory().getEP5User(sapUser);
  resourseContext = new ResourceContext(ep5User);
  resourseFactory = ResourceFactory.getInstance();
  pathRID =RID.getRID(/documents/IDBDevelopments/Propertyfiles/JobOpportunity/DateofBirth.properties");
  resource =     (IResource) resourseFactory.getResource(pathRID,resourseContext);</b>
  In that point i m getting Null as value.coz it's description says that if user is Anopnymous this function will return Null.
  Coz of that i m not able to create Resource context for reading the property file.
  Regards,
  Deepak

• Having the connection object for the specific schema

  hi
  My application interacting with the database of having many no of schema's. I need to create a connection object which is pointing to the specific schema in my database. This is help me to avoid writing schema name in the query every time.
  Thanks
  Siva

  How to specify the schema name in properties file?
  Say for example, i created properties file like that,
  Properties props = new Properties();
  props.setProperty("user", "username");
  props.setProperty("password", "password');
  In which property i can set for schema?