CUPS 8.0 end user login issue

Similar Messages

• GRC AC 10.1 - End User Login - Request issue

  Hi experts!
  Im working in GRC AC 10.1 SP07. I have configured END USER LOGIN services; the idea is that end user from ECC system could submit request without having user in GRC box, this is working fine but i´m experimenting next problem.
  When i go to search request, those request submited by end user appears like created by Z_END_USER, this is the user in GRC that i have configured in services GRAC_UIBB_END_USER_LOGIN and GRAC_OIF_REQUEST_SUBMISSION_EU.
  ¿Is possible to configure that request appears "Created By" the requester and not the service´s user? I don´t think so, but if not, ¿is there any way to add the column User ID in Result screen? because it is avaible in parameters search but im not being able to add this in result screen (it´s not like hidden neither).
  Parameters "Created by user ID" would be service´s user and "User ID" would be the requester.
  Thanks!
  Emiliano

  Hi Emiliano,
  Your understanding is correct, request created by UserID will always show GUEST UserID configured in the End User Logon service.
  In search requests there is option to search requests by UserID but the same field has not been enabled to be available in Search Request result screen. This is as per standard functionality. You can check with SAP or can work with ABAPer to make the UserID column as display field in Search Request results.
  Regards,
  Madhu.

• End User Login Message

  Hi Folks,
  Our production IDM setup has 3 IDM instances sharing the same repository. The IDM End user is used for setting passwords in IDM and LDAP.
  Recently, couple of users have reported this error while trying to log in into IDM end user login page.
  "Your password has expired for account xxxxxx. Please change it now.
  Item User:xxxxxx was not found in the repository, it may have been deleted in another session."
  I had seen an earlier posting on this but there were no answers. Does any have a clue why this happens?
  Any lead will be greatly appreciated.
  Thanks in advance!
  Suvesh

  Hi shivjansi,
  This is normal behavior for the service desk.  It gives end-users a limited UI compared to the ticket processors.  Unfortunately the features of the limited UI are hardcoded so you cannot configure the UI so that end-users get two tabs while a ticket processor gets all six tabs. This may change in SolMan 7.1, let's hope so
  SolMan determines if a user is an end-user by checking the auth object
    CRM_TXT_ID
        Activity <ACTVT>: 02
        Text ID <TEXTID>: SU15
  If the auth check for this auth object fails, then the user is considered to be an end-user and they get the limited UI.
  Good luck!
  Jon

• Where are the ID and Password fields in End User Login ?

  Hi:
  I need to modifiy the ID / Password labels of the end-user login. I searched it in the WPMessages.properties, but i only find the variable UI_PWD_LABEL, and if i change it, it saw in the Admin Login but not in the User Login.
  Any idea?
  Thanks,
  MJ.

  Please tell us your first name and update your forum profile with it to help us. Thanks.
  The first process sets a convenience cookie with the value the user entered in the username field. This is a session cookie. The code is all there. It has nothing to do with the topic of your post.
  The Login process calls the apex login API. This performs authentication and does session registration and sets another cookie for session management.
  Where usernames and passwords are stored depends on the type of authentication you have chosen and this is recorded in the Authentication Function attribute of the authentication scheme. For Application Express authentication, the account information is in the table wwv_flow_fnd_user. You might also use your own tables for this, or LDAP, or SSO, ...
  Scott

• End user login to CI server

  Hello,
  In R/3 landscape there are 4 Application servers  and CI Cluster (2 separate servers) and DB Cluster (2 separate servers)
  In one of the CI Server,  Message server and Enrique server  is running.   (allocated virtual IPs for this  MSG server & ENQ server)
  (End user will connect to the message server)
  So when a request comes to message server, it will direct the request to one of the Application servers.
  So according to the setup, all the users should reside in the Application servers. End- users are not allowed to login to CI server.
  Only BASIS admins can login to this.
  But when checking using al08, time to time  it shows few users are login to this CI server (erpcv)
  How this happens, Is that a problem with the message server or any other issue !!!
  regards,

  You need to configure your servers in logon groups (SMLG) and distribute the correct logon groups to the users.
  My assumption, There may be few users have SAPGUI points to directly to CI.
  We also have 4 apps and 1 CI/MS and DB as cluster, but have allowed users to logon to all the servers (4 apps + 1 CI) this is due to nothing is running on CI+MS and technically speaking waste of CI resources if you are not allowing users to logon and using system.
  Don't worry SMLG (load balancing) will take care of distributing the load.

• AD users login issue.

  Hi All,
  We are getting login issue on our UAT server. AD users are not able to login into share point,it again prompting login box after entering correct username and password.
  When we add that user to local admin group then it works.

  May be you are try it on same sharepoint machine. If you try some other machine it will work fine. You need to create a registry key for that. This is a known issue with sharepoint
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  DWORD DisableLoopbackCheck
  Value. 1
  http://support.microsoft.com/kb/896861

• Mac OSX Lion Server Network User Login Issue

  We have in the office a server running Mac OSX Lion, and several network users who've all been running happily for quite a will.
  About a month ago I was added to the system, and initially we had a few issues relating to the home directory, but we changed 'something' and it all worked.
  Fast forward to now, and we've added a new user - Hannah - to our system.
  I've added her in the Workgroup Manager, and set her up everywhere I can find on the server. Her home directory creates on the server fine.
  She appears in the Logon list on the client machines, and here's where the trouble starts...
  Every time she tries to log on, it fails. The logon box just bounces or wobbles as though the password is incorrect. We've tried changing the password, to no avail. We've tried adding new test users - same problem.
  We've tried sudo kinet on the Terminal as a local user, with variable results.
  I'm at my wits end, and really hoping someone here can help offer some suggestions or advice we can work through to get to the bottom of this.
  Thanks in advance!

  Your problems are likely occurring because you added her to the directory with Workgroup Manager.
  You should really start avoiding WGM when at all possible as Apple is clearly moving away from it. Because of this, things don't always work as expected when using 'legacy' tools like WGM.
  My guess as to what your problem is: When you create a new user in Server.app, two things happen for you automatically that WILL NOT HAPPEN if done from WGM.
  First the user is added to the default "Workgroup" group.
  More importantly (and the source of much confusion), the user is automatically added to SACLs.
  Check the SACL for the user in Server.app, I bet you'll notice that they aren't a member of the File Sharing group like they should be. To solve this problem, you can either delete the user and recreate them in Server.app, or manually add them to the appropriate SACL.
  I would opt for recreating them in Server.app if I were you, as I don't trust user accounts that originate in WGM on Lion Server.

• EDirectory users login issue(Linux Systems)

  Dear team,
  For PDC(primary domain controller)::
  We have installed SLES11-SP3 and OES11-SP2 on the top of this.
  After this, we configured DSFW and eDirectory.
  Now, when we are trying to login eDirectory users from Windows System,, we are able to do this.
  But when we trying from Linux Systems, users are able to login but not getting their respective directory (/home/user_name)
  For ADC(additional domain controller)::
  We configured same configuration as shown above by replicating tree.
  For this server, when we are trying to login eDirectory users from Windows and Linux Systems, we able to do this successfully without any issue.
  Both Servers we are using for high availability.
  Please help us on the PDC.
  Thanks

  Dear Team,
  As you asked we don't know whether it is using ncp or dsfw, please let us know this also. I want to give you clear picture, step by step.
  Goal:
  1. We have two systems, need replication of edirectory Partition.
  2. We need to login from edirectory users in windows/linux both
  3. We want to login into windows systems like AD users from DSFW, using domain login.
  4. We need to login in Linux machine with eDirectory users using LDAP authentication
  5. We need to sync both systems 24x7x365
  Implementation:
  1. We have install SLES11-S3 with OES2-S2 in first machine with image name OES11-SP2-addon_with_SLES11-SP3-x86_64-DVD.iso (4GB image size)
  https://www.novell.com/documentation.../b11i67vh.html
  a) Installation of forest root domain.
  b) New tree : K_TREE
  c) FDN : cn=administrator,cn=Users,dc=k2,dc=gov,dc=in
  d) Net bios domain name = k2
  e) Configure this server as WINS server:selected check box
  f) Site name : DC
  Particulars:
  IP : 10.0.0.136
  Hostname: PDC.k2.gov.in
  Domain: k2.gov.in
  Netbios name: k2
  NTP: 10.0.0.136 (we dont have ntp server as of now)
  Selected : Use multicast to access SLP
  Novell modular authentication services: Challenge response, NDS
  Then Novell OES configuration successfully done.
  2. In second server we have replicated first edirectory server.
  a) SLP Server : blank
  b) NTP: 10.0.0.136
  c) Existing tree : K_TREE
  d) IP:10.0.0.135
  e) FDN: cn=administrator,cn=Users,dc=k2,dc=gov,dc=in
  f) Enter Server Context: dc=k2,dc=gov,dc=.in
  g) Hostname : ADC.k2.gov.in
  We have installed only iManager and edirectory with existing PDC eDirectory.
  Replication done successfully
  IP Hostname Partition Windows without agent Linux LDAP replication home directory in linux
  PDC 10.0.0.136 PDC.k2.gov.in k2 login login done yes
  ADC 10.0.0.135 ADC.k2.gov.in k2 login login done no
  Testing PDC :
  1. Windows 7, successfully joined DSFW domain : k2.gov.in
  2. Windows Users are able to login from edirectory/DSFW users
  3. Linux Users are also able to login with normal shell, but not getting home directory
  Testing ADC :
  1. Windows 7, successfully joined DSFW domain : k2.gov.in
  2. Windows Users are able to login from edirectory/DSFW users
  3. Linux Users are also able to login with normal shell, also getting home directory
  Query : In PDC (DSFW Domain k2.gov.in) Linux users are getting shell but not getting Home directory in RHEL-6.5, but ADC (DSFW Domain k2.gov.in) Linux Users are getting shell as well as Home directory also.

• LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP

  Hi.
  I created sharepoint 2010 site with LDAP FBA.If I add the AD user as form based user and try to login to my site its working very well but if I add a AD Group in to my site and try to login with one of the AD user of this group its say "Access
  Denied".
  In my project we want add AD group in sharepoin Groups not a individual AD users.
  Can anyone help me with this please its urgant?

  I added both LDAP membership and LDAP Role provider.And I can also find groups in people picker in my Central Admin and FBA Web app site colleciton.  
  <add name="ADMembers"
  type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
  server="company.com"
  port="389"
  useSSL="false"
  userNameAttribute="sAMAccountName"
  userContainer="DC=company,DC=com"
  userObjectClass="person"
  userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
  userDNAttribute="distinguishedName"
  scope="Subtree"
  enableSearchMethods="true"
  otherRequiredUserAttributes="sn,givenname,cn"
  />
  <add name="ADRoles"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="Company.com"
  port="389"
  useSSL="false"
  groupContainer="DC=Company,DC=com"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="(ObjectClass=group)"
  userFilter="(ObjectClass=person)"
  scope="Subtree" />

• OS X 10.10.2 Server 4.0.3 Wiki User Login Issue

  I have an Apple wiki that seems to be running fine for all but one user.
  Now, when that user tries to login it just sits there and does not process the username or password.
  When you go to All People that user is no longer listed there.
  We authenticate via Active Directory.
  Where should I start trouble shooting?

  After the user attemps to login, when they return to the page they get this until they clear their internet data from Safari:
  Caught exception "[<CSEntityPlaceholder 0x7fbc404fb9a0> valueForUndefinedKey:]: this class is not key value coding-compliant for the key externalID." [NSUnknownKeyException] executing route /app-context/wiki:
  0 CoreFoundation 0x00007fff90a3966c __exceptionPreprocess + 172
  1 libobjc.A.dylib 0x00007fff8d20d76e objc_exception_throw + 43
  2 CSService 0x0000000100dbf569 -[CSLocalServiceProxy forwardInvocation:] + 1278
  3 CoreFoundation 0x00007fff909838a6 ___forwarding___ + 518
  4 CoreFoundation 0x00007fff90983618 _CF_forwarding_prep_0 + 120
  5 CSService 0x0000000100de86f3 __27-[CSAppContextService init]_block_invoke234 + 180
  6 CSService 0x0000000100dcfaf4 __53-[CSRoutingHTTPConnection httpResponseForMethod:URI:]_block_invoke + 92
  7 CSService 0x0000000100dd30ea -[CSHTTPBackgroundResponse bounce:] + 284
  8 Foundation 0x00007fff9523c90a __NSThread__main__ + 1345
  9 libsystem_pthread.dylib 0x00007fff8c145268 _pthread_body + 131
  10 libsystem_pthread.dylib 0x00007fff8c1451e5 _pthread_body + 0
  11 libsystem_pthread.dylib 0x00007fff8c14341d thread_start + 13

• End User Training Issues

  Hi All,
  What all issues must be taken into account while creating enduser training materials/documents.
  Also when does the preparation of enduser training material starts typically. I mean at which phase of ASAP.
  Thanks
  Dev

  Enduser documents should contain more screen shots and less explanations so that users will appreciate the functions. The document should explain the important fields to be entered in the screens and give step by step procedure for carrying out periodic processing activities.
  The enduser training should ideally start in the testing phase ( After realisation)
  SIVA

• Exchange 2003/2010 Coexistance - User login Issue

  Hello
  We have deployed Exchange 2010 SP3 in coexistance with 2003 and created connectors.
  2003/2010 both Users are not able to login on 2010 OWA and error showing that username/PW is wrong although they are working on OWA 2003 perfectly.
  When i add the same user to the local admin group on the Ex2010 server, it works fine with email send/receive. i am confused please suggest what i am missing....Regards
  Waseem

  Hello
  This is the error that occured during that time.
  SACL Watcher servicelet encountered an error while monitoring SACL change.
  Got error 1722 opening group policy on system SERVER.DOMAIN in domain MYDOMAIN.
  Event ID 6003
  Source : MSExchange SACL Watcher
  i am not sure if its related to this problem.
  Secondly i have also tested to run the "Microsoft Exchange Active Directory Topology Service" with a new user having all the rights of exchange & AD groups but its showing giving the error that it cant run the dependency
  services. currently this service is running with the local account rights.
  I just add the test users (moved from 2003 and new user created in 2010) to the local admin group and it works fine, please give any idea what may be the problem in rights or something else ??
  Regards
  Waseem

• Wiki Server - AD User Login Issues (8002)

  I'm in the process of getting wiki server functioning in an AD integrated environment. We have login, portable home directories, and many other integrated services working properly, but I'm having trouble with wiki server. When logging in to the server using OD credentials, things function properly. However, when logging in with AD credentials, users are presented with "Invalid Session (8002)" in a web browser popup, and the server notes the following in its error logs:
  2008-07-02 09:29:45-0400 [HTTPChannel,12,127.0.0.1] Unhandled Error
  Traceback (most recent call last):
  File "/usr/share/caldavd/lib/python/twisted/web/http.py", line 598, in requestReceived
  self.process()
  File "/usr/share/caldavd/lib/python/twisted/web/server.py", line 150, in process
  self.render(resrc)
  File "/usr/share/caldavd/lib/python/twisted/web/server.py", line 157, in render
  body = resrc.render(self)
  File "/usr/share/wikid/lib/python/applexmlrpcserver/WebAppServer.py", line 70, in render
  d = defer.maybeDeferred(function, request, *args)
  --- <exception caught here> ---
  File "/usr/share/caldavd/lib/python/twisted/internet/defer.py", line 107, in maybeDeferred
  result = f(*args, **kw)
  File "/usr/share/wikid/lib/python/applexmlrpcserver/WebAppServer.py", line 91, in xmlrpc_login
  session = SessionHandler.sessionHandler.sessionForID(session_id)
  File "/usr/share/wikid/lib/python/apple_utilities/SessionHandler.py", line 155, in sessionForID
  return self.authProvider.avatarForSession(sessionid)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 349, in avatarForSession
  return self.sessionFactory.getSession(sessionId)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 210, in _func
  return f(self, *args, **kwargs)
  File "/usr/share/wikid/lib/python/apple_utilities/Authentication.py", line 269, in getSession
  raise InvalidSessionError(sessionId)
  apple_utilities.Authentication.InvalidSessionError: Invalid Session:
  2008-07-02 09:29:45-0400 [HTTPChannel,12,127.0.0.1] 127.0.0.1 - - [02/Jul/2008:13:29:44 +0000] "POST / HTTP/1.1" 200 1758 "http://cts-fs01/groups/cts/" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 1054; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1"
  Any suggestions or ideas? Smells like a bug to me unfortunately...
  Many thanks,
  Josh

  Clear text authentication must first be enabled for both Wiki and iCal in order for certain functionality to work in the OD/AD config. So there are a couple of workarounds that must be applied.
  For Wiki, there is a KBase article that provides instructions and background info on this subject:
  http://docs.info.apple.com/article?artnum=306750
  For iCal, you must edit the caldavd.plist file for the following:
  <key>Authentication</key>
  <dict>
  <key>Basic</key>
  <dict>
  <key>Enabled</key>
  <false/> <----- change to true
  </dict>
  <key>Digest</key>
  <dict>
  <key>Algorithm</key>
  <string>md5</string>
  <key>Enabled</key>
  <true/> <---------- change to false
  <key>Qop</key>
  <string></string>
  </dict>
  <key>Kerberos</key>
  <dict>
  <key>Enabled</key>
  <true/>
  <key>ServicePrincipal</key>
  <string></string>
  </dict>
  </dict>

• End User Unlock and Password Reset in GRC AC 10.0

  Hi Dears,
  I have an issue related to End User Unlock and Password Reset.
  We maintained Data Source as SU01 in SPRO, So that User can able to access GRC Application through End User Login with ECC System login
  Details for raise a request.
  If user is locked or forget ECC system password, then user not able to access GRC Application through End User Login with ECC System login Details for Unlock or reset Password.
  In this situation, how user can unlock or reset the Password for ECC System.
  Could you please provide the solution to resolve the Issue.
  Note:- No LDAP or Acitive Directory.
  System Details :- GRC AC 10.0 , SP12.
  Regards,
  Karnatak.

  Hi Rupesh
  That was my warning on the post I linked you to
  Quite a few PSS solutions have this as a setup (even SCN). The key thing you are reliant on is that the email account must be restricted to only the user to receive the password/link as well as appropriate Challenge Response Questions defined as part of their registration.
  But yes, they can technically enter any User id to request the password and if they know the answers to the questions then they will get the password issue.
  Your alternatively is to introduce another system (i.e. AD which you ruled out) or see if there is a way to introduce a second factor authentication (I don't believe this is delivered with GRC).
  Regards
  Colleen

• Anonymous User Login

  Hi All,
  I have an issue with 'Forgot Password' button in the end user login. When a Forgot Password button is clicked, a Question Login workflow will trigger (I think I am right?) .Now I would like to customize the 'Question Login' workflow as per my requirements, but unfortunately I am not, I modified the system configuration object, but still with no luck I am not able to customize that workflow.
  So I thought of using anonymous login page and I can launch my own workflow as per my requirements. I have registered my workflow at 'anonymous end user tasks'. and I try to launch the anonymous login page using the url 'http://localhost:8080/idm/user/anonlogin.jsp'. I am getting the following errors.
  An unrecoverable error has occurred processing the request. Contact your system administrator.
  Syslog ID = LG-1111-024933.
  Only the Reset Administrator may access this view.
  I don't know, where I am doing wrong. For the first time I am trying to use anonymous login page.
  Did anybody faced similar problems?
  Can anybody please post some points, like what is the procedure to use a Anonymous login page?
  Thanks in advance

  Well, first, I visited Configure > User Interface, and enabled Anonymous Enrollment.
  Next, I went to user/login.jsp, and saw "Request Account". I clicked on it, and up popped the user/anonEnrollment.jsp page. (I was looking at using this for one of our requirements; turned out I didn't need it, and did something else).
  Anyway, a quick check with Live HTTP Headers for Firefox shows that the post was directly to anonEnrollment.jsp; anonEnrollment.jsp has this at the top:
  String anonUser = LoginHelper.getAnonymousUser(session);
  if (anonUser == null) {
      String url = "user/login.jsp";
      LoginHelper.redirect(req, out, url);
      return;
  }Not a huge amount of help. However, it does establish that there is an "getAnonymousUser" method, which is documented to return "the currently registered anonymous user name if any". And reading the Workflows, Forms, and Views manual, it states that the anonymous main page is for "... when a user who does not have a Identity Manager account logs in, an Identity Manager user object is created ...". Basically, if you're using pass through auth, and have a source system that will let a user authenticate, they can then set themselves up.
  So, I visited "anonmain.jsp" after clearing all cookies, and up popped "anonlogin.jsp", with a login box. I entered "anonymous", and lo!, I was logged in, and saw the anonymous user menu. In other words, I was "provisionally" logged in with an account that doesn't really exist (anonymous).
  However, I had to provide that extra bit of information, namely, my "fake" user name of "anonymous". I don't know how you'd do that without JSP customization.
  Basically, "anonymous" means "has a username, but we don't have an account", rather than "truely anonymous" as near as I can tell. The system will do it for you in the case of "Request Account" (the generated login page has some Javascript code to redirect to anonEnrollment.jsp), but it doesn't seem to be an exposed API.
  You might get somewhere with customizing the "Request Account" string in the messages catalogue, and then customizing the anonymous enrollment workflow.