Contributor mode for external users (SSXA)

Similar Messages

• Excel Services Connectivity on Sharepoint 2013 for external user

  Currently , external user is able to refresh the data on sharepoint site through browser. the data connection is pointing the one of the external data source. But how can an external user (Internet user which accessing sharepoint through internet) download
  a copy of excel in sharepoint library and open the excel workbook with data refresh ability at client machine ?
  Do we need client machine to be able to access / ping the external data source? 
  Thanks.

  Thanks for the response.
  They want to perform data analysis and design their own report with own template , for example : to remove subtotal from the powerpivot tables which we cannot change the formatting at the excel services at browser level.
  So if i understand correctly, we need to get the client machine to be able to access to the database server directly to get the access to the cube for data analysis although we had this odc file connection setup, am i right?
  For internal user, network team should open port / access for them to access database server directly.
  For external user, either to open public access to the database server directly or setup a VPN connection for the external user to access the database server in their secure network.
  Let me know if i understand this correctly.
  Thanks.

• Lyncdiscover reports HTTP 500 Internal Server Error for external users

  Hello,
  I have a problem providing lyncdiscover information for external Lync users. The same address works internal (prompts for file download) so I believe the problem is UAG/TMG providing the site which is not my cup of tea. I have a working external lyncdiscover
  for other domain in the same Lync + UAG/TMG server environment. I have also checked the public DNS records few times and everything should be fine. Firewall also shouldn't be an issue since it reports the internal server error, right? Any suggestions what
  should I check?

  more information based on Lync Autodiscover Web Service Remote Connectivity Test.
  Testing HTTP authentication methods for URL https://lyncdiscover.domain1.com/Autodiscover/AutodiscoverService.svc/root/user.
  HTTP authentication methods successful.
  Additional Details
  Testing HTTP content for URL https://lyncdiscover.domain1.comi/?sipuri=[email protected] has
  token="User".
  HTTP content isn't verified.
   <label for="testSelectWizard_ctl12_ctl06_ctl00_ctl04_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  HTTP 200 status received from server, but no token="User".
  Elapsed Time: 203 ms.
  The same result goes for the other domain that provides the lyncdiscover information correctly for external users. It doesn't seem to solve the root cause but might help to understand
  the problem.

• Access to my Office 365 third-party app for external user : "a User account is not registered for the account"

  In my third-party web application of Office 365, I want to have access to the contacts, events and emails of all the users from the organizations who installed my app. The thing is I don't want that all these users have to grant me access, I just want one
  admin of the org to grant access for my app and then be able to retrieve the data I need for all the users.
  To test for one organization, I logged in as the admin and proceed to the Oauth2 authentication to retrieve the access token and in the first request (the GET one to retrieve an authorization code) i add the parameter
  prompt=admin_consent.
  With this access token, I can access the data (emails, contact, event) of the admin
  for instance for the contacts
  uri: https://outlook.office365.com/ews/odata/Users(adminemail)/Contacts
  but not the data of the other users of this org with this uri
  uri: https://outlook.office365.com/ews/odata/Users(useremail)/Contacts
  The only thing I can do is retrieve an access token for each user but it supposed that each user has to authorize the access to the app but it's very cumbersome. So, i don't see what enables the parameter prompt=admin_consent and how to use it. Does anybody
  know what it does?
  And my question is: how can I do to access the data of all the users of one organization when the access has been granted by one admin?
  Thank you!

      
  This was answered on StackOverflow by Dushyant Gill.  http://stackoverflow.com/questions/25316175/access-to-my-office-365-third-party-app-for-external-user-a-user-account-is-n/25316678#25316678
  You are sending the OAuth request to a tenant specific endpoint of Azure AD. Note the {key_provided} part of your Url - that part represents the tenantid or a registered domain name of an Azure AD tenant. Azure AD throws this error is the user signing in
  is not a user in that tenant.
  Multi-tenant applications like yours have two options:
  Perform home realm discovery yourself and send the SSO request to the correct tenant-specific endpoint of Azure AD: when a new Azure AD organization signs-up for your application, record its tenant ID, and registered domain names. On your login page, ask
  the user for their email and try to discover what Org they belong to using the suffix the email.
  Use the common endpoint of Azure AD. Instead of the {key_provided} part of the URL, use 'common'. In this case Azure AD will determine the user's tenant and sign-in the user. The token that your application will receive will still be from the user's tenant
  (iss claim).
  2 is more convenient for apps. However #1 has an advantage when the user's Organization has customized their sign-in page with the company logo etc - in the case of #1 the user will directly be taken to the customized and familiar sign-in page.
  I recommend a combination of the two: try determining the user's organization and sending them to the tenant specific SSO endpoint. If you're not able to - send them to the common endpoint.

• Exchange 2007 - The server don't send dsn message for external users

  Hello,
  Our exchange 2007doesn't send dsn message for external users but for internals it is ok, I check my configuration but all seems to be ok
  Have you any idea please?
  Thx

  Hi,
  To narrow down the cause, let's firstly try to check the following configuration:
  Get-TransportConfig |fl
  Get-RemoteDomain | select identity, NDREnabled
  Get-SystemMessage
  Thanks,
  Angela Shi
  TechNet Community Support

• How to secure BSP applications for external users on the internet?

  I posted this question under Enterprise Portal forum but got no response. I am hoping some of you experts in this area can help.
  We have developed BSP applications and set them up as iViews in Enterprise Portal 6. Our portal implementation will be used by external users.
  We have security concerns that the access to the BSPs  allows external users direct access to the R/3 system. We were told that we should use ITS application instead of BSP application for external users.
  Do any of you have any insight into how we could work around the security problem with BSP applications, or BSP applications in EP6? Your help will be greatly appreciated.

  In sense they are correct as to whether it is more secure or not would have to be a call by people who are more of an expert than myself.
  But I can see there point the BSP runs directly on the system and uses the system security where as the ITS is basically just an RFC call. However for us we use a 620 server with BSP's and make RFC calls to our R/3 systems thus keeping people of the R/3 directly - however we are not opened to the Internet.
  If your message is answered please remember to mark it solved so others searching in the future can find the solved ones quicker - just click on the yellow star.

• Outlook Anywhere proxy changed from Basic to NTLM for external users

  I have a Exchange 2013 environment that is also running Exchange 2010 coexistence (migrating). What is happening is autodiscover is handing out NTLM for the proxy settings and not basic. However when it is using NTLM we seem to get the password prompt over
  and over. If I manually changed it to Basic then it works fine, but when autodiscover goes again it changes back to NTLM and prompts that the Administrator made a change and you need to restart Outlook.
  I checked Outlook Anywhere and all my servers have Basic set for external users and NTLM set for internal.
  I only have a few mailboxes on 2013 and 2010 mailboxes seem not to have a problem.
  Here is an output for Outlook Anywhere on all six servers:
  Identity                           : CAS01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : EXCH2K13-01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

  Hi,
  Please refer to the following KB to set the Outlook Anywhere settings on Exchange Server 2013 Client Access servers:
  http://support.microsoft.com/en-us/kb/2834139
  If it doesn’t work with the resolution above, please do the following checking in ADSI Edit:
  1. In Adsiedit, expand Configuration-->CN=Services -> CN=Microsoft Exchange -> CN=domain -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Databases.
  2. Right-click the listed database > Properties.
  3. Check whether the msExchHomePublicMDB value is set to an available value. Please change the value to <not set>.
  4. Click OK.
  Then check whether the issue persists.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Lync 2013 - Address Book Synchronization Issues for External Users

  I recently deployed Lync Server 2013 in my organization. Everything works fine except for the address book synchronizing issues and the mobility access. I would really appreciate if someone could share their knowledge as I have done lot of troubleshooting,
  not sure if I have missed something. Please note my setup below for the External Web Services.
  Lync Front End:
  Listening: 8080 4443
  Published: 80 443
  I have published my External Web Services URL and the following ports are open: 4443, 443, 8080
  When I look at the Lync Client Configuration, ABS Server External URL is pointing to https://lyncexternalweb.domain.com:443/abs/handler. However, GAL Status is still pointing to my internal Front End FQDN: https://internal.domain.com:443/abs/handler.  
  For machines that are joined to the domain, the address books synchronizes with no issues. For machines that are not joined to the domain and for external users, GALContacts and GALContacts.DB files are not event generated for the users profiles. 

  Hi Anthony,
  Please note the findings below:
  1. I was checking the Lync Client configuration on one of the PC that is not joined to the domain, still on the domain network via site to site VPN connection. I noticed that the Connected Lync Server varies: sipinternal.domain.com, sipexternal.domain.com,
  lync.domain.com (Pointing to the Edge Server IP).  
  2. Edge Server External Settings: Single IP address with the FQDN set to lync.domain.com for all 3 services and the following ports configured. Access Edge Service: 5061, Web Conferencing Edge Service: 444, A/V Edge Service: 443 with NAT enabled public
  IPv4 address. I have checked the replication status between the Front End and Edge Server, it is up to date.
  3. In regard to the https://lyncdiscover.domain.com, I don't have the lyncdiscover.domain.com published, but it is pointing to the NAT enabled public IPv4 address which is assigned for A/V Edge Services.
  4. For the port forwarding, I am using the Cisco Meraki router. 
  Please advise if there are there is something that I am missing.
  Thanks!

• Endeca : multi invoice pay throwing correct error for internal user but it is failing to throw the same error for external user

  Hi,
  1) Internal User expected exception:
  Exception: Payments,apply credits,disputes and print are not supported when multiple customer/currency transactions are selected
  2) External User is throwing below error instead of throwing above exception.
  Error
    You are trying to access a page that is no longer active.
    The referring page may have come from a previous session. Please select Home
     to proceed.
  found this MACCHECK from fnd logs of external user payment.
  MACCHECK: . Parameter failing validation is :mode. The parameter mode with value MultiPay could not be recognized as part of Server's response on the previous request.  Incoming URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/EndecaDummyPG . Current URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/OIREndecaCustHomePG&akRegionApplicationId=222&_ti=1125493452&oapc=10&retainAM=Y&addBreadCrumb=N&oas=6-LL4ndIUFLX-2zjQAQD6A.. . Referer URL is : https://<hostname>:4443/endeca/web/ar/customer?doAsUserLanguageId=en_US&languageId=en_US . HTTP Request Method is : POST
  can someone please help.
  Thanks,
  RRS

  Well, I compared my classpath between my windows batch file and the
  makefile (that comes with the samples installation) on Solaris and realized
  that I am using different sets of jars.
  So, I removed the extra jars from the makefile to narrow down the
  problem. If I remove the /opt/SUNWam/lib/servlet.jar from the makefile,
  I can reproduce this problem on the Solaris box as well.
  When I include this servlet.jar on my windows machine the program works!
  Only jars I have in my classpath are amclientsdk.jar and servlet.jar which
  I have copied from my installation (/opt/SUNWam/lib) on the Solaris box.
  Just the same way, by copying the am_services.jar, saaj-api.jar, and jaxm-api.jar,
  from the Solarix box to the windows machine,
  I am also able to pull the assertions from the Access Manager.
  I installed Sun Java Enterprise System 2005Q1 on a Solaris 10 machine.
  During the installation, I configured to install the Access Manager
  in Sun Application Server.
  Why do I need to have different set of jars on the windows machine
  for the Access Manager client SDK ?
  Could you please point me to a download link where I could download
  the correct Windows Access Manager Client SDK for
  Sun Java System Access Manager 6.0 (Sun JES 2005Q1)?
  Thanks.

• Integration of Web Interface of a Application in portal for external users

  Hello portal experts,
  our portal can be accessed from the internet (per ISA-Server and https). We have some applications that should be integrated in the portal.
  This application having a web interface that should be used in this context. It's easy to do this for our interal users which could access the web interface of the applications directly.
  But our requirement is to make this application accessible for our external users, too. I have tried a lot with the URL-iView and the server side fetching mode. The first page is shown but with broken images and the buttons are not clickable (Javascript not working).
  Is it possible to use the portal as a kind of proxy that would get the request from the client and forward this to the application in the intranet or is the only way to match our requirement in making the applications accessible directly from the internet? Is there any other solution?
  Best regards
  Florian

  Hi Florian,
  No its not possible to use the SAP Portal as web proxy to your other web-app.
  From my experiance I can tell you to stop searching/trying on the serverside fetching part, it wil not do wat you want.
  There is only one solution direction and that is that you place some kind of reverse proxy in front of your Portal...
  This reverse proxy solution (I keap it abstract as there are multiple solutions for this) should listen on the WWW and translate requests to the right servers.
  For example calls to "/" could be translated to "/irj/portal/" and back
  But also "/yourotherapp" can be translated to "http://yourotherappserver:port/yourotherapp and back
  Resulting in that all calls to http://yourexternalurl/ will go to SAP Portal and all requests to http://yourexternalurl/yourotherapp will go to your other app. When this works you can use the URL or Intergrater iView using the default client side fetching.
  I know that it is possible with Apache as a reverse proxy so I guess (and hope for you) that its also possible with ISA.
  Good luck,
  Benjamin Houttuin

• Problem with links for external user

  Hi,
  We´re using SAP NetWeaver Portal 2004s SPS 10 and we have a problem with links within notification-mails:
  The link to the document (e.g. within a subscription mail) consists of "http:///...". Only user using the portal within our network can open this links. All external user can´t open this links. How can I change the URL so that our external user can open the links, too?
  Thanks for help,
  Sven Keller

  We already have another URL for external usage. My problem is how to define that created links to documents and folder are automatically using the external URL.
  If somebody receives an email (e.g. subscription) the URL to the folder is:
  http://<portalserver>:51000/irj/go/km/navigation/documents/Public Documents/Documentation
  But it should be:
  https://<externalportal>/irj/go/km/navigation/documents/Public Documents/Documentation
  Message was edited by:
          Sven Keller

• Purchase Order form in Query only mode for some users

  Hi All,
  I want to make the Purchase Orders form as query only for a single user. I tried by giving 'Query_only=Yes' in the parameters section. I am getting 'FRM-04151: You cannot query records here' message more than 10 time. I know we get this message and this is applicable to all the users. But this message is comming more than 10 times.
  Is there anyway that I can restrict the Query only mode to a single user and please suggest about the message also.
  Thanks in Advance,
  Naresh

  Naresh,
  Since you want to achieve this for one user only, I would suggest you create a new function/menu/responsibility and assign this responsibility to the user.
  Note: 400380.1 - How To Create a QUERY-ONLY FORM
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=400380.1
  For the FRM error, please review the following document.
  Note: 116074.1 - ACCESS LEVEL - REVIEW ONLY - PO
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=116074.1
  Regards,
  Hussein

• Enterprise Portal Log off Issue for External User

  Hello
  We are facing a Enterprise Portal log off issue for one of our external users.
  User is logged in and clicks on the "Log Off" link .
  User is prompted as seen below:
  Are you sure you want to logg off?
  Choose Yes or No
  Click on Yes and popup window goes away and nothing else happens.
  These problems logg off issue problem happening on Internet Explorer 6 but from from firefox browser, its working.
  Also  popups are not blocked on IE.
  EP version with SP level is EP 7.00 SP12.
  Even though from Internet explorer 6, i can log in and log off with internal user.
  Please advise for the log off problem .

  Hello
  I added the value ume.logoff.redirect.url =https://poqwas.synenco.com/irj/portal
  on Config Tool Global Paramter settings.
  Then restart the server.
  But I am getting the same problem.when I login with external user ID, then make log off. Nothin Happen...
  Please advise

• Cannot disable compatibility mode for all users once enabled

  I work for a school district technology department. For a computer lab that is using an old version of adobe Photoshop, we tried turning compatibility mode to windows xp and set it to run as administrator for all users in hopes that it might fix some problems
  with the program. When students log on it now asks them for a password. They do not have local administrator rights to the computers. After going back in and disabling the compatibility settings, the students are still being asked for a password to run the
  program. I have even tried uninstalling and reinstalling photoshop and the computer is still asking for a password to open the program. Is there some way to undo this in a permanent fashion so students are not asked for a pssword?

  Hello Mike Witnauer,
  Please correct me if I have misunderstanding:
  1. The student account can ran the Photoshop without administrator password before you turn compatibility mode to Windows XP.
  2. Then, the students need the password to run the Photoshop no matter if you use compatible setting.
  Please take the following steps and check if this issue still exists.
  1. Enable built-in administrator account
  2. Use the following code
   runas /user:ComputerName\Administrator /savecred "Full path to program's exe file"
  For more information, please take a look at the answer in the following thread.
  How to run a program as an administrator from within a non-elevated command prompt?
  https://social.technet.microsoft.com/Forums/en-US/0339772f-9f9b-4381-b513-73b263e2cf2f/how-to-run-a-program-as-an-administrator-from-within-a-nonelevated-command-prompt?forum=w7itprogeneral
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Page cannot display error for external user(via aproxy server)

  When i click the self service web application via proxy server.
  Following error thorugh
  Error : Cannot Display Page
  You cannot complete this task because one of the following events caused a loss of page
  data:
  Your login session has expired.
  A system failure has occurred.
  To proceed, please select the Home link at the top of the application page to return to the
  main menu. Then, access this page again using the application's navigation controls (menu,
  links, and so on) instead of using the browser's navigation controls like Back and Forward.
  Intenally the self service web application is working , Only External(via proxy server(DMZ))
  user only not accesible.
  External user only got the error.
  Thanks
  M.Soundrapandian

  Hi,
  Please do the same practice after enabling debug, it should collect more information about the error.
  Note: 249669.1 - How To Collect Apache and Jserv Debugging Details For Applications 11i
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=249669.1
  Regards,
  Hussein