CUP 5.3 SP8 - Authentication Source/User Details Source question

Hello,
Here is another issue I'm noticing with CUP.
Currently we have it configured as such:
Authentication Source: LDAP
Search Data Sourec: SAPHR
User Details Data Source: SAPHR
When a Requestor logs in to create a request for themself, Requestor Username and Email are correctly populated under the Requestor section of the request screen. This Username and Email match identically from SAPHR; and it should, as that is what we have defined as our User Data Source
When a Requestor logs in to create a request for another user, Requestor Username and Email are populated differently under the Requestor section of the request screen; this information in this case appears to be coming from LDAP. This does not seem correct to me. LDAP is only defined as the Authentication Source, not the User Data Source.
1) Why would the Requestor section populate differently when creating a request for yourself vs. another user?
2) Is this a bug in CUP?
3) Has anyone else noticed this or found a fix?
Thanks!!
Jes

We are on the same SP level and are configured similarly but don't see this issue.
Data Source - LDAP
Search - SAP
Datasource - Multiple (SAPHR, SAP(BI), LDAP, SAP(SRM))
Also, our LDAP does not carry the email address (yet).
When I create a new request for someone else, all the information is filled in correctly from our SAPHR system, if they are in HR, or from our BI system if they are not in HR but are in BI. However, since we don't carry e-mail address in our LDAP system yet, the requestor e-mail field is left blank and I have to manually fill it in. (We do plan on changing this).
Hope this helps,
Peggy

Similar Messages

CUP 5.2 - LDAP Authentication error - "User credentials not valid."

Hi Experts ,
I have set up LDAP "SUN ONE" as a authentication source for our CUP 5.2 SP11 Patch1 (Build-62316). But when I try to logon with my network id,I receive error "User credentials not valid."
Please find the log below.
Thank you for your help,
Regards,
Abderrahim
2011-03-01 12:07:57,232 [SAPEngine_Application_Thread[impl:3]_27] ERROR Failed to log in a867168
com.virsa.ae.service.umi.AuthenticationFailureException: No user details found
     at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:140)
     at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
     at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
     at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:207)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by:
com.virsa.ae.service.umi.UMIException: SUNONE error reading search results
     at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUsers(LDAPSearchUser.java:698)
     at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUserById(LDAPSearchUser.java:760)
     at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:131)
     at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
     at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
     at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:207)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3030)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2757)
     at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1828)
     at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1751)
     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:347)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:332)
     at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:252)
     at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:252)
     at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUsers(LDAPSearchUser.java:518)
     at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUserById(LDAPSearchUser.java:760)
     at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:131)
     at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
     at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
     at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
     at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:207)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)

My issue is stil not received, i hav send a document to the system team to follow for the integration. The AD configuration for QM shud be very expicit or else integration will not work. I am attachin the doc here. Let me knw if that helps.

User Details Data Source in CUP 5.3

Dear GRC Gurus,
Iam configuring CUP 5.3., in the User data source (which is used to fetch users,approvers,managers from backend) there is User Details Data Source -> i select SAP and i get the system name -> There is a Field Function Template -> there are two options, standard and Custom.
What is the use of Function Template ?
What is standard and Custom?
If we select Custom, what should we enter in Function Template Name?
Can you please clarify
Thanks a lot...
Regards
Selva

Hi,
The user data source only reads the user details for use in defaulting the information into request forms / workflow.
I believe that the function template just tells the system whether to use standard fields within the SAP user master or whether you have requirements to use alternative field mappings.
I don't think that the custom template name matters as it is identified.
I must admit that I haven't used it so I may be wrong but that is my current understanding!
Regards, Simon
Edited by: Simon P Persin on Oct 26, 2009 4:40 PM

User Data Source in CUP AC5.3

Hello,
What is the functionality of the User data sourcein Compliant User Provisioning?
We are using HR module and i have created the connector using the Jco destination VIRSA_HRModel.
I have configured the User data source type as SAP HR System as VIRSA_HRModel and Details source type as SAPHR with System name as VIRSA_HRModel.
Please explain the functionality.
Regards,
Kumar Rayudu

Kumar,
As you know CUP is an ticket creation, user provisioning tool with automated workflow. So CUP will need to bring user details or user information for requestor, approver, manager etc. from some kind of source. This is where data source comes into picture. Whenever you need to search for an user ID, CUP will look at the search data source and whenever CUP needs to bring in user information like name, email, phone etc., CUP will use user details data source.
DO NOT USE JCO IN CUP, ERM AND SPM. You will need to have exactly same connector names in all four modules of AC 5.3 for all of the integration functionality to work. When you use JCo, it will not allow you to change the default name (virsahr_model in your case).
ONE MORE THING, NEVER EVER TOUCH JCo OTHER THAN VIRSAXSR3 EVEN FOR RAR (CC). VIRSAHR AND VIRSAR3 ARE NOT RECOMMENDED TO USE.
I hope this helps.
Regards,
Alpesh

GRC 10.0 Access Request Creation- Data Source of User Details

Hi Experts,
I was doing GRC 10.0 Configuration and found a query which I am not able to resolve.
While creation of any kind of Access Request in GRC through NWBC> Acces Management Tab>Access Request>Access Request Creation.
In the user details section, I can see the HR records( like Pernr, position, manager) have been visible to some extent.
My question is where from these details came in GRC. What configuration we should maintain to achieve these HR records?
Hope to get a quick response as this is one of the requirement of the implementation which I am doing with my customer.
Thanks,
Atanu

Alessandro,
Thanks for your response. It helped me to know certain things.
But when I am navigating to SPRO > GRC > Access Control > Maintain Data Sources Configuration > [User Detail Data Source], it is configured with a ECC system in target connector and User data type is maintained as "SU01".
Now my question is where from in my case the GRC is pulling the HR records (PA20) like PERNR, POSITION,PERSONEL AREA etc? SU01 does not provide these information. My ECC box is integrated with HR module, so is it taking the data from HR directly?
Thanks in advance!
Atanu

GRC 10 - Legacy connector as user detail data source

Hello,
I'm trying to use a legacy connector (with a text file as input) as a user data-source.
Repository user sync for this legacy connector works : checked GRACUSER table, it is populated with all the user details from the input file (id,firstname,lastname,mail,department,phone
I got it working for user search data source : when creating an access request for "other" user, searching for a user ID/name works : data are displayed in search result, however when I select the user from the serach result the user details are not populated in an access-request form.
Any clue about this ? Any one already got this working ?
GRC 10.0 SP13.
Checked SP14 and SP15 release notes, and found no relevant notes yet.
repository-related notes applied :
-1864423
-1950231
Regards,
Emmanuel.

Hi Pedro,
You only have confirmed that 2 accounts are maintained in HCM and in SU01 as well, so you would be able to see these accounts' details both ways.
Yes, you are right about user account maintenance first in HCM at the time of new hire, then you can manually raise the access request to grant them access to various SAP systems. Or in order to automate this process as Prasahant suggested, you can take help from HR Triggers.
You can refer: GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki
But responding to your original discussion, whatever user accounts are maintained in HCM you would see those details provided you define HR for the "user search data source" AND from SU01 for "user detail data source"
In your case you have 2 accounts which have been maintained in HCM as well as SU01, so that is what creating confusion for you.
Let us know if you need any more clarifications.
Regards,
Ameet

User Details Data Source

Hello all,
I´m working to configure the user search data source and also user details data source from our GRC AC environment. Bellow my doubt:
Can I configure GRC AC to automatically fill the Manager field in the access request screen? Obviously the User Details Data Source must be configured. Is it possible using SU01? HR? LDAP? All of them? Some examples would be really appreciated.
In other words:
When an Access Request is made, I want all User Details filled automatically, including the Manager.
Regards,
SAP Legend

Hi,
Yes you can configure the manager look up functionality by configuring the detail data source in the IMG and make sure you do all the configurations respective to what data source you are using.
If you are using LDAP then make sure you have done the mapping for your AC field name and target system field name and all the LDAP related configurations.
If you are using HR system as the data source please check the below link.
Configure Manager Look-Up in ARM for GRC 10
Regards,
Neeraj

Java.lang.SecurityException: Authentication for user system denied in realm wl_realm

I am experiencing this error when a servlet or JSP is preloaded on the web
server and the init method of the preloaded item results in a call to the
app server. If I don't preload and then manually invoke the JSP or servlet
after the web server completely loads the call to the app server does not
produce the exception. The only security differences between the web and
app servers are the console and system passwords. I can fix the problem by
making the passwords (system and console) the same across the board, but
find it hard to believe that this is the true solution. I would prefer
sticking with the default security settings.
I've poured through hundreds of messages. I can find similar problems but
not this exact problem.
Any ideas would truly be appreciated!
More information:...
App and Web server are both wls 6.1.1.0 running on the same SUN Solaris box.
Both are using the basic, out of the box, security.
The App server has SSL disabled.
The exception reported in the app server's log is:
java.lang.SecurityException: Authentication for user system denied in realm
wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:125)
at weblogic.security.acl.internal.Security.verify(Security.java:87)
at
weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
2)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The exception reported in the web server's log is:
java.lang.SecurityException: Authentication for user system denied in realm
wl_realm
at
weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
java:85)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:255)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:222)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy54.lookup(Unknown Source)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at
com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
at
com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
at
com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
ctory.java:305)
at
com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
at
com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
va:106)
at
com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
30)
at
weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
:700)
at
weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
va:643)
at
weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
a:588)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
ontext.java:2203)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
Context.java:2147)
at
weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
a:884)
at
weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
ava:807)
at
weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
at weblogic.j2ee.Application.addComponent(Application.java:160)
at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:329)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:144)
at
weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
76)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy33.addWebDeployment(Unknown Source)
at
weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
t(WebServerMBean_CachingStub.java:1094)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:315)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
Target.java:279)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
eploymentTarget.java:233)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
entTarget.java:193)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy32.updateDeployments(Unknown Source)
at
weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
ServerMBean_CachingStub.java:2734)
at
weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
icationManager.java:362)
at
weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
r.java:154)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy45.start(Unknown Source)
at
weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
ApplicationManagerMBean_CachingStub.java:480)
at
weblogic.management.Admin.startApplicationManager(Admin.java:1151)
at weblogic.management.Admin.finish(Admin.java:570)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
at weblogic.Server.main(Server.java:35)
Thanks,
Jed Zimmer

You're correct. I meant the DOMAIN_SYSTEM_PASSWORD password in my
<domain-name>domain.ksh file. The DOMAIN_SYSTEM_PASSWORD value (if
specified) has to match the system user's password or else the server will
not start/stop.
I have determined more since my post. A startup class also produces the
same error. I have minimized my environments as follows and still receive
the exception, and a soon as I synchronize the system users' passwords on
the app/web server the problem goes away. Or, I can keep the passwords
different and just not access the app server EJBs until after the web server
finished loading, which also causes the error to go away. I'm just confused
about what I might be doing wrong.
Steps to produce the error:
App server:
- Installed from 6.1.1.0 from scratch and started it up.
- Changed the system user's password from the admin console, persisting the
changes.
- Modified logging settings to see more info in the log files.
- Disabled instrument stack traces.
- Stopped/Started the app server
Web server:
- Installed from 6.1.1.0 from scratch and started it up.
- Modified logging settings to see more info in the log files.
- Disabled instrument stack traces.
- Added a servlet to the DefaultWebApp_insiteserver application
- specified name and class
- the load on startup setting defaulted to zero, which will cause the
preloading
- Added 3 jar files to the classpath to support the EJB call
- Stopped/Started the web server
When the web server loads the servlet loads and tries to locate the EJB on
the app server. The app server throws the security exception. The app/web
servers are both running on the same SUN box, have the same IP address
(different ports) and I'm using non-SSL. Each server is it's own WLS
environment. The only installed file that is shared it the
weblogic_domain_registry.dat file in the root directory. As for security,
I'm doing nothing except changing one password (system user on the app
server).
I then tried to manually upgrade the app/web servers to 6.1.2.0 by updating
the WEBLOGIC_ROOT in the respective xxxxdomain.ksh files. Same problem.
I then cleanly reinstalled the app/web servers using version 6.1.2.0 and
configured as above. Same problem.
Let me know if I need to provide additional details.
Thanks,
Jed Zimmer
"Joseph Nguyen" <[email protected]> wrote in message
news:[email protected]...
>
"Jed Zimmer" <[email protected]> wrote in message
news:[email protected]...
I am experiencing this error when a servlet or JSP is preloaded on the
web
server and the init method of the preloaded item results in a call tothe
app server. If I don't preload and then manually invoke the JSP orservlet
after the web server completely loads the call to the app server does
not
produce the exception. The only security differences between the weband
app servers are the console and system passwords. I can fix the problemby
making the passwords (system and console) the same across the board, but
find it hard to believe that this is the true solutionI don't quite understand what you mean by "console" password? Are you
talking about the admin console? If so then it's confusing because youhave
to log into the console using the system user. If you can clarify morehere
it would great.
Joseph Nguyen
BEA Support
. I would prefer
sticking with the default security settings.
I've poured through hundreds of messages. I can find similar problems
but
not this exact problem.
Any ideas would truly be appreciated!
More information:...
App and Web server are both wls 6.1.1.0 running on the same SUN Solarisbox.
Both are using the basic, out of the box, security.
The App server has SSL disabled.
The exception reported in the app server's log is:
java.lang.SecurityException: Authentication for user system denied inrealm
wl_realm
at weblogic.security.acl.Realm.authenticate(Realm.java:212)
atweblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
at
weblogic.security.acl.internal.Security.authenticate(Security.java:125)
atweblogic.security.acl.internal.Security.verify(Security.java:87)
at
weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:235)
at
weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:2
2)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
The exception reported in the web server's log is:
java.lang.SecurityException: Authentication for user system denied inrealm
wl_realm
at
weblogic.rmi.internal.BasicOutboundRequest.sendReceive(BasicOutboundRequest.
java:85)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:255)
at
weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
:222)
at weblogic.rmi.internal.ProxyStub.invoke(ProxyStub.java:35)
at $Proxy54.lookup(Unknown Source)
at
weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:323)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at
com.qwest.tmmt.manager.client.MDMAdapter.getEJBHome(MDMAdapter.java:197)
at
com.qwest.tmmt.manager.client.MDMAdapter.<init>(MDMAdapter.java:64)
at
com.qwest.tmmt.manager.client.ManagerFactory.createMetaDataManager(ManagerFa
ctory.java:305)
at
com.qwest.insite.util.ClientMetaDataCache.<init>(ClientMetaDataCache.java:53
at
com.qwest.insite.util.ClientMetaDataCache.getInstance(ClientMetaDataCache.ja
va:106)
at
com.qwest.insite.metadata.startup.MetaDataServlet.init(MetaDataServlet.java:
30)
at
weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.java
:700)
at
weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImpl.ja
va:643)
at
weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.jav
a:588)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletC
ontext.java:2203)
at
weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppServlet
Context.java:2147)
at
weblogic.servlet.internal.WebAppServletContext.init(WebAppServletContext.jav
a:884)
at
weblogic.servlet.internal.WebAppServletContext.<init>(WebAppServletContext.j
ava:807)
at
weblogic.servlet.internal.HttpServer.loadWebApp(HttpServer.java:421)
at weblogic.j2ee.WebAppComponent.deploy(WebAppComponent.java:74)
at weblogic.j2ee.Application.addComponent(Application.java:160)
at weblogic.j2ee.J2EEService.addDeployment(J2EEService.java:117)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:329)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:144)
at
weblogic.management.mbeans.custom.WebServer.addWebDeployment(WebServer.java:
76)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy33.addWebDeployment(Unknown Source)
at
weblogic.management.configuration.WebServerMBean_CachingStub.addWebDeploymen
t(WebServerMBean_CachingStub.java:1094)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployment(DeploymentT
arget.java:315)
at
weblogic.management.mbeans.custom.DeploymentTarget.addDeployments(Deployment
Target.java:279)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateServerDeployments(D
eploymentTarget.java:233)
at
weblogic.management.mbeans.custom.DeploymentTarget.updateDeployments(Deploym
entTarget.java:193)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy32.updateDeployments(Unknown Source)
at
weblogic.management.configuration.ServerMBean_CachingStub.updateDeployments(
ServerMBean_CachingStub.java:2734)
at
weblogic.management.mbeans.custom.ApplicationManager.startConfigManager(Appl
icationManager.java:362)
at
weblogic.management.mbeans.custom.ApplicationManager.start(ApplicationManage
r.java:154)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:608)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
92)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:352)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:449)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:190)
at $Proxy45.start(Unknown Source)
at
weblogic.management.configuration.ApplicationManagerMBean_CachingStub.start(
ApplicationManagerMBean_CachingStub.java:480)
at
weblogic.management.Admin.startApplicationManager(Admin.java:1151)
at weblogic.management.Admin.finish(Admin.java:570)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:506)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:203)
at weblogic.Server.main(Server.java:35)
Thanks,
Jed Zimmer

CUP 5.3 SP8 - Distribution Groups and DL Approver

Hello,
In CUP, we are trying to configure the DL Approver because we are using a Distribution List as the alternate approver for one of our stages (At Stage Role Approver)
We are testing a change request for a user to get a role which has the role approver TCUPRA1. The Alternate approver for this role is DL-TESTCUP. Tied to this DL in active Directory is TCUPRA2 and TCUPRA3.
All 3 of these approvers are in our SAPHR system, which is what we use for authentication, data source, and search source. All 3 of these users also have the necessary LAN accounts to properly tie them to the DL. Our LDAP connector in CUP is configured correctly and works great and we have setup Approver group using the distribution list DL-TESTCUP.
In our test workflow, we have escalation setup that if a Role Approver doesn't approve within an hour, the request is forwarded to alternate approver. In this case, the alternate approver is DL-TESTCUP (so in theory, since TCUPRA2 and TCUPRA3 are tied to this DL, they should be the alternate approvers i.e. have authority to move the request along)
At the stage right before Role Approver stage (which is the stage where we are adding this role to the request), we are getting an error that says " Error processing your request, Request no: 32 in stage : BR_SEC_ASSIGN."
Here is the error in logs:
Caused by:
com.sap.security.core.logon.imp.UMELoginException: USER_AUTH_FAILED
     at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:946)
     at com.virsa.ae.service.umi.ume.UMEAuthenticator.authenticate(UMEAuthenticator.java:104)
     ... 19 more
2009-07-31 10:16:39,178 [SAPEngine_Application_Thread[impl:3]_25] ERROR Ignoring Exception - User : BRAZIL SEC ADMINS not found to get full name
com.virsa.ae.core.ObjectNotFoundException: User BRAZIL SEC ADMINS not found in SAP HR system
I'm seeing in there that User BRAZIL SEC ADMINS is not found in HR? BRAZIL SEC ADMINS is not a user, but rather the name of the Distribution Group we defined in CUP. Maybe I'm misunderstand the whole functionality of DL approvers in CUP?
Can someone clarify to me how I setup this piece of functionality - what are we doing wrong? Why is CUP looking in HR to authenticate a Group name that I defined IN CUP?
Let know if I need to elaborate further.
Thanks!
Jes

Thank you for your reply Sirish!
I added the additional LDAP mapping and am now able to "approve" to the Role Approver stage of the workflow without CUP stopping me immediately with an error.
The audit trail now says "Request Escalated to Alternate approver"
HOWEVER, it is still not working completely.
TCUPRA2 and TCUPRA3, the users tied to the DL in which the request was excalated to, do not have authority to approve the request (and they didn't receive email notifications either; we do have this setup)
The log still shows this error:
2009-08-03 08:25:09,898 [SAPEngine_Application_Thread[impl:3]_17] ERROR Ignoring Exception - User : BRAZIL SEC ADMINS not found to get full name
com.virsa.ae.core.ObjectNotFoundException: User BRAZIL SEC ADMINS not found in SAP HR system
It is still trying to look back at HR for something in relation to this distrubtion group, which I do not understand at all. This is an Active Directory DL and the two users listed above are indeed tied to it. Also, these users are properly setup in our SAPHR system as well. I simply do not understand why CUP is looking for the group "BRAZIL SEC ADMINS" - I created this "group" in CUP and tied the DL to it; it is not a "user" like the error seems to be referring to.
Basically, the issue still is, users tied to the DL are not getting authority to take over the request when escalation occurs. Something still isn't completely configured or configured correctly.
Any ideas? Has anyone used DL approvers?
Thanks so much!
Jes

Where does apex get user details from for login in

sorry for this stupid question. I have been looking up in google "where does apex get user details from for login in" and nothing answers my question. Basically I wanted to know when you log in your application how does apex know you have access to this application. How does it know you are a valid user because I am creating an application which basically checks if a user exist in one database and also checks if he/she exist in the second database.
Thanks you and sorry if this is very newbie

In the page 101 which is the login in page in the login in process. I have this in the source its not working in term of it is not letting me login in anymore even though I exist in the user table.
DECLARE
v_access_level number;
BEGIN
SELECT count(*)INTO
v_access_level
FROM USER
WHERE UPPER(USER_NAME) = UPPER(:APP_USER);
IF NVL(v_access_level, 0) !=0 THEN
wwv_flow_custom_auth_std.login(
    P_UNAME       => :P101_USERNAME,
    P_PASSWORD    => :P101_PASSWORD,
    P_SESSION_ID => v('APP_SESSION'),
    P_FLOW_PAGE   => :APP_ID||':9'
ELSE
wwv_flow_custom_auth_std.login(
    P_UNAME       => :P101_USERNAME,
    P_PASSWORD    => 'YtYuTrFRd',
    P_SESSION_ID => v('APP_SESSION'),
    P_FLOW_PAGE   => :APP_ID||':9'
END IF;
end;
please bare in mind that my USER table DOES NOT have a password because the authentication scheme as all the details of login in to any systems. I am only trying to check if the username exist in my USER table.
Thanks

Tabular Form - How to store in a column the User details (APP_USER)

Hi all,
I have let's say the following table:
USER_COMMENTS(
ID number primary key,
COMMENT_TEXT varchar2(50),
POSTED_BY_USER varchar2(50),
DATE_POSTED date,
UPDATED_BY_USER varchar2(50),
DATE_UPDATED date)
How do I, using a Tabular Form, get the USER details in the columns POSTED_BY_USER and UPDATED_BY_USER and the SYSDATE in DATE_UPDATED...
I've tried the following:
Created tabular form, all fields included. In Report Attributes > edit UPDATED_BY_USER > Display as Display as Text (saves state); Default Type: Item (application or page item); Default: APP_USER.
It's not working.
Thanks!
Andrei

It has to be a text field column type with source like the other updatable columns. You should hide that column and create a second of display as text if you want to show the content. Once this is done then you can use the default value and just type the item name there as you did:
P1_ITEM
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.opal-consulting.de/training
http://apex.oracle.com/pls/otn/f?p=31517:1
------------------------------------------------------------------------------

While updating user Details I am gettingsome error

Hi ,
While updating the user details from OIM server(OIM 9102 BP12) I am getting following error.Same is working properly on BP02.Can anybody help me to find out what is the root cause of this problem?
- I am trying to ceare a user through PSFT test utility, and getting following error.Same error is coming when we are creating user from
OIM server console.
Running GETROGUEACCOUNTSAMACCOUNTNAME
Target Class = com.thortech.xl.utilities.rogueAccountDetect
$$$ Rogue Account Detect $$$
The reconType query is: select obj_name from obj where obj_key=(select obj_key from rce where rce_key=38784)
$$$ Recon Object is: Xellerate User
$$$ wrong recon type for rogue account detect
tcDeptCodeChanged Running
Nr Name Value
0) Lookup Name Department SiteCode Mapping
1) From Field USR_UDF_DEPARTMENT_ID
2) To Field USR_UDF_SITECODE
3) Debug YES
4) SMTP Server 10.53.12.18
5) Email To [email protected]
6) Email From [email protected]
7) Trigger Field USR_UDF_SITECODE
8) Disable Resource RACF,RACF IMS_TMCC (AutoProvision)
9) ID Field UD_RACF_ID,UD_IMSB_ID
10) Resource Object RACF IMS_TMCC (AutoProvision)
11) RO Form UD_RACFUSRO
12) Field 01 Name UD_RACFUSRO_CREATE_IND
13) Field 01 Value RACF_CREATE
14) Field 02 Name UD_RACFUSRO_USER_TYPE
15) Field 02 Value IMS_TMCC
16) Translate Email Def Department Code Lookup Error
17) RBAC Job Codes List RBAC Job Codes
18) RBAC Departments List RBAC Departments
19) Job Code Field USR_UDF_JOB_CODE
SMTP Server : 10.53.12.18
Email To : [email protected]
Email From : [email protected]
Lookup Name : Department SiteCode Mapping
From Field : USR_UDF_DEPARTMENT_ID
Translate Email Def : Department Code Lookup Error
To Field : USR_UDF_SITECODE
t c D e p t C o d e C h a n g e d
User: ()
Old Department Code:
New Department Code: 064010
G E T U S E R R E S O U R C E
This is a create
More than one User Record Found, most likely a create
Number of Users: 12843
G E T L O O K U P D E F I N I T I O N S
Lookup rows: 210
Nr Name Value
E V A L U A T E F I E L D D A T A
*ACT: :
*OLD: :
*NEW: 064010 : 014
OLD VALUE NOT FOUND IN LOOKUP!
U P D A T E S I T E C O D E F I E L D
Running MANAGERSEARCHCONDITIONS
Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
Running FINDMANAGER
Running GETMANAGERCOUNT
Running GETMANAGERKEY
Running GENUNIQID
Target Class = com.thortech.xl.utils.tcUserData
<TMS 101> Flag:<Both> Checking for user in AD: khanz at server: <10.49.61.101>
<TFS 185> Flag :<Both> Checking for user in AD: khanz at server:<10.49.61.101>
Running CREATEGETUSERMAP
Target Class = com.thortech.xl.util.adapters.tcUtilHashTableOperations
Running GETUSER
Running Create Update User Map
Running Update Update User Map
Running UPDATEUSER
tcDeptCodeChanged Running
Nr Name Value
0) Lookup Name Department SiteCode Mapping
1) From Field USR_UDF_DEPARTMENT_ID
2) To Field USR_UDF_SITECODE
3) Debug YES
4) SMTP Server 10.53.12.18
5) Email To [email protected]
6) Email From [email protected]
7) Trigger Field USR_UDF_SITECODE
8) Disable Resource RACF,RACF IMS_TMCC (AutoProvision)
9) ID Field UD_RACF_ID,UD_IMSB_ID
10) Resource Object RACF IMS_TMCC (AutoProvision)
11) RO Form UD_RACFUSRO
12) Field 01 Name UD_RACFUSRO_CREATE_IND
13) Field 01 Value RACF_CREATE
14) Field 02 Name UD_RACFUSRO_USER_TYPE
15) Field 02 Value IMS_TMCC
16) Translate Email Def Department Code Lookup Error
17) RBAC Job Codes List RBAC Job Codes
18) RBAC Departments List RBAC Departments
19) Job Code Field USR_UDF_JOB_CODE
SMTP Server : 10.53.12.18
Email To : [email protected]
Email From : [email protected]
Lookup Name : Department SiteCode Mapping
From Field : USR_UDF_DEPARTMENT_ID
Translate Email Def : Department Code Lookup Error
To Field : USR_UDF_SITECODE
tcDeptCodeChanged: new and old field value is same, returning
tcJobCodeStatusChanged Running
0) Trigger Field USR_UDF_JOB_CODE
1) Debug YES
2) Request Key Resource AD User
3) Request Key Field UD_ADUSER_REVOKE_REQ_KEY
4) RACF B User ID Field UD_ADUSER_B_USERID
5) RACF T User ID Field UD_ADUSER_T_USERID
6) RACF I User ID Field UD_ADUSER_I_USERID
7) RACF B Resources RACF IMS_TMCC (AutoProvision)
8) RACF I Resources RACF IMS_TMIS (AutoProvision)
9) RACF T Resources RACF TSO_TMCC_NP (AutoProvision),RACF TSO_TMIS_NP (AutoProvision)
10) Common Resources Lotus Notes,LAN,Internet,Stars,Focus
11) Exclusion List Lookup.Object Exclusion List
12) Other Delete Resources Lookup.Other Delete Resources
13) RBAC Job Codes List RBAC Job Codes
14) RBAC Departments List RBAC Departments
Trigger Field : USR_UDF_JOB_CODE
newFieldValue 99O109 oldFieldValue 99O109
terminationFlag 0 oldTerminationFlag 0
processFlag N
tcJobCodeStatusChanged: new and old field value is same, returning
ERROR,28 Dec 2010 05:49:05,199,[XELLERATE.SERVER],Class/Method: tcDataObj/eventPostUpdate encounter some problems: com.thortech.xl.dataobj.util.tcProvPolicyUtils
java.lang.InstantiationError: com.thortech.xl.dataobj.util.tcProvPolicyUtils
at com.thortech.xl.client.events.tcUSRevaluatePolicies.evaluatePolicies(Unknown Source)
at com.thortech.xl.client.events.tcUSRevaluatePolicies.implementation(Unknown Source)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcUSR.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.updateUserData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.updateUser(Unknown Source)
at com.thortech.xl.ejb.beans.tcUserOperationsSession.updateUser(Unknown Source)
at com.thortech.xl.ejb.beans.tcUserOperations_voj9p2_EOImpl.updateUser(tcUserOperations_voj9p2_EOImpl.java:1995)
at Thor.API.Operations.tcUserOperationsClient.updateUser(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy61.updateUser(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpSETBOOLEANVALUES.UPDATEUSER(adpSETBOOLEANVALUES.java:271)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpSETBOOLEANVALUES.implementation(adpSETBOOLEANVALUES.java:89)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcORC.postInsertSysVal(Unknown Source)
at com.thortech.xl.dataobj.tcORC.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.util.tcOrderPackages.createProcessORC(Unknown Source)
at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(Unknown Source)
at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(Unknown Source)
at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForOrganization(Unknown Source)
at com.thortech.xl.dataobj.tcOIO.provision(Unknown Source)
at com.thortech.xl.dataobj.tcOIO.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcOrgProvisionObject.insertImplementation(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcUSR.orderUserProcess(Unknown Source)
at com.thortech.xl.dataobj.tcUSR.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.createUserRecord(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.applyActionRules(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.checkDataSorted(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.finishDataReceived(Unknown Source)
at com.thortech.xl.schedule.jms.reconOffline.ProcessOfflineReconMessages.finishReconciliationEvent(Unknown Source)
at com.thortech.xl.schedule.jms.reconOffline.ProcessOfflineReconMessages.execute(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.MessageProcessUtil.processMessage(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.ReconMessageHandlerMDB.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4547)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4233)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3709)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:114)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5058)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
ERROR,28 Dec 2010 05:49:05,207,[XELLERATE.SERVER],Class/Method: tcDataObj/save Error :Data Update Failed
ERROR,28 Dec 2010 05:49:05,210,[XELLERATE.DATABASE],Class/Method: tcDataBase/rollbackTransaction encounter some problems: Rollback Executed From
java.lang.Exception: Rollback Executed From
at com.thortech.xl.dataaccess.tcDataBase.rollbackTransaction(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.rollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.doRollback(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.updateUserData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcUserOperationsBean.updateUser(Unknown Source)
at com.thortech.xl.ejb.beans.tcUserOperationsSession.updateUser(Unknown Source)
at com.thortech.xl.ejb.beans.tcUserOperations_voj9p2_EOImpl.updateUser(tcUserOperations_voj9p2_EOImpl.java:1995)
at Thor.API.Operations.tcUserOperationsClient.updateUser(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy61.updateUser(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpSETBOOLEANVALUES.UPDATEUSER(adpSETBOOLEANVALUES.java:271)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpSETBOOLEANVALUES.implementation(adpSETBOOLEANVALUES.java:89)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcORC.postInsertSysVal(Unknown Source)
at com.thortech.xl.dataobj.tcORC.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.util.tcOrderPackages.createProcessORC(Unknown Source)
at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(Unknown Source)
at com.thortech.xl.dataobj.util.tcOrderPackages.createOrder(Unknown Source)
at com.thortech.xl.dataobj.util.tcOrderPackages.orderPackageForOrganization(Unknown Source)
at com.thortech.xl.dataobj.tcOIO.provision(Unknown Source)
at com.thortech.xl.dataobj.tcOIO.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcOrgProvisionObject.insertImplementation(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcUSR.orderUserProcess(Unknown Source)
at com.thortech.xl.dataobj.tcUSR.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.createUserRecord(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.applyActionRules(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.checkDataSorted(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcRCE.finishDataReceived(Unknown Source)
at com.thortech.xl.schedule.jms.reconOffline.ProcessOfflineReconMessages.finishReconciliationEvent(Unknown Source)
at com.thortech.xl.schedule.jms.reconOffline.ProcessOfflineReconMessages.execute(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.MessageProcessUtil.processMessage(Unknown Source)
at com.thortech.xl.schedule.jms.messagehandler.ReconMessageHandlerMDB.onMessage(Unknown Source)
at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:466)
at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:371)
at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:327)
at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4547)
at weblogic.jms.client.JMSSession.execute(JMSSession.java:4233)
at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3709)
at weblogic.jms.client.JMSSession.access$000(JMSSession.java:114)
at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5058)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

Search on metalink for the following error to see lots of documents related to this error and the specific solution.
[XELLERATE.SERVER],Class/Method: tcDataObj/eventPostUpdate encounter some problems: com.thortech.xl.dataobj.util.tcProvPolicyUtils
java.lang.InstantiationError: com.thortech.xl.dataobj.util.tcProvPolicyUtils

User details are missing in Access request in GRC 10.0

Hello All,
When we are trying to create Access request in GRC 10.0 for an user it results as user details not found.
Under SPRO - Maintain data source configuration we have configured 2 HR systems HR1 and HR2.
But the User details exits in HR1 system and lies in validity also. We have tried to run the Repository Object Sync also still unable to search the details.
But we observed even after the Sync job User details are not created in table GRACUSER and GRACUSERCONN. Is this could be the problem. Why its not updating even after the Sync job many times almost 10 times.
We have also configured parameter 5023 to YES.Please advise.
Thanks in advance.

Did the sequence for HR1 set to 1 or 2, I hope you are following the suggestions given by Luciana in other thread.
Please post your data source config screenshots otherwise.
BR,
Mangesh

User Data Source in GRC AC 10

Dear Experts,
Need clariofcation regarding User data Source for SAP GRC AC .
Till GRC AC 5.3 we can use only one sap backend system as user data source for gettting users like manager,approver etc and have to change User data source if user reside in some other system .
Is this been address with GRC AC 10 .
Thanks & Regards
Asheesh

Hi Asheesh,
Looking at the configuration, you can configure multiple target systems against all of the different data sources and authentication sources. It uses the sequence number to identify in which order these should be accessed.
SPRO - Ref IMG - GRC - Access Controls - Maintain Data Sources Configuration
However, in my experience connecting lots of different systems to take elements of user data causes performance issues and often cuases some confusion about the actual data to be displayed. You'll need to consider the field mapping and source elements casrefuly to ensure you don't get conflicting information.
Simon

Access enforcer and User Data Source for HR

We are on Access Enforcer 5.2 - service pack 2:
My problem is that when creating a new request in AE, I able to get a list of all users when I point my User Data Source to either SAP or UME. However when I attempt to create a request whilst pointing the User Data Source at the SAPHR system, I do not get any users back (and we have user set up in the SAP HR system).
Ive changed the connector to YES under the HR System box, Ive changed the Data Source Type and Details Source Type to point at the SAPHR and still it fails to fetch any users.
I've tried looking at the log, but can't get much out of it.
I would appreciate it, if anyone could provide any assistance.
Thanks you in advance.
Amarjit
Message was edited by:
amarjit singh

Hi Micheal,
Thanks for your reply.
I'm pointing both Data Source Type and Details Source Type to the same system SAPHR and to the same system name (which is our dev system)
Regards,
Amarjit

CUP 5.3 SP8 - Authentication Source/User Details Source question

Similar Messages

Maybe you are looking for